Best and worst online retailers for security

Retailers that scored an A despite having some deficiencies in security practices

01 online cart
Thinkstock (Thinkstock)

The holiday shopping season is over, but the quest for improved security continues

A majority of consumers chose to skip the crowds and knocked out their shopping list online this year. The bargain-seeking shoppers were in full force, according to Adobe, which noted that consumers spent more than $5 billion online by the end of the day on Black Friday, setting a new record. Major retailers, like Amazon, Walmart and Target continue to see ecommerce sales on the rise, but not all retailers have raised the bar when it comes to security.

02 impersonators
Thinkstock (Thinkstock)

Lots of potential for hackers impersonating sites

SecurityScorecard studied the security postures of the biggest U.S retailers - Walmart, Amazon, H&M, Saks, BestBuy, Target and dozens more. While many of them are failing to keep up with critical processes needed to protect shoppers’ personal information, there are some retailers that are doing security very well.

03 nice
Mike Mozart (Creative Commons BY or BY-SA)

Who made the nice list?

Sears, Walmart, TJ Maxx, and Saks Fifth Ave are a few companies that earned an A in their overall security ratings. According to Alex Heid, chief research officer, Security Scorecard, “Some of the best performing retailers are keeping their stuff up to date with more frequent patching cadences. When an issue is identified, they are able to quickly remediate.”

04 earn a
Thinkstock (Thinkstock)

How to earn a A

To better understand the security practices of popular online retailers, LastPass identified the top e-retailers based on e-commerce sales in 2015 and analyzed each on a set of six criteria. The retailer then received an overall ranking based on their password requirements, how much information they store, and how much effort they put into helping the customer follow best security practices. So what makes some online retailers more secure than others? Here’s what Joe Siegrist, vice president and general manager of LastPass said will put retailers on the naughty or nice list.

05 http
Thinkstock (Thinkstock)

There is no “security” in HTTP

When visiting an online retailer, the first easy tell if their site is secure is in the address bar. When you get to the website, it will either say “HTTP” or “HTTPS” in front of the URL. The full acronym stands for “Hypertext Transfer Protocol Secure” but the key word there is secure. The website encryption could be weak without the HTTPS protocol, which is why e-retailers like Best Buy, Macy’s, Target and others take security serious from the beginning by ensuring the HTTPS protocol is in place.

06 stipulations
Pexels

More password stipulations, the better

Of course we all know we need to have strong, unique passwords. It’s a good sign when the e-retailer requires a variety of uppercase and lowercase letters, numbers and symbols. Bonus points if they require a lengthy password!

07 biggest
Thinkstock (Thinkstock)

Being the biggest doesn’t ensure the most security

When shopping online, we like to think we are getting the highest quality gift, but what about the highest quality security? Amazon, Walrmart, Wayfair, Nike, and Sears ranked lowest in account security. 

08 strength
Thinkstock (Thinkstock)

A password strength meter is a bonus

Of the top five e-retailers identified, all of them had a password strength meter, so shoppers are aware of just how strong their password is. In order to protect their account information, according to the password meter, the more twists and turns they have in their password the better.

09 persoanl
Pexels

Save your personal information for yourself

While having their address, credit card number, billing and shipping information all saved in their online account for the next shopping trip will be convenient, it also puts them and the enterprise at risk for stolen information. The less information you ask customers to save in their shopping account, the less information a hacker has access to in the event of a website breach. 

10 2fa
Thinkstock (Thinkstock)

The rarity of two-factor authentication

LastPass’ retail analysis found that none of the e-retailers readily offered two-factor authentication (2FA) - meaning that even the most popular and established websites have not yet adopted some of the most essential layers of security.