Every year, consumers look forward to Black Friday, but unfortunately, so do hackers. Black Friday is “scam central” and while most of the attacks in the past targeted consumers (like the Target data breach in 2013), retailers need to be prepared. An attack on one of the year’s most busy days can have serious consequences for e-commerce merchants, which is why organisations like the Retail Cyber Intelligence Center are offering members threat briefings and advice before the holiday season.
We have discussed Black Friday and security with Michael Hallberg, senior partner, and Magnus Blombergsson, tech lead, from Enferno, a Swedish e-commerce platform provider, and Michael Wictor, CEO of ehandel.se, a community for e-commerce merchants.
The importance of Black Friday
There is no doubt about it, Black Friday is important for business. In 2015, Amazon logged over 6 million visitors on Black Friday and a further 10 million visitors browsing the site using a mobile device. The e-commerce experts we talked to say that this one day in November can make or break a retailer. Michael Wictor, CEO of ehandel.se, says: “For certain businesses, Black Friday is extremely important, and in some industries, it can be absolutely crucial.”
Michael Hallberg and Magnus Blombergsson from Enferno agree, and have some interesting numbers to share:
“Most of our customers are Swedish but they sell internationally, so Black Friday does have an effect on their business. One of our clients says they usually have around 60.000 page visitors per day, but on Black Friday 2015, the figure jumped to 430.000 visitors. This year, they are expecting 600.000 visitors, that’s ten times their usual traffic. They estimate that their Black Friday campaign will generate more revenue than the Christmas season.”
Preparing for the shopping rush
The majority of retailers plan for Black Friday and prepare for traffic spikes and large order volumes. Michael Wictor explains: “Everything is strengthened and extended in preparation for Black Friday; security, customer service staff, and warehouse staff.“ This is no surprise – according to ehandel.se’s annual report, the number of parcels handled by the Swedish postal services right after Black Friday in 2015 had increased by over 100% (compared to 2014).
The experts from Enferno point out that it is not unusual for e-commerce merchants to get ready for potential issues with the platforms they are using. “We have noticed that our customers have asked for extended support hours and would ideally like to have support 24/7. I know that payment platforms get plenty of similar requests and those that have the capacity offer support all day long. In general, retailers focus on performance and scale rather than specific security issues.”
Michael and Magnus add that most retailers work extensively with security when it comes to payments and personal data: “Because data privacy is regulated by law, the importance of keeping personal data safe is quite deeply ingrained in most of our customers’ minds.” But unfortunately, web security is not a priority among retailers.
The nightmare scenario
Surprisingly few e-commerce merchants focus on taking security precautions, even though thousands of shoppers place orders on Black Friday and falling victim to hackers is a nightmare scenario. “If a webshop is attacked on Black Friday, the impact is devastating because the volume of incoming orders is enormous. A downtime of an hour would be a slight setback in July, but on Black Friday, it’s a disaster,“ say Michael and Magnus from Enferno. They explain that a security breach could take a toll on brand reputation as well as revenue: “Being hacked would create badwill and that’s a consequence that plays a key role in business. If you have stocked up on products, not being able to sell them is a huge financial risk.”
Michael Wictor from ehandel.se agrees and emphasises the effect of security issues on sales volumes: “The worst that can happen is for sales to drop considerably.”
The future of e-commerce security
E-commerce security has come a long way, but it is still relatively narrow and focused on the payment process. However, the experts from Enferno say that this is beginning to change: “We have noticed that nowadays, new customers often know more about security and have more complex security requests, which also means that we need to constantly update our knowledge about security.”
This means that e-commerce merchants are becoming more aware of security issues and the importance of implementing preventive measures that reach beyond the payment process. Hopefully, the trend continues – consumers and retailers alike can benefit from a security-oriented mindset and open discussions about threat mitigation.
Are you running an e-commerce business and have security tips or best practices to share? Let us know at hello[at]detectify.com!
Detectify is an automated web security scanner that checks your website for over 700 vulnerabilities and notifies you if any security issues are identified. Sign up for a free trial to test your website with Detectify and see what security monitoring can do for your business »