Online shops: preparing for holiday shopping

Today I ordered half of the family gifts at various online stores, mainly choosing large trading floors, as small business representatives, alas, do not always provide an adequate level of comfort and safety when shopping at their online stores.

Although, to be honest, I was not completely satisfied with the fact that the “mastadonts” also offered.
More precisely, not that I was not happy, but just fixed in my brain the thought that came to me a couple of months ago after getting acquainted with the result of a survey conducted by Symantec in conjunction with professionals. Ru on the topic of users' attitude to security when conducting online transactions.

One of the numbers that struck me the most is that 86% of users are afraid of making transactions, while only 20% really refuse to produce them ... Apparently, the remaining 66% are afraid of the eyes and hands.
')
The first logical question is: “Why be afraid if traffic is transmitted over SSL.” I found the answer in the same survey. Only 24% of respondents are looking for signs of cryptography on the site.
And again the question: "We do not know what SSL is?"

Tell me, many of you are checking whether the site uses a secure connection?
I'm sure many people thought, “What are you asking us about? Of course ... ”At least I would be glad if you thought so.

But practice shows that only three categories do it all the time: paranoid, too attentive, too free (who have no business but to check for certificates).
Ordinary people, even those who know what SSL is and why it is worth checking whether a secure connection is used, forget to do it (either in a hurry, or through inattention, or for any of many other reasons).
And then I almost got the idea from which I started this post: "The vendors are to blame for everything, they have invented a technology that requires constant attention of users."

Attention training is a good thing, but not everyone is willing to pay for it by losing money from their account, and some simply don’t have time for it.
That is why vendors thought and decided to make life easier for ordinary users. Certificates with the Extended Validation function were invented and the browsers immediately learned to identify them and visualize it very clearly. A long-time study showed that almost 100% of users always notice that the address bar has become highlighted in green.
By the way, for those who have forgotten what it looks like (something like this):



But then our Russian and friendly brother was waiting for the villain-fate . In the .ru zone, unfortunately, there are still so few EV-certificates that anyone who finds such a similar one can be celebrated as a holiday.

Why is this happening?
Maybe the creators of our sites do not know about EV? Hardly…
Maybe they want to be like everyone else? Then it's time for someone to start breaking out of the gray mass ...
And maybe it was someone's will from above? Now conspiracy theories are very popular. Then we will organize the X-thousand protest rally in the name of protecting such a wonderful technology. Thank God, the rally technology has been perfected lately to perfection.

I think everyone already understood what thought came to me after spending a few hours on the Internet and searching for gifts. That's right “There are great technologies that allow users to make transactions and not be afraid of anything. Why not use? Site owners, we are not sleeping, it's time to act. ”

And lastly, I would like to remind you that the holiday season is coming, which is traditionally famous for the increased activity of Internet fraudsters.
In this regard, a couple of requests / advice to site owners and users.

For owners:
- Pity users, use EV-certificates. They are not much more expensive, but much more convenient. By the way, judging by the statistics, it is more profitable for you, since bring more sales.

To users:
- Check the security of sites (https in the address bar; a lock displayed in the browser). If the site owner does not care about you, then take care of yourself. Sometimes it is better to feel paranoid, rather than seek the bank to return the stolen money.
- Avoid pop-up ads. They do not carry anything good_.
- And, of course, use good anti-virus protection on your workstations.

ps: for those who care more importantly, you can teach the browser not to distinguish an EV certificate from a regular one and train and train again. Good luck to you in this difficult battle!