: Non Secure Ecommerce Website effects For the past couple weeks now we have seen a non-secure warning displayed on our site where the SSL/Security info for a website would normally be displayed

@Shelton105

It is a serious issue for all the aspects that @tim has written in his answer. I don't want to go further because he covered with simple words all the topics.

I want just to suggest,
If the SSL/TLS implementation is not possible on all your webpages, you can just implement SSL/TLS only on the core webpages of your website which needs the encryption of the sensitive data. This solution is acceptable by Google rules about the SSL/TLS. You can see also a brief suggestion about that on your google console.

e.g.
SSL/TLS (https) on the login pages, and pay the order page where the payment card details should be inputted in the proper fields.

Vote Up Vote Down

@Lengel546

Yes, this is a significant issue, and it should be resolved urgently.


SEO: Google announced in 2014 that not having SSL/TLS will have a negative effect on ranking. See here for some SEO analysis. Basically, it has an effect, but it's not that large. Yet. I would assume that the effect will increase in the future. Google is a big supporter of SSL/TLS, and recent developments - updating the Chrome interface, publicly chastising the largest certificate issuer for poor practices - indicate that they do plan to get active.
Security: Any site that handles user data in any form should support SSL/TLS for security and privacy reasons. For an ecommerce site, not having SSL/TLS is completely unacceptable (even if you use an external payment processor, you likely collect some data such as usernames, passwords, and possibly what users buy, where they live, etc). If an ecommerce site doesn't even support SSL/TLS, I would also be surprised if it didn't contain other, even more serious security issues. Others will likely make the same assumption, making you a more likely target.
User Satisfaction: As you mentioned, at least some users will be put off. I would suspect that the amount is non-negligible, and I would also suspect that the amount should have increased considerably after Firefox started displaying a prominent warning on password fields, and that it will only get worse, as Chrome will make its warning more prominent.
Image Problems: See above; Not having the basic security measures in place that are expected can lead to image problems.
Potential financial loss: Depending on how exactly your website works - especially how the addition and editing of products and the payment process are handled - this may lead to financial losses (in addition to the losses because users do not want to use unsafe platforms).
Legal Problems: I'm assuming that you are using an external payment processor, but if you yourself handle credit card info, you would need to follow the PCI DSS which mandates SSL/TLS. Depending on your location, you may be required to provide SSL/TLS even if not handling credit card data, but other user data (username, password, name, address, telephone number, email address, etc).

Vote Up Vote Down