Consumers simply want e-commerce to work smoothly and securely. How should e-commerce businesses keep them happy?

In a recent survey of large retail and consumer brands conducted by Forrester Consulting, 40% of respondents say they suffer from customer-impacting disruptions, which could cost up to UDS$1 million a month.

Many respondents also mentioned that downtime has resulted in lost revenue, compensation to customers and additional time required for resolution.

Additionally, 44% of global consumers are not bothered by which shop or site they prefer for purchases or transactions, with these respondents taking a “as long as it works” stance. All the more reason why ecommerce companies need to take the necessary steps in ensuring that their users’ interactions with their brands must not only provide great customer experience, but also reassure users on the privacy and security of their data.

Besides security, e-commerce businesses need to ensure that they prioritize improving website and application load times speed to reduce bounce rates and improve customer experience.

CybersecAsia discussed e-commerce security and web performance wit Ajay Kapur, Chief Technology Officer, General Manager, Applications & Security, Edgio:

What kind of cybersecurity threats do e-commerce businesses face, and what are some solutions that would help mitigate these threats?

Ajay: E-commerce businesses are currently facing a multitude of cybersecurity threats such as with malicious bots, API abuse, and Distributed Denial of Service (DDoS) attacks.

Bot traffic – currently one of the more salient threats in the sector – has become increasingly evasive and has led to the prominence of account takeover fraud in recent years. A single successful attack can incur losses of around US$12,000, and the industry is currently poised to see an unprecedented rise in the field of new account takeover methods.

Amidst the explosive growth in both numbers and diversity of devices, and the transformation to digital, it has led to a concerted boom in API usage to support them. However, many APIs are exposed to the threat with zero or minimum protection. These threats involve bad actors gaining unauthorized access to sensitive data, injecting malicious code into API requests, exploiting flaws in authentication and session handling, executing malicious scripts on client-side applications, and tricking authenticated users into performing unintended actions on APIs – in fact, these attacks have increased by 681% over the past year.

On that point, DDoS attacks have become a major threat to the sector. While not directly targeting the users, this form of cyberattack can take down or slow down the targeted website by flooding the network, server, or application with false traffic – adversely affecting users’ buying experience, affecting the conversion rate, and thus causing huge losses to the business’ wallet and reputation. A single DDoS attack costs a company US$20,000-40,000 hourly.

Ajay Kapur, Chief Technology Officer, General Manager, Applications & Security, Edgio

Some best practices include:

    • E-commerce businesses can consider implementing robust security measures, such as encryption, access controls, and monitoring tools, to protect against attacks and data breaches.
    • Prioritize PCI DSS compliance and implement end-to-end encryption to protect user data.
    • Adding on a comprehensive web application and API protection solutions – Web Application and API Protection (WAAP) which speeds up response times to vulnerabilities and threats, including a dual WAF mode to predict the impact of a patch before deployment.
    • Implement DDoS Protection which automatically detects and mitigates DDoS attacks before they impact your web infrastructure.
    • Adopting Origin Shield, which provides an intermediate caching layer reducing requests back to your origin, improving availability and helping you lower egress costs.
    • Transport Layer Security (TLS 1.2+) which encrypts information in transit to prevent data theft and other tampering.
    • Bot Management to accurately determine if an application request is from a fraudulent source and mitigate it.

With consumers having greater awareness around how their data is being kept secure, what are some ways in which e-commerce companies can protect users throughout their customer journeys?

Ajay: Customers in the present day expect data privacy in all aspects of their digital interactions online. According to PCI Pal, 83% of consumers will stop spending with an organization immediately after a security breach, with over 21% of these consumers never returning. It is imperative that e-commerce brands do not break their consumers’ trust, and instead, invest in bolstering their cybersecurity posture through edge security products and solutions.

Edge security products add an additional layer of security, even on top of a business’ cached content, and provide security for third-party SaaS/PaaS partners you depend on. Additionally, edge security products are also more advanced, leveraging AI and other tools to react intelligently to threats.

Edge security ensures robust security measures for computing processes that take place at the outermost perimeters of an organization’s network – acting like a gate to your community and alarms on your windows. If any threats are detected, businesses are alerted in real-time and can deploy rules instantly at scale with higher accuracy – generally 60 seconds or less.

For example, edge security products are designed to identify and mitigate various types of attacks that target customer-specific systems and data, such as robust botnet attacks, zero-day threats, credential stuffing, CVEs, or Distributed Denial of Service (DDoS) attacks. It’s even possible to identify bots that attempt to mimic human interactions by leveraging AI/ML and traffic behavioral modeling.

Edge-enabled solution providers, such as Edgio, empower e-commerce businesses in driving value at every stage of their customer’s journey through a holistic security and performance solution that ensures the safety of confidential data whilst delivering frictionless user experiences throughout the customer’s pre-checkout to post-checkout phase.

How can e-commerce companies efficiently dedicate resources towards both performance and security?

Ajay: The key piece to the puzzle of efficient resource allocation lies in the implementation of an edge-enabled holistic security solution. By leveraging these solutions’ extensive, globally distributed platform, enterprises are afforded comprehensive protection across networks and applications without a single point of failure or performance bottleneck.

At the same time, companies can rely on the massive scale and resiliency of these capabilities to ensure their sites’ uptime during high traffic periods such as big sales events. Additionally, e-commerce organizations will also be able to leverage real-time performance and security analytics and threat detection to ensure their customers’ personal information is secure and protected.

Security solutions that provide easy integration and automation can enhance IT workflows and enable quick deployments of security updates to keep up with the evolving cyberthreat landscape. Platforms like Edgio’s provide developers with a single pane of glass with visibility and control to efficiently manage their application performance and security.

By implementing these strategies, e-commerce companies will be able to improve the performance and security of their website and applications through addressing cybersecurity threats, keeping web apps and APIs fast, thus driving growth, loyalty and revenue.

What are some of the lesser-known gaps in achieving scalable optimal web performance?

Ajay: Some gaps businesses may have missed include:

    • Using prefetching techniques. Prefetching entails reading and executing instructions before a user initiates them. This is a highly effective technique if the brand can anticipate user actions and, for instance, load some content or links in advance. UX specialists and engineers are more likely to understand user behavior and make “hints” for browsers to do prefetching work.
    • Reducing redirects. Website redirects create additional HTTP requests which negatively impact performance. Ideally, enterprises keep them to a minimum or eliminate them entirely.
    • Core Web Vitals. An important metric for measuring website performance, e-commerce companies should take heed of Google’s Core Web Vitals (CWVs) as Google considers these as part of their page ranking algorithm, and companies who maximize their website’s performance based on CWVs not only enhances the experience for your users but improves your search engine ranking.
    • Content Delivery Network. When all data required to fully load your site is stored in one place, load times will suffer. Instead, enterprises should look towards collaborating with CDN providers to optimize the content delivery speed and improve the overall user experience. For a CDN solution to work effectively, it needs to be configured in a manner that is cohesive with the underlying website technology, often known as the “tech stack”.
    • Optimizing Images. Images are often the largest content element on a website, so optimizing them can significantly improve Largest Contentful Paint (LCP). Businesses can compress images without compromising quality, use modern image formats like WebP, and implement lazy loading to only load images when they are needed.
    • Reducing server response time: Server response time is the time it takes for a server to respond to a request from a user’s browser. Ecommerce businesses can improve their server response time by using a high-quality web hosting service, optimizing their database queries, and minimizing the use of third-party scripts.