A few days ago, Google sent out this notice to website owners to inform them of a change in security behavior starting with Chrome Version 62.
To owner of domain.com,
Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
The following URLs on your site include text input fields (such as < input type=”text” > or < input type=”email” >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive.
Google email dated August 17, 2017
The email further provided links to content on the recipient’s server that is accessible as non-secure HTTP links. Furthermore, the company also provided a link to a Google article explaining HTTPS and how to secure the site.
Starting in October 2017, Google Chrome—the browser used by almost half of all eBay buyers—will begin displaying the message “Not Secure” in the address window when users visit standard HTTP pages, and HTTPS pages that include nonsecure HTTP content. eBay believes that the “Not Secure” message may deter shoppers from buying and impact your conversion rate. eBay is taking steps to make sure that your buyers won’t see this message and can access your listings securely.
To prevent the “Not Secure” message from deterring buyers, here’s how we are changing the experience:
- If your listings contain HTTP content and your buyer is on a desktop, buyers will see a snippet of the description and a link to click for the full description. If you want your listings to show the complete item description, you will need to remove HTTP content from your listings.
- The experience is unchanged for mobile buyers.
How do you know if your listings contain HTTP content?
- You can use the i-ways tool to identify listings that contain HTTP.
- eBay will email sellers who have listings that contain HTTP, starting August 28th. If you do not get an email from eBay on this topic, no action is needed.
Sellers who have non-secure content in their listings should reference the HTTP page within Seller Celler for detailed guidance on how to update their listings.
Additionally, eBay has been working with third-party providers to ensure they’re ready for this change. Many of them will provide bulk editing options to remove HTTP from your listings; see a list of providers here.
- eBay will begin using the HTTPS communications protocol for all listings starting in October. In the future, eBay will move all eBay store pages to HTTPS.
- Be sure to keep your listings updated so they comply with eBay listings policies:
- Include product identifiers, especially Brand, Size, Color, Condition and UPC codes
- Do not include contact info and links to off-eBay websites.
EBAY HAS A LEGITIMATE CONCERN ABOUT GOOGLE’S TIMING
eBay states in the response above that they are concerned about this change impacting conversion and sales.
While there is probably never a good time to make such a major change without impacting sellers and websites, the fact Google is pushing for this in October is a bit strange.
Typically in the last quarter of the year, eCommerce companies, payment processors, etc. do not roll out major changes that can impact sales. Even a small outage or unintended feature (bug) can have a disastrous impact on sales.
We applaud eBay coming front and center with this potential problem. All eBay sellers should take the time now to double and triple check their listings will work with the new security standard set by Google.
We like to hear your thoughts on this Google change and timing. Let us know in the comments section below.