Turkey. Click. Tinsel. Click. Aunt Jane’s reindeer jumper and Uncle John’s festive socks. Click.

Online shopping is now just as much a part of Christmas as the man in the red suit and – if last year is anything to go by – UK consumers will spend over £20 billion online during the Christmas shopping period. But are retailers prepared for the Christmas rush and can their websites cope with the demand? The Argos and John Lewis websites both crashed during this year’s Black Friday promotions and recent security breaches – including an issue involving Marks and Spencer where customers could view each other’s personal details – indicate there may be underlying issues with retail sites.

All too often the root of these problems is not the website itself, but the multitude of digital vendors with access to it. As the digital marketing ecosystem becomes increasingly complicated, retailers are using tools and widgets for everything from customer targeting and personalisation, to socialisation and optimisation. Whilst these technologies may increase customer engagement and conversion rates, they can also create issues around performance and security, which a surge of seasonal traffic could quickly bring to the fore.

So what are the risks posed by these increasingly complex chains of digital technology vendors and what can online retailers do to gain improved control of the vendor technologies on their sites?

The first risk from multiple vendors is a decline in website performance. Often retailers only know about a fraction of the digital technology vendors with tags on their websites – and aren’t aware of the depth of these vendor chains. This overload of site technology increases website latency, and could be detrimental to the customer experience and brand loyalty.

Security is another potential issue created by excessive use of digital marketing technology. When retailers aren’t aware of non-secure vendors on their websites, the resulting security blind spots make them vulnerable to hackers and data leaks. Non-secure digital marketing tags are often behind the confidence-eroding ‘mixed content’ warnings on supposedly secure web pages. They also could allow hackers to access customer data through ‘man-in-the-middle’ attacks. Ultimately, security is the responsibility of the retailer, and these types of breaches can be costly in terms of lost customer loyalty and trust. They can also negatively impact Google search rankings.

Fortunately for retailers, there are positive steps that can be taken to gain transparency into the multitude of vendors operating on their websites:

Step 1: Undertake a vendor audit

Uncovering the technologies accessing a website is a major step for any retailer and the first vendor audit usually unearths a few surprises. Vendors may access a website indirectly – via an ad network or data targeting company, for example – or it may be that separate marketing teams within the retail organisation are not communicating effectively, and website managers are oblivious to many of the vendors on their sites.

Step 2: Eliminate any high-risk vendors

An audit will highlight potentially risky vendors present on a site that should be removed. These could include non-secure vendors, non-approved vendors, and out-dated, redundant, or expired tags – all of which can pose a risk to website security.

Step 3: Set performance goals

To maintain consistency, retailers should benchmark vendor performance and set targets that must be met. For website latency, this could mean specifying a maximum load time to which vendors must comply. Setting security goals can be more complex as retail sites contain a wide range of content – of which only parts are sensitive – so acceptable limits can vary. Vendors should be given guidance on where they can place tags, how many third-party tags they can bring, and what data they can take. A zero tolerance policy on pages that contain personal data is absolutely essential.

Step 4: Allocate vendor responsibility

When only approved vendors are left, retailers should assign internal responsibility for each vendor. The assigned individual should enforce performance goals and have a specific point of contact on the vendor side to enable quick resolution of any issues as they occur. This information should be centralised and made easily available to key stakeholders.

Step 5: Maintain vendor monitoring

A vendor audit should never be a one-off occurrence but should be a continuous process. During particularly busy shopping periods such as Christmas, small changes in vendor technology can have huge implications for retailers, so performance and security need to be continually assessed and vendor rules must be stringently enforced.

By following these simple steps, retailers can take control of the multiple marketing technologies operating on their sites and prevent digital Grinches catching them unaware as web traffic soars this Christmas.

 

By Damian Scragg, Managing Director EMEA at Ghostery

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus