Author: Schalk Van Der Merwe, Group Chief Technology Officer, THG
Ecommerce is continuously evolving through the adoption of digital technologies. When implemented well, it can bring a series of key advantages by addressing unmet needs within the in-store shopping experience. From personalised advertisements to enhanced search features and functionality, technology offers brands an unparalleled opportunity to build a direct connection with their consumers.
Our Foundation Finder on LOOKFANTASTIC is a prime example of building a direct connection with consumers. In store, shoppers can speak to an advisor and test a product to understand what shade and product is right for them. We wanted to bring this experience online and the technology for doing so did not exist. To bring this experience to life online, we built an accurate database of colour for all the foundations we sell, across all brands. We invented patented colour correction and detection algorithms and developed two user journeys to help people find their best foundation match. Since launch, we’ve seen an uplift in foundation orders.
There are other aspects of ecommerce that are also evolving through the advancement of technology and AI, particularly as websites begin to scale – fraud and information security become paramount. Ecommerce transactions are susceptible to fraud in many forms. AI algorithms are highly effective at detecting anomalous patterns and identifying fraudulent activity in real-time. AI-powered fraud detection systems can add a layer of protection to ecommerce platforms by detecting unusual spending patterns and flagging suspicious logins.
The most common methods of fraud in ecommerce are using stolen card details to obtain goods or claiming non receipt of goods to obtain a refund. This presents a huge cost to businesses as they scale, and loss rates can vary enormously up to 1% of sales.
Mitigation is provided by screening every order taken online, in larger organisations this will be automated using machine learning techniques to triangulate data points and trends to predict higher risk orders that require intervention and more checking. It may also be outsourced to a payment provider or other technology provider. Performance is paramount and must be measured against (and not limited to) these core metrics with the objective being to minimise each:
1. Fraud check delay – customer sentiment will be damaged by undue delay or delays that cause cut offs to be missed
2. Charge back rate – the visible cost to the business of failure to prevent a fraudulent order – lower the better. THG Group’s chargeback rate using THG Commerce’s proprietary fraud technology currently sits at a competitive 0.04%
3. Referral rate – all orders referred for further checking will cause delay, so ambition is to minimise
4. Rejection rate – the rate of orders rejected through the checking process. Key is not to reject good orders
Threats around ecommerce information security in 2024 tend to come in two forms, attacks aimed straight at the DTC and those that attempt to come in through the employee entrance. In the case of frontal attacks, we’re living through an evolution from unsophisticated methods that simply flood a website with useless visitors until it falls over, to newer, more focused efforts today that exploit nuanced weaknesses within applications and the complex integrations amongst different platforms.
Defending against ecommerce cyber threats requires evolving levels of diligence wrapped in tightly bound layers of controls, so-called “defence in depth.” Besides the obvious goal of not getting hacked, these layers of defences serve as speed bumps and signposts to attackers who will quickly get frustrated and move on to easier targets.
It’s important to start proactively assessing your assets and using well known security frameworks to drive common-sense quantification of risks. You can only secure the things that you know about, and this extends surprisingly deep into all your critical suppliers as well as the tools you and your staff rely on day-to-day. Protection of personal and commercial data should land as a top priority right next to reducing human and supplier-owned vulnerabilities, as a regional variance in data privacy laws across the globe bring their own forms of financial threats. Regular staff training, communication and “what if” contingency planning can help instill a culture of awareness whilst third-party audits that verify controls are working as designed should deliver conformance attestations or similar collateral to be used as piece of mind for clients and partners. Staying ahead of your peers’ security posture is no small feat but if you do suffer a breach of any defensive layer, the damage should be limited rather than a business defining event
Author Bio: Schalk Van Der Merwe has been Group Chief Technology Officer at THG for 10 years, a prominent e-commerce organization headquarters in the UK. His background spans over 20 years in the technology field across various industries, form software and Logistics in South Africa, to mobile networks and gaming in the UK as Global Head of Infrastructure at Betfair prior to his current role. He holds an MBA in Finance and Accounting from the University of Liverpool.