As we approach the holiday season, chances are you’re seeing an increase in online shopping. eCommerce was a big part of most consumer’s lives before March of 2020, but the pandemic has only increased that. But things aren’t always as they seem in the online retail world—sometimes we think we’re making a sale only to realize our customer has been hijacked and brought somewhere else!
RH-ISAC and The Media Trust are exploring some of the unexpected aspects of online retail in our series, “Crazy Things that Happen in your Online Store Every Day.” The fourth piece in the series, “Crazy Things You Wouldn’t See in Curbside Pickup,” focuses on customer hijacking. Customer hijacking is an incredibly common occurrence: malicious code or ads running on your store’s page might be stealing your customer’s transactional presence and offering them a customer experience elsewhere right out from under your nose!
Imagine you have a favorite customer waiting in line in your grocery store. Their cart is full of the food and produce they need, and they are getting ready to cash out. Before you can complete ringing them up; in a blink of an eye they’ve been whisked away to a completely different store (your competitor), with a cashier they’ve never seen before smiling at them and asking if they are ready to check out.
Sounds absolutely crazy, right? But this happens in the online transaction. Customer hijacking affects all online commerce. Usually some malware or unauthorized code—possible even from ads on the store page—redirects the customer during the shopping journey and prior to purchase, to a completely different site. Obviously if this happens once, it deprives you of a sale. If it happens often, it can take loyal, repeat customers away from your store, impacting your bottom line!
Luckily, there are ways to fix this.
- Monitor all data collection on your site, especially on your cart and checkout pages. Pay special attention to third-party activity. Along with that, monitor all data exfiltration from your site—what’s been collected, and where is it going? How are your cookies set up?
- Have agreements in place with advertising partners, vendors, and third parties around collection of user data on your site. Having clear policies around these issues, following industry best practices, is a huge boon here.
- Scan your sites frequently and from a variety of profiles (as different genders, different platforms, and OSes, different geographic locations, etc.). You want to have as comprehensive a view of your vulnerabilities as possible!
The best way to defend your network is to know your network—so frequent scanning, and establishing and enforcing policies about what can and can’t take place on your network are your best friends here. Follow these best practices, and your customers won’t be led astray nearly as often!
RH-ISAC and The Media Trust will be looking into more surprising, unexpected, and flat-out crazy things that happen in digital stores that wouldn’t happen anywhere else. Check out the other blogs in this series: