Why aren't top commerce sites using AOSSL?
December 13, 2012 3:33 PM Subscribe
Question for the hard-core commerce and security geeks: Always-on SSL, or AOSSL.
Last spring The Online Trust Alliance
, or OTA, started a PR campaign to convince folks who manage web sites to use SSL to secure the entirety of their web sites — not just forms and checkout pages. OTA points out that some large social sites (Twitter, Facebook, Google) — folks for whom the customer is the product — have implemented AOSSL, or are in the process of doing so.
Who I *don't* see coming on-board are large and highly trafficked e-commerce sites. By my survey, none of the top 100 eCommerce vendors (using Internet Retailer's list) have implemented AOSSL, and I'm wondering if there's a reason why... (more inside).
posted by deCadmus to Computers & Internet (8 answers total) 1 user marked this as a favorite
The benefits of using SSL to secure customer privacy and customer payment information at checkout are well-established; SSL is not merely a confidence-builder for the shopper (although it's that, too) but the foundation of a secure transport that safeguards customer data from those would steal it. Extending SSL is, in concept, simple enough: secure the *entire* web browsing experience by wrapping it in a safe, encrypted session. I might imagine some modest tax to page transport performance and a similar tax on server capacity… if that's the entirety of the cost, however, why wouldn't every larger retailer be adopting AOSSL? Am I missing something… ?