Google Gets in a Trusted Stores Encryption Tangle
Aug 21, 2014 1:59 PM PT
A conflict between Google's push to make the Web more secure and its Trusted Store program may be costing at least one business money.
Think of the badge as the equivalent of the Good Housekeeping Seal. Having it could boost a site's revenue.
Pegasus co-owner Christopher Heitman applied for a Trusted Stores badge in 2012 but was turned down because all his site's pages were encrypted.
Google reportedly told him that the Trusted Stores program is not compatible with HTTPS when the protocol is used for non-sensitive pages such as a site's home page or product listings.
The Trusted Stores program requires applicants to encrypt only pages that contain sensitive information, such as home addresses and credit card numbers.
Heitman applied again this month and once again was turned down.
The Trusted Stores badge "is designed to be suppressed and not show up on secure pages," Google reportedly told Heitman in an email. "However, per the program guidelines, it is required that the badge must be displayed on all pages of your site."
The Google policy "is as clear and easy to understand as a bowl of spaghetti," Jeff Kagan, a technology industry analyst, told the E-Commerce Times.
Securing the Web
Google recently announced that it would, in effect, give encrypted Web pages more weight in its search algorithms, resulting in higher rankings.
Higher rankings lead to more traffic and more revenue.
The move is the latest in the company's years-long push for a more secure Web. It essentially forces businesses to encrypt their e-commerce websites if they want to remain competitive.
What a Google Trusted Stores Badge Indicates
Businesses participating in the Trusted Stores program are ranked on customer service and shipping. To get the program's badge, they must ship a high percentage of orders on time.
Further, they must resolve a high percentage of customer complaints quickly, and they must receive a low number of order-related complaints.
I Want You to Want Me
Businesses awarded the Google Trusted Stores badge can place it on their website.
Hovering over the badge on a business' website will let prospective customers view all the relevant customer service and shipping statistics. They also can opt in for US$1,000-worth of lifetime purchase protection, which covers the product, shipping costs and any taxes.
Purchase protection lets customers turn to Google's Help Center if a merchant cannot help them when problems arise, or if the customer is not satisfied with the merchant's proposed solution.
Stop the Madness!
"Our Trusted Stores program has always required that merchants have HTTPS for all pages that handle personal information, such as checkout and order confirmation pages," Google spokesperson Anaik Weid told the E-Commerce Times.
This means pages not containing personal information don't have to be encrypted, as Heitman found to his cost, but that's not a sound policy because hackers can penetrate a site through the unencrypted pages.
The conflict between the requirements of the Google Trusted Store policy and Google's insistence that websites encrypt their pages "will cost e-commerce stores money," Kagan pointed out.
"As a priority, we're working on a solution to display the badge for stores who are moving their entire sites to HTTP," Weid said.
We Need a Fix
"Google is going to have to fix the problem and make Trusted Stores work with encryption," Greg Sterling, vice president of strategy and insights at the Local Search Association, told the E-Commerce Times. "Otherwise, it will be forced to either abandon the program or go back on its push for encryption."
The latter choice is unlikely, so unless a technical fix can be found, the program would have to be aborted, Sterling said.
In the meantime, online stores will just have to hunker down and pray.