Web Performance Security Industry Benchmarks

E-Commerce Horror Stories

By Anthony Kormos on October, 3 2019
Anthony Kormos

That's right folks, it's that spooky time of year again, and we here at Blue Triangle wanted to share some website tales from beyond the binary.

Halloween is one thing, but the encroaching Black Friday and Cyber Monday are the real nerve-rattling pair of holidays that have E-Commerce stores hiding under their covers this time of year. So grab a pumpkin spiced latte and tie up your Yeezys; it's E-Commerce Horror Story-time.

Site Availability: The case of the disappearing web page

When you get too much traffic to your website, and your digital presence vanishes like a ghost, no one is happy. There is not a worse time of year for this phenomenon than during Thanksgiving weekend. Take a look at how the twitter-sphere responded when their favorite brands' websites fell into this state of unavailability.
twitter-site-outages

Now that's scary.

What's more frightening is how much revenue websites lose when their sites fail at these crucial times. Last year, the popular fashion retailer J.Crew lost an estimated $700K in revenue because their check-out process failed for 5 hours on Black Friday. 

As you prepare for the holidays, consider running a load test to understand how your site will function with the influx of traffic. Of course you should always be using Synthetic Monitoring to be alerted if any part of your site goes down.

Site Performance: Having too long of a driveway

Have you ever been trick-or-treating and passed by a house with a reeeeaaaallly long driveway? You probably skipped it. It would take way too long and too much effort to walk down there without knowing if you were going to get a full Hershey bar or some lack-luster pocket mints.

The same goes for websites. If it takes too long and requires too much effort, your visitors won't have the patience nor the tenacity to purchase from your website. We see here that a slower web page results in lower conversion rates:

conversion-rate-and-page-views-by-prt

We've seen even a 1-second slow-down translate to millions in lost revenue over just a small period.
Between Black Friday and Cyber Monday 2018, the top 500 E-Commerce sites to slow down by an average of 6%.

But it can be far worse.

Last year, when IBM Digital Analytics (Coremetrics) had an outage, it caused website slow-downs for major retailers like Victoria's Secret and Tractor Supply. It slowed the Victoria's Secret website down by 89%.

 

ibm site outage


Oof, now that's a long driveway.

Luckily, Blue Triangle offers real-time monitoring, alerting, and diagnostic tools that can help teams analyze and optimize site performance. This way, your user's patience won't run dry, especially during a stressful time like the holidays.

How to prepare? Check out Kristina Ravensburgen's Accelerator Series on best practices to improve your web performance.

The Curse of Ye: How one product can break your website

The fashion brand Yeezy, created by the mega-celebrity Kanye West, has made a considerable disruption in the fashion industry, especially in the sneaker-world. Every new release of his iconic Yeezy-Boost shoes causes a wave of fanatic "Sneaker-heads" to flood websites, which in turn struggle to facilitate the traffic for this zeitgeist of a product.

Many of these shoppers will effectively "hire" bots as a means of ensuring that they will get a hold of the product on its release date. Meanwhile, in the physical world, extensive lines form around brick and mortar stores that wrap around the block, with some consumers camping out to maintain their place in front.

It's a phenomenon, one that gets retailers excited to participate, but also leaves their DevOps teams in a vice of expectations. The online traffic that floods these websites, comprised of real users and bots, has proven to disrupt the functionality of entire sites. Pages slow to a frustrating pace or the traffic proves to be too much and makes some pages completely unavailable. It happened with Apple's iPhone 6 release too.

DevOps teams then scramble to keep the website functional, eliminate slowdowns, or just get the website up and running again.

Products aren't the only thing that can cause this kind of disruption. Political events have a secondary effect on e-consumer behavior. In the wake of the Brexit referendum of June 2016, where the value of the pound sterling dropped a sizable amount, ASOS.com saw a massive wave of traffic that completely crashed their website. The theory is a lot of shoppers with currencies other than the pound saw the bargain of shopping at a more favorable exchange rate. The bargain hunters flocked to ASOS and overloaded their website.

Understanding that not all retailers have the motivation, nor the means of selling Yeezy shoes on their platforms, it's still important for retailers across industries to never underestimate the influence a single item can have to their consumers behavior. The E-Commerce world is young, and it's presence in our lives will not vanish anytime soon. Who knows what other products or events in the future will produce this type of consumer behavior.

Security: The wrath of Magecart

In the age of information, personal data is a valuable resource. Either you or someone you know has probably had sensitive information stolen. For E-Commerce websites and their customers, there is one boogieman that causes incredible damage to the integrity of their brands. The dastardly villain being Magecart.

Magecart is made up of at least 12 different hacking groups that have been responsible for several data breaches. They discretely poach the personal information from websites, both big and small, with a strategy that resembles ATM and gas-pump credit card skimming.

In September of 2018, Newegg, a major technology and lifestyle product retailer, along with its users, was the victim of a financial information breach. The hackers attached a piece of JavaScript onto their check-out page so they could send data to their inconspicuous domain name, neweggstats.com. This method allowed them to skim credit card information that the users typed into the forms required for check out.

newegg magecart script

Source: Volexity

About a month earlier, British Airways had suffered a similar attack, where roughly 535K of their users had their personal information compromised.

As a result, BA was fined $229M (£187M) for failing to keep their customers' data safe. It is the largest fine implemented since GDPR was first enacted in 2018. Other victims of this attack include Ticketmaster, Forbes, and Feedify.

So what is an effective way to stop Magecart? A Content Security Policy, CSP for short.

Using a whitelist method, a CSP disallows any non-sanctioned third-party domains from extracting information from your web pages.

Using an analogy: Let's say a web page is a bank, the bank's cash is credit card information, and the hacker is a bank robber. Now let's say there was no absolute solution that could stop a robber from entering the bank and getting the cash inside. A CSP is like a reverse locking door that disallows the robber from leaving the building with the stolen money, making their efforts futile. A CSP holds your customer's sensitive data, only allowing authorized parties to transfer it.

csp-manager-hacker

Blue Triangle offers a CSP Manager solution that can protect your user's information. Like Van Helsing, we will be there to expel any Magecart monsters from preying on your valued customers.

Happy Halloween!

Thanks for reading, but that's it for now. Hopefully, you didn't read these too late at night; these sordid tales may keep you from sleeping soundly.

We here at Blue Triangle want to wish all of our blog readers a Happy Fall and a Happy Halloween. We also want to make it completely clear that we sympathize with these site issues and we are in business to help prevent these highly publicized debacles. Please do keep us in mind as you are gearing up for the Holiday season. We are delighted to consult and help you with all your E-Commerce optimization needs and concerns. We will do what we can to make sure you aren't getting alerts that make your phone go bump in the night.

Stay up to date