Coupon-generating browser extensions.can help retailers raise conversion rates. But merchants need to be aware of the risks.

Ken Zwiebel, general manager, PerimeterX

Ken Zwiebel, general manager, PerimeterX

The ecommerce ecosystem is one of the largest industries in the world and global retail ecommerce sales will reach $4.5 Trillion by 2021. The ecommerce world enables people to primarily self-serve their shopping experience.

However, like any business, shoppers are faced with a wide range of problems that can affect everyone in the process. Injected malware attacks are among the biggest threats to the ecommerce world. This type of malicious software can attack the client-side computers resulting in reduced ecommerce revenues and terrible user experience. 

These attackers often don’t want to steal customer data, but to steal the actual customers. This directly affects your revenues. 

Coupons: The good, the bad, and the ugly

Coupons were initially meant to stimulate the purchasing of products in-store. Most retailers didn’t care how a customer received a coupon—just as long as they made a purchase. Coupons came to the digital ecommerce world from the first day of online buying and that’s where things got crazy.

advertisement

Companies have made millions of dollars by making virtual coupon-clipping into an industry. They sign e-retailers up to deals and then offer the coupons to millions of users that have installed their extensions. On the face of it, it is a win-win-win: The e-retailer gets higher conversion rates, the consumer is happy because she just saved 5% to 10%, and the coupon provider has made their cut, as well. Many ecommerce professionals chase after deals offered by companies like Honey and eBates because it will increase conversion rates to some degree—and that is the metric by which professionals measure them.

However, caveat emptor! It is not all roses for virtual coupon clippers. 

Problem 1: Price comparison extensions

Many of the coupon extensions also offer price comparisons. The extension offering coupons on your website is also offering similar products from competitors who are attempting to take the customer out of your website to purchase elsewhereHow can your coupon partner be doing this? There are numerous reasons, but the most likely one is that they are getting paid more as an affiliate than as a coupon provider. 

advertisement

Price comparisons are always harmful to your conversion-rates and ARPU and they are tough to stop from a user perspective – since you welcomed that user in essentially by offering coupons through those very extensions that are taking those users out. There are, of course, extensions that are only price comparisons. The “dual-threat” ones are tougher to stop and provide a bigger experience for the user.

Problem 2: Revenue

In an ordinary online advertising world, let’s say I spent money on a search campaign, bought adwords, and drove traffic to my ecommerce site to buy something. My Customer Acquisition Cost (CAC) is relatively easy to calculate—and therefore, I can calculate ROI on the campaign, ARPU, lifetime revenue, etc. All are very important metrics for my online business.

But imagine that same customer that I spent money to acquire and get the click to my site, but before he actually begins his buying-path on my website, suddenly has his referral code switched because he has an extension on his browser. Not only did it cost me money to receive his organic click, but now I am also paying an affiliate for his purchases on my website. How do you calculate the ROI on those users? This becomes very complicated and hurts your overall business – but you are not likely to even be able to identify it! Why? Since the switch happened on the client-side via the extension and your metrics will not see this happen. And essentially, you are paying twice for that user.

advertisement

To make this point clear, imagine that the user is returned to the exact place that they came from; however, this time, the extension will append an affiliate code to their browsing and, therefore, take sales-credit for this customer. This is known as affiliate marketing fraud and happens all the time—without you even knowing about it. Almost all these malware-type of attacks occur “under the hood” and without visibility for you or the customer.

Problem 3: User intent and UX

You have spent lots of money and time in assuring that users experience your site in just the exact, particular way that you want. The minute an extension begins interfering with that flow, all that expertise and well-spent money goes to waste.

I have heard professionals in the field say things like “perhaps we should not be interfering” with users and the things that they have installed on their computers.

The problem with this is that the vast majority of these users have extensions without even realizing it. Not everyone is as tech-savvy as the people reading this blog. The 90 percent (the vast majority of users) are likely unaware of the things happening on their browsers. 

advertisement

It is our view that if someone comes to your website, then they are trusting you with their purchasing path experience and that you should control this completely. If you want specific coupons to work, great! That is why we created whitelists and a completely flexible system! But you should be very concerned about anything else that will change your UX, your code, or your users’ path. Consider the fact that many of your users cannot differentiate between a website doing bad things and a virus/malware/extension doing those things. You absolutely have the right and obligation to assure your user’s path.

Malware in your browser affects your online business

Within the category of browser malware, there are the very malicious types of extensions beyond the seemingly innocuous ones. The former being the malware that logs keystroke or skims user information, credentials, and credit card numbers and sends them to hackers. The latter inject ads, adware, “porn-vertising,” etc. that will completely disrupt the user from safe browsing on your site and divert them elsewhere. 

Another strategy that is employed frequently is “clickjacking” or, specifically, changing the links on a page (or adding links to the page) to link somewhere other than intended. Frequently, the user will be annoyed by the flow but will identify it and hopefully return to your sales funnel (although, no doubt, your final numbers will be hurt).

In summary

The commonality of all these types of extensions is that they hurt your revenue and customer engagement. And there is no reason for it. With a simple, watchdog line of code, you and your customers can be completely protected from any of the things that I mentioned above. It is just that easy.

advertisement

PerimeterX provides application security technology, including Bot Defender and Code Defender.

Favorite