Are we in a security era of ecommerce?

Internet security was the hot topic of 2018. There was legislation, and deadlines, and scandals, oh my! From GDPR to the Facebook Cambridge Analytica scandal, to Google’s push for better website encryption, internet security has been pushed into the public consciousness, and it seems it’s there to stay.

This new-found awareness of internet security is slowly but surely impacting the way we behave – and buy – online.  The security era of ecommerce has commenced. Let’s explore the changing views of online security, and the legislation, deadlines and scandals that have led us here.


May 2018 saw the introduction of two legislation deadlines from the EU surrounding data protection and internet security. The first of these was the NIS directive, which came into effect on May 10, and the second was GDPR on May 25.

The General Data Protection Regulation affected ecommerce far more explicitly than the quiet NIS Directive. It had us all worrying about data consent and effective data protection processes. GDPR directly and explicitly changed the way ecommerce businesses collect customer data, with a new emphasis on consent. All ecommerce businesses handling the data of European customers are now being held accountable for the collection and protection of personal data.

The NIS Directive, on the other hand, was less disruptive and less talked about than GDPR. This piece of legislation seeks to raise resilience of networks across the EU. While it doesn’t apply directly to all ecommerce companies, it does represent the security-oriented thinking now permeating internet law. GDPR focuses on the protection of personal data, but the NIS Directive is focused on improving overall network security.

These legal changes represent a shift in the way brands are being held accountable for security. The law is compelling businesses to improve cybersecurity and privacy processes, and consumers know it.


Internet security related deadlines haven’t just come from EU legislation, however. In July 2018, Google threw their hat into the ring. July’s deadline called for ecommerce sites to swap their ‘HTTP’ level domains for ‘HTTPS’.

This new initiative means that sites that fail to meet the HTTPS deadline are being penalised. Users landing on a non-HTPPS site from a Chrome browser now see a ‘not secure’ warning upon their attempted entry. For ecommerce sites, this warning can be enough to drive otherwise promising leads away. Few people want to enter payment details to a site labelled as insecure.

In fact, over the past few years, online security practices and restoring user control have been focus points for Google. Their HTTPS deadline is just another move to boost network security and data protection.

So, there are powerful forces – including legislation and Google – behind the move to a security-focused internet. With so much attention on security, it’s easy to see how we could be in a security era of ecommerce and online interaction. But what’s prompted this shift?


These deadlines are not without cause, and it’s not just new security legislation that’s been making the rounds. There have been plenty of recent data breaches, privacy scandals and cyber-attacks to fuel the rise of a security era for ecommerce.

To start, there’s the 2017 WannaCry ransomware attack, a worldwide cyber attack that affected more than 300,000 computers across 150 countries. The widescale attack brought the threat of malware and cyberattacks to the attention of the whole world.

People started talking more about online security, and cybercrime continued to rise.

“Businesses are being targeted by cybercriminals on a scale never seen since the launch of the world wide web.”

— Stephen Parker, The Conversation Engine

Hotels, restaurants, gyms, retail, insurance, finance, medical records, even mattress sales. No business with any online presence is immune to cyber-attacks. And customers are growing painfully aware of it.

Then, of course, there’s the behemoth that is the Facebook Cambridge Analytica scandal. This ongoing security horror story saw thousands of online customers victimised, and caught the attention of millions more with allegations of influencing the 2016 US election.

Oh my!

The new focus on security for customers is being fed by (understandable) fear of breaches and leaks. Legislation is now reinforcing the idea that security is imperative, that there is a danger to sharing our data. And the deadlines from Google are showing that security is being taken seriously.

Ecommerce sites that fail to focus on security will likely get left behind by savvy customers. Very few products are 100% unique any more — it’s what led to the experience era of ecommerce and marketing. With everyone pushing for the best customer experience, leading cybersecurity can help ecommerce brands stand out again.

Cybersecurity is now firmly at the forefront of everyone’s minds — including ecommerce customers. Thanks to the publicity of the legislation, the scandals and the deadlines, we’re all more security-conscious. We have unprecedented control over what data we share, and ecommerce sites must now share why they collect the data that they do.

The security era

So, when ecommerce sites can boast strong security and offer customers even more control over their data, going above and beyond what’s legally required of them, it’s going to be noticed. A good customer experience is one that incorporates customer security as part of the package.

An ecommerce site with weak security isn’t just putting customers at risk, it’s gambling with its reputation. This, then, is the security era of ecommerce.

Note: we originally published this article here: