Customer identity and access management (CIAM) and in-page integrity management are some tools to tighten e-commerce security when improving UX.

As stay-at-home and work-from-home become the next norm, shoppers have swarmed online for their retail wants and needs.

It is not just the regulars who are spending more. The buying patterns of 8,600 consumers in six South-east Asian (SEA) countries saw 47% of consumers decreasing offline purchases and 30% increasing their online spending amidst COVID-19, according to one report.

Meeting that demand is a wave of small- and medium- sized enterprises (SMEs) and start-ups entering e-commerce, bolstered by government digitalization support packages across the region. However, this virtual scramble is not without its problems.

Shoppers expect a fast, seamless, and secure environment before committing to a purchase, and all it takes is one mistake to harm a merchant’s reputation. Worryingly, there has also been a 216% rise in e-commerce scams in the first quarter of 2020, intensifying the upward trend in cybercrime.

For many, the next step in their DX journey is three-fold: improving the shopping experience, securing customer data, and adhering to data protection regulations.

Building a strong e-commerce business

Having an online presence is no longer enough. When competing merchants are only a few clicks away, it is vital for businesses to adopt good user experience (UX) practices to boost revenue and retention.

In today’s hyperconnected world, 49% of consumers surveyed by Akamai expected a page to load in under two seconds; Kissmetrics found that 16% of mobile users would leave a page if it did not load within one to five seconds; Episerver learned that 44% of online shoppers would abandon their purchase if they cannot easily find what they need; and Accenture reported that 91% of customers polled were more likely to shop with brands that recognize, remember, and provide tailored offers.

The message is clear: User experience is an influential factors in e-commerce.

Yet good design and testing is only part of the solution. The other part lies in customer identity and access management (CIAM) platforms that enable safer, simpler, and smarter operations.

For shoppers, CIAM provides a seamless and secure registration process that reduces sales friction, followed by loyalty programs that improve engagement and retention. For merchants, it supplies a rich database of demographic and psychographic information to help them to know their customers.

In turn, that information powers business strategy across inventory, marketing, and customer service. Today’s consumers browse, research, and purchase across multiple touch points and even multiple stores, so merchants need to reliably manage multiple channels for a cohesive sales funnel.

Protecting customer data

Cybersecurity is a complicated, evolving landscape and even the largest organizations can fail. Major breaches in the news continue to raise the alarm on data privacy and security. They have also re-ignited discussions on data consent, intensifying scrutiny of companies with a damning track record or opaque data collection practices.

Beyond the social pushback, these concerns have a measurable impact. Deloitte said 70% of consumers polled would avoid companies that, in their eyes, do not protect their personal information.

It is tough going. In the rush to go online, SMEs and start-ups may not have the budget nor the time to build their own solutions. For these businesses, a cloud-based CIAM is a practical alternative.

These platforms boast a rigorous security portfolio that includes the latest certifications and multi-factor authentication for customers. The latter forms a bulwark in the uphill battle against credential stuffing attacks. In just eight months, Akamai had recorded more than 10 billion attempts in the e-retail sector.

One of the goals in a credential stuffing attack is to gain access to an employee account, either through phishing or other social engineering means. An IBM Security report stated that attackers prefer compromised employee accounts, with such breaches costing an average of US$4.77m each.

To address this, CIAM enforces scoped access control. By limiting who accesses privileged information and tools, and to what extent, companies can mitigate the damage caused. Unfortunately, other attack vectors remain. Take third-party web scripts, for example. While these may provide a dynamic browsing experience for customers, there is an inherent security risk in giving others access to an e-commerce site.

Compounding the problem is how these scripts may also rely on other third-party scripts to work. Targeted attempts to hijack payment forms or skim web pages have been devastatingly successful: The Magecart syndicate have used this method to steal credit card data from at least 6,400 sites.

Like clockwork, the security world has responded. Akamai’s answer is an in-page threat detection tool called Page Integrity Manager designed to protect and prevent websites against JavaScript threats such as Magecart, as well as other web skimming and form-jacking attacks. By offering robust visibility into compromised scripts and client-side threats, this gives us actionable information that is needed to make informed decisions on the detected risks.

Begin with good data protection

The European Union’s General Data Protection Regulation (GDPR) is well-known for its strict measures on digital privacy. However, the truth is that GDPR compliance remains slow.

In a 2019 Talend survey, 58% of businesses worldwide had failed to provide requested individual data within the stipulated month. One identifiable obstacle was the lack of automated processing, with no consolidation or clear internal ownership of the gathered data. Besides attracting hefty fines, non-compliance with these laws unnecessarily lowers public trust and confidence.

Therefore, it is so important to stay up-to-date on any regulatory changes to maintain worldwide compliance, however difficult it is. Having a scalable infrastructure that can double up and manage personal data according to customer consent and preferences is not unheard of.

E-commerce today does not start and end with a digital shopping cart. Success now requires performance, personalization, and unwavering security for the customer. By combining commercial solutions such as CIAM and in-page threat detection, even small or new businesses can confidently move online.