Are You Ready for the Holidays?

Actions for Online Retailers to Take During the New Normal

The dog days of summer are here, and now’s the time for retailers to bolster their online businesses as part of preparing for the winter holiday shopping season. What a different type of holiday season this year is shaping up to be, compared to the same time last year!

The New Normal Has Redefined Readiness

Retailers have already been dealing with the reality of “readiness” everyday as a result of COVID-19 accelerating the adoption of online purchases and less shopping in physical stores. For example, during the month of March, Kasada’s research team reported everyday e-commerce traffic spikes rivaling those observed during 2019 Black Friday, Cyber Monday, and Boxing Day.

Overall, U.S. e-commerce grew 44.5% in Q2 this year, the biggest quarterly growth in more than 20 years, comprising 16.1% of all retail sales in the second quarter, up from 10.8% a year before — an increase of 49%.

Given this huge jump in online sales, and the fact that the effects of COVID-19 will likely extend into the retail industry for the foreseeable future, it is especially difficult to plan for holiday shopping this year. The stakes to get it right are larger than ever, and we at Kasada want to share some recommendations and best practices to help guide your organization towards success.

Understand Your Customers, Including First Timers

With more than 30% of e-commerce traffic derived from bots, not humans, it becomes very difficult to understand your customers. As a result, analytics can be heavily skewed with fake data, making it difficult to derive actionable insights about the effectiveness of your ongoing promotional, personalization, and optimization efforts to boost conversion rates.

Recommendation: Segregate bot traffic from your analytics to improve data-driven decisions.

Out of necessity, more consumers are shopping online than ever before. Many are first time buyers and as such, are less comfortable with making purchases online. Over the past year, there’s been a sharp rise in first-time shoppers as evidenced by the decline in the percentage of known shoppers by 10-18% across many countries. This makes it even more important to tune your fraud prevention rules and provide a frictionless experience to avoid the obstacles that frustrate shoppers, such as the use of CAPTCHAs.

Recommendation: Avoid using CAPTCHAs as they hurt conversion rates and are ineffective against automated attacks.

Protect Your Pricing and Margins

If you aren’t an exclusive provider of goods, stop unwanted price scraping designed to undercut your pricing or your margins will suffer immensely. When measuring how quickly a price change on one site would be matched by competitors, 80% of the time the new price was matched within 1-4 hours.

Consumers will be especially price-sensitive during difficult economic times where household budgets are tight. Not protecting your pricing will result in selling items at lower margins and in many cases losing purchasers to competitors.

Recommendation: Block unwanted price scraping or consider serving bots incorrect pricing.

Cut Infrastructure Costs – Plan for Peak

As online traffic skyrockets at a record pace, it becomes increasingly important to optimize infrastructure to lower operating costs and increase peak capacity.  If bots are left free to persist, unassailed, they eat up bandwidth, spike server costs, and slow down sites. And the cost to sustain an attack could be very large.

For example, prior to implementing Kasada, several e-Commerce customers were experiencing greater than four hours of downtime a month, during peak hours, due to the increase in compute that bots required. This was on top of a 2-4x increase in page load time.

Recommendation: Maximize infrastructure offload with tools able to eliminate the maximum amount of automated traffic from bots. Evaluate CDNs on their ability to offload content and price. Don’t pay more than you need to.

Protect your Customer’s Credentials and Assets

On average, more than 90% of login attempts on e-commerce sites are fake. Protect your customers’ credentials from account takeover attacks. Attempts to takeover accounts and the assets within, such as gift cards, are very costly for businesses, with an estimated $5.1 billion lost to fraud annually. Not to mention the human time and cost of dealing with a crisis taking away from your business focus and damaging your brand.

Make sure you are able to protect every login request from the first page load, without relying primarily on contextual data from the past to apply to the present; otherwise, credential abuse requests will slip through the cracks.

Recommendation: Make sure you have the ability to detect malicious automation immediately, with the ability to stop attacks from the first request.

Web and Mobile – Cap Your Chimney

Attackers will find the weak entry point into your online business. If your website security is robust, attackers will quickly shift tactics towards your mobile app as a means of stealing similar information. Protecting mobile apps often requires additional lead time as it involves protecting your APIs by embedding an SDK into a future app upgrade.

Protect your mobile app, in addition to websites. Plan developers’ time accordingly to ensure code makes its way into a planned app upgrade prior to the holidays.

Recommendation: Make sure you have the ability to stop bot traffic on your mobile apps as well as web properties, simply and effectively.

Expect the Unexpected – Challenge The Status Quo

Preserving online traffic integrity at-scale will undoubtedly be a challenge this holiday season. Malicious, automated attacks are increasing in sophistication and often retooling to work their way around traditional defenses. Proper preparation now will save you time and money later.

Learning from its predecessors, Kasada has taken a fundamentally different approach to defending against malicious automation. Instead of relying on contextual data from the past, which takes time and ongoing maintenance, Kasada looks for immutable evidence of automation from the very first request.  It also makes attacks financially unviable by exhausting the compute resources required to automate attacks. Extreme care has been taken to prevent reverse engineering of Kasada which is further obscured behind the CDN of your choice, providing long-term efficacy.

One Kasada customer realized 70% less manpower on reactive mitigation when compared to their prior solution. Not only was the manual time reduced, the solution was also 85% more effective at defending the site.

Kasada is elegantly simple, cost-efficient, and superiorly effective. Our customers realize time-to-value in less than 30 minutes.

Request a demo today and let us prove how we can help you be successful during this new normal holiday shopping season.

*** This is a Security Bloggers Network syndicated blog from Kasada authored by Kasada. Read the original post at: