You never know who may be tracking you when you’re on the sites of Bank of America, Progressive, or Walmart and, often, neither do any of those companies. Ghostery, a provider of free apps that let consumers identify and block company tracking on website pages, decided to examine instances of non-secure digital technologies firing on the sites of 50 leading brands. What they found was troubling.
One-hundred percent of insurance, retail, and airline websites had security blindspots, as well as 90% of financial and news sites. Ghostery defines blind spots as non-secure tags that are present without the permission or knowledge of the host company.
“Companies have very little understanding of what’s happening on their websites,” says Ghostery CEO Scott Meyer, who says he became obsessed with Internet security during 10 years at the New York Times Company, where he served as GM of nytimes.com. “The problem is not with any of the companies’ marketing stacks, it’s with their own tech stacks. What these companies have now is marketing clouds, not websites, and they’ve gotten complicated and hard to manage it.”
Retail Web pages hosted the highest concentrations of non-secure technologies. Ghostery identified 438 distinct non-secure technologies on the websites of 10 top retailers, which included Costco, Overstock, Kohls, Target, and Walmart. Financial sites displayed 382 blind spots, and airlines 223. Individual financial and retail company websites averaged more than 100 non-secure technologies on so-called secure pages.
Security prowess differed greatly among brands. “There was a really wide range of sophistication relative to how companies used their marketing clouds, especially in retail,” Meyer said. “Amazon is incredibly sophisticated; others are not. Retailers have a big challenge. The average transaction price is low, so volume is high.”
With Google now indexing companies higher in search based on their security ratings, dealing with the problem is crucial for marketers, Meyer contends. He also notes that bad actors, such as bot networks, often gain entry to websites via non-secure technologies. “Companies need to audit their websites to identify the non-secure tags and set up alerts in their systems,” he says.
Other companies monitored for the study included American Airlines, United Airlines, Chase, Wells Fargo, Allstate, Geico, the New York Times, and the Wall Street Journal.