SSL Certificate Trends for Top 100 Retailers in 2012 – What’s Changed?

In 2010, I took a look at the SSL Trends for the Top 100 Retailers. Fast forward to 2012, and I wanted to see how things have changed for these same online stores.

A few interesting trends have emerged two years later…

Recap of 2010

In 2010, 14% of the top 100 retailers were using an Extended Validation (EV) SSL Certificate. An EV SSL cert is the one that turns the browser bar / padlock green when the page is secure.

Akamai, Verisign, and Usertrust were the top 3 SSL vendors of choice.

13% of the top 100 retailers had either insecure content on secure pages, or no SSL sign-in ability.

EV SSL in 2012

In 2012, 22 of the top 100 retailers now have an EV SSL certificate. That’s an increase of 57% (or 8 more EV certs) over 2010. Both Comodo and Verisign added 4 EV certs.

If you remove Akamai from the numbers (as Akamai is not a public SSL vendor and does not offer an EV certificate), then 22 of the 60 retailers remaining offer EV (37%).

SSL Security in 2012 takes a nosedive

27 websites out of 100 had either insecure content or a non-SSL sign-in page. That is more than double the amount of security issues from 2010.

(8 out of the 22 EV SSL certs had insecure content causing the green bar to not even appear!)

Close to 30% of the top online stores in the world cannot make their pages fully secure. That is appalling.

Vendor breakdown in 2012

Akamai added a few more large merchants in 2012. Verisign was still the second most popular vendor. Comodo moved up from 5th to 3rd, with GeoTrust sliding back a bit.

(update 10/23/2012) – UserTrust is owned by Comodo, so the total of those two should be combined.

SSL Vendor Breakdown

SSL Vendor Breakdown

Conclusions

1. EV SSL certificate use is on the rise

In 2 years, 8 more of the top 100 retailers opted to add EV certs to their sites. 40 of the top 100 use Akamai, which means they don’t have an option to use EV.

For smaller online merchants, I still believe an EV SSL certificate is a great way to display how secure your site is, and stand out from other online checkout processes.

2. Fully secure web pages are not a priority for many large e-tailers

This one shocked me a bit. To see twice as many big merchants have missing padlocks on secure pages just 2 years later was not what I would have predicted.

My guess is with more complicated CSS and JavaScript, it’s become harder for some merchants to make a secure page 100% secure (especially background images called from an external style sheet).

This is one trend you want to avoid as a small merchant. *EVERY* secure page on your site should be 100% secure, and the padlock should *ALWAYS* appear. Anything less, and you risk losing a sale. It’s not worth it.

3. Secure sign-in still not 100%

Four of the biggest retailers had a sign-in page that was not secure at all. That’s one more than 2010. I fully expected this to be at 100% this year.

Don’t be one of the 4 percenters. Make sure your sign-in page is secure. These days it’s not an option.

So there you have it. My 2012 round-up on the state of SSL security for the largest retailers on the internet. I wonder what’s in store for 2014?

Here is the 2012 data from Excel:

SSL stats (click to enlarge)

SSL Stats (click to enlarge)

photo credit

 

Looking for a web host that understands ecommerce and business hosting?
Check us out today!

2 Comments

  1. Michael says:

    Comodo owns Usertrust so there stats are one in the same and should be merged.

Leave a Reply to Michael