A new study finds that marketers use so many tools to enhance the online customer experience that they cannot keep track of them all. This mayhem can be costly this holiday season, leaving websites and customers exposed to security issues; CMOs and CIOs have to work together to limit their exposure.  

In preparation for this holiday season, retailers have pulled out all the stops to ensure that they not only have the best products at the best prices, but their website is trimmed with all the marketing bells and whistles to ensure maximum conversion rates. But what sites might make in conversions, they could lose in other hidden risks caused by their marketing partners.

Retailers’ success this holiday season is tied to sales, of course, but it is also tethered to security and site performance. Most companies are overlooking how the technology vendors on their websites affect both these crucial elements. The hundreds of digital marketing vendors – from ad servers to social media widgets – used by companies to power online customer engagement and increase conversion rates are considered necessary to deliver the ultimate personalised shopping experience. After all, consumers expect personalisation, socialisation and optimisation.

The reality is that the digital marketing technologies on a website create significant blind spots for companies. Most companies in the US use technology from more than 70 different digital marketing vendors on their websites. In the EU that number is closer to 35. In either case, website owners only know about a third of them, leaving the door open to significant potential problems. The recent hacks on Reuters’ website demonstrates the vulnerabilities caused by third-party technologies, in that case, by an innocent content recommendation tool. Any of the hundreds of vendors can unsuspectingly invite hackers, decrease website performance, decrease search rankings, erode customer trust, and reduce brand loyalty.

According to a new industry study by Ghostery that examines major websites in Western Europe, including such giants as Tesco, Air France and HSBC, 75% had security blind spots and mixed content issues on secure pages.

Airline sites had the highest number of security issues across the verticals assessed in the study, followed by financial services websites. In fact, every airline in the study had non-secure digital marketing technologies on secure pages. Over two in five (43%) retailers had non-secure technology on their pages, which can cause significant problems, especially as traffic increases this holiday season. In the US version of the study, retailers had the highest number of non-secure vendors of any of the industries studied, including companies like Amazon and eBay.

Digital marketing vendors are often the reason why a secure page will show “mixed content” warnings. Consumers and regulators, however, accurately assign responsibility for the overall security of the page with the website managers, not the vendors. As a result, it is extremely important for website owners to monitor their website and their vendors for issues.

In particular, non-secure digital marketing vendors can cause security risks that can reduce the online customer experience:

Declines in customer experience and brand loyalty

When a secure (“https”) web page has non-secure content such as a script from an advertising tag, warning signs are shown that reduce user conversion rates and can erode brand loyalty. EJ Hilbert, Kroll EMEA’s Cyber Practice lead says, “The result is consumers will register, often subconsciously, that the original site is insecure and poses a threat. It is these subtleties in the user experience that increase or decrease page rankings and views.”

Risk data leakage

When a retailer places non-secure tags on their website to enable, for example, content recommendations to a buyer, they create a trap door that allows hackers to run a “man-in-the-middle” attack. The hacker steals data on the site or sends a customer to a fake page, undetected until it’s too late.

Google search rankings at risk

Google recently started penalising websites who have mixed content on secure pages in their search-ranking algorithm. They have also stated In the Google search blog that they are planning to increase the importance of website security going forward.

With the right tools and processes in place, companies can ensure that security risks caused by digital marketing vendors don’t interfere with the online shopping season.