Ecommerce–What’s happening on your site?

Website structure

Wayward third-party vendors impact site performance, collect first-party data and expose site visitors to malware

Online shopping is now a primary revenue source for many retailers, and its growth trajectory is forecast to continue its double-digit growth rate. With their high-volume traffic and access to consumers’ credit cards, these sites also serve as revenue sources for hackers and fraudsters, who find retailers’ reliance on third-party vendors especially appealing. They gain access to sites by compromising legitimate third-party vendors.

Pinpointing the third-party vendors

Everyday ecommerce sites are rife with third-party vendors, many of them not clearly visible to site owners. These services provide the interactive and engaging experience consumers have come to expect and also enable the site to be monetized. Unbeknownst to many retailers, the third-party vendors they use to render these critical services—product reviews, content recommendation engines, payment systems, automated marketing services, analytics, content delivery networks, social media tools and more—can unintentionally function as a conduit for a host of unsavory activities including malware drops, first-party data collection, and latency-causing actions.

The challenge is to quickly identify the point of compromise, yet most ecommerce site operators don’t have a clear grasp of the vendors actively executing on their digital properties. The following infographic of a typical ecommerce site provides clues to where vendors can be found.

A marked up ecommerce site

[Get your pdf copy at www.TheMedia.Trust]

Check yourself before you wreck yourself

How do you control these vendors and what they do on your site? The ability to effectively manage an ecommerce site requires intricate command of the technology, processes and vendors needed to render pages that not only meet revenue goals, but do so without compromising the user experience. This means the site must be free of malware, performance-sapping vendors and privacy-violating data collection activity.  To protect against third-party code’s inherent risks, ecommerce teams must work with their IT, information security, and legal teams to constantly monitor—in real time—the code executing on their sites. Otherwise, a host of activities can be underway without your knowledge which can negatively impact the user experience, your brand and your revenue stream.