Robust security means legitimate customers encounter less friction. A customer-centric approach can reduce shopping cart abandonment and boost customer engagement for online retailers.

Reesha Dedhia

Reesha Dedhia, security evangelist at PerimeterX

Customer experience is the driving force of every digital storefront and improving it can increase sales, retention and brand equity.

Traditionally, application development and revenue teams worried that excess security measures on a digital storefront would degrade the customer experience. Adding CAPTCHAs in the checkout process, for example, might create additional steps and cause friction. The use of firewalls might block legitimate customer traffic. This meant a constant struggle to strike a happy balance between security and customer experience considerations.

This viewpoint may have been correct years ago. Today, security and customer experience are mutually reinforcing at multiple levels. Modern web and application program interface (API) security technologies can improve customer experience by making applications faster and more responsive. More robust security means legitimate customers encounter less friction. This new approach to customer-centric security can deliver real upside for revenue teams by reducing shopping cart abandonment and boosting customer engagement.

Customer experience metrics that security can improve

To evaluate the impact of security on customer experience, you need to measure how it impacts key customer experience metrics. Let’s look at a handful of these metrics, discuss why they improve customer experience, and how better security can improve digital storefront performance.


Page load times

Customers want applications to load instantly, so fast page load time is crucial. This expectation starts with a home page loading quickly and applies to every other element of your digital storefront, including image and form loads. The need for speed extends to new page loads when users move from page to page and fast search responses.

Better security improves page load times

The volume of malicious bot traffic hitting web applications and APIs is growing exponentially. PerimeterX research shows that over 50% of online traffic to digital storefronts comes from malicious bots. By keeping bad traffic off your storefront and reducing unwanted spikes from malicious bots, better security can improve average page load time and site performance. While most technology teams have some scaling capabilities in place with content delivery networks (CDNs) and elastic cloud servers, the reality is that scaling up to meet demand can often take an hour or longer.

During critical holiday periods, when most online purchases are made, this delay significantly impacts customer experiences. A solution with behavioral detection and machine learning capabilities that dynamically scales up can accurately identify bots and prevent them from hitting your servers and CDNs, without delay. This improves your site performance by blocking bad traffic before it lands on your digital storefront, meeting real customers’ speed expectations.

Serving CAPTCHAs and challenges to legitimate customers creates friction

Methods like CAPTCHAs and multi-factor authentication (MFA) such as SMS or email verification of logins can help block unwanted bots and reduce the risk of online fraud. Unfortunately, these methods add steps in the checkout process which often frustrates customers and increases shopping cart abandonment. Ensuring that authentication challenges are only shown to those highly likely to be bots or those attempting fraud can dramatically improve customer experience.

Better security reduces CAPTCHAs and user friction

To reduce friction, you want both the percentage of customers receiving challenges and your fraud rate to go down simultaneously. A good metric to look at is the percentage of legitimate transactions facing a CAPTCHA or MFA challenge. A retailer might show this challenge at the payment step or the login step if your digital storefront uses customer logins and stored credit cards and user profiles. Modern security technology with machine learning can accurately analyze shopper behavior to identify when a visitor is human or a bot.


These systems sift through billions of interactions across hundreds of variables to create predictive models that detect malicious bots with greater than 99% accuracy. Data points analyzed might include visitors’ location and country, time of day, amount of time spent shopping and patterns in their network data.

The best security systems also analyze client-side device and user data such as screen resolution, rendering engines, and user interaction events to spot qualitative and quantitative differences between bots and live human users. By accurately identifying bots, the system can automatically insert a challenge when it detects a questionable visitor and reduces challenges for legitimate users.

Fill rates, attach rates, net promoter score (NPS) and customer satisfaction score (CSAT)

The ongoing problems with Sony’s popular PS5 PlayStation console represent the latest chapter in how armies of shopping bot operators can scoop up a significant chunk of inventory and resell it at premium rates. Bots and hoarders can make an inventory of hot items disappear when they place an item into shopping carts and leave it there. Alternatively, hot sales items can be snapped up by scalpers using bots to automate the buying process. This frustrates legitimate and loyal customers by making it harder for them to buy a brand’s most in-demand offerings.

Bots can also distort inventory levels by placing items that they never intend to purchase in a shopping cart. Sophisticated shopping bot operators even operate as “just-in-time” resellers; they continuously hoard items in shopping carts while simultaneously advertising those items on reseller sites. The bot operators purchase the item from the legitimate digital storefront only after a customer has paid a marked-up price on a secondary resale site.

Better security reduces bot hoarding and delivers a better experience to loyal customers

By identifying shopping bots and preventing them from purchasing items, retailers can improve the fill rate for human shoppers on their digital storefronts. This has a secondary benefit of enhancing the attach rate for related products; bots don’t make attachment buys, and the rate of upsells or suggested sells; bots don’t buy games after they buy a PS5. By preventing inventory hoarding, you will improve the customer fill rate and improve your inventory management. Over time, improving the experience for your best customers will improve your CSAT and NPS.


Conclusion: the security and customer experience flywheel

Applying modern technology for better security can markedly improve customer experience, driving higher sales and stronger customer loyalty. This results in the improvement of a wide array of digital storefront success metrics.

Better security will both block attacks by bad actors and also discourage them from continuing to attack you. Once attackers realize that a digital storefront uses strong behavioral detection and prevents bots from accessing the domain or API, large declines in attacks consistently follow. Best of all, you can create this flywheel without significant updates to your technology platform.

These security technologies are delivered as-a-service and only require the inclusion of a bit of JavaScript, just like Google Analytics. If your customer experience and security aren’t working together, you have a clear opportunity to boost your business results while reducing risks.

PerimeterX provides security services for websites and mobile applications.