#EcomAsiaChat: Securing Your Ecommerce Platform with Deric Loh, Mobifor

, ,

[C]: Cynthia Luo, ecommerceIQ

[D]: Deric Loh, Mobifor


[C]Welcome to ecommerceIQ’s podcast channel!

For those unfamiliar with us, we are Southeast Asia’s first market research portal dedicated to ecommerce – data, insights, important headlines, we’re focused on educating professionals in one of the world’s fastest growing industries.

A big thank you to our network consisting of DHL, Lazada, pwc, DBS, eBay and more.

Today we’re trying something different, having an open conversation about online retail and the challenges that ecommerce professionals are all trying to tackle.

Joining me today is Derich Loh of Mobifor, he is our first guest and I’ll let him begin with a quick introduction.

[D]: Hi Cynthia, thanks for the invite. I’m Deric, currently running Mobifor, a platform for designers to make their own ecommerce store. Glad to be here.

[C]: Thanks for being here. You’ve been in the industry for over ten years and I’m sure you’ve been watching this explosion of digital growth in Southeast Asia, can you share with me a few things you’ve witnessed?

[D]: Sure, it’s been quite some time. I can remember from the very early days, early 90’s, 2000’s, there wasn’t a lot of what we have today: hosting and ecommerce platforms to even what aCommerce is offering in the market today. It has evolved quite a lot. 

But people are starting to say hey, the ecommerce wave is coming on top, how do I ride it? 

I would say there’s still a lot of very conservative mindsets, especially for medium and large sized businesses. So in terms of change in management, how will it happen to become fully digital? How can front end retailers make use of data to ensure customer orders can be fulfilled all the way down to logistics? 

There are many areas to explore and improve. What do you think of the trends with clients?

[C]: Going digital means different things to businesses because it’s still so new in Southeast Asia. When businesses think of ecommerce, either big or small, they think “oh, I’ll launch a website and begin selling super quick and easy with all these templates that exist.”

But a lot of the times, they don’t stop and think about things like security and that’s a huge component because we’re collecting sensitive information from shoppers and they need to know that they’re protected

Are there any recurring misconceptions you find yourself having to explain to them over and over again? 

[D]: From a broader sense, the first question is “what is the goal of ecommerce or online?” Could it be a new platform for them to test out a new product launch? 

Or how can a retailer make it easier for customers leads? Can anyone open up the mobile to do research and purchase? There needs to be support from top management to decide how ecommerce will impact the company. 

How do you overcome the change in management issue or revenue cannibalization especially for people who have been in the industry for 10, 20 years?

They’re scared of online taking away their revenue instead of how everyone can work in the team in a similar direction. 

And going back to the security part, there’s quite a few issues that are overlooked such as taking credit card information in the final step of the purchasing funnel and the customer finds out the site isn’t very secure.

There’s no green bar or “SSL” certificate so if your company doesn’t have it, the customer could be saying “hey, your site isn’t secure, I won’t give you details.”

You got your customers all the way through to check out and then they drop off.

In terms of security, since last year, there’s an increasing number of hack attempts using WordPress loopholes to post malicious content or negative SEO.

For example, you’re selling fake products and making use of intrusions in other sites to post spam links to increase your own search rankings or cause a competitor site to shut down.

A lot of site technical administrators actually aren’t aware their site has been compromised so the first step would be to see if they have a firewall enabled to prevent the intrusion coming in.

Cloudfare recently had an intrusion in data, even the bigger boys like Uber are using their service, so now their sensitive data is going into the market. It’s important to have security measures in place to protect the brand name you’ve spent all this time building for many years.

[C]: I know we discussed this the last time we spoke, you told me that some hackers actually defaced over 1.5 million WordPress sites through a security flaw and this is something that can be easily prevented with an update of Wordpress.

According to Wappalyzer, WooCommerce, which is the shopping component of Wordpress, occupies 32% of the ecommerce market.

It’s [Wordpress] a popular content management system that a lot of businesses use because it’s very easy to teach and to work with but there are other popular tech platforms like Magento, Opencart and Shopify – what are a few effective measures companies, either big or small, can do to protect their own data and customer details?

[D]: I think the very first step is to assess whether they are PCI compliant to ensure data is secure and encrypted. You want to have an SSL certificate

What are some processes to identify fraud orders? What are the patterns?

  • Customers are using multiple usernames but similar addresses.
  • Customers using a different name but same email and different credit card. 

Let’s say volume is 100 to 1,000, it’s still small and you can handle orders but if it’s 10,000 or 100,000, you need a fraud management team to identify patterns and stop fraud orders going through platform.  

If there are too many at the end of the day, you’ll be getting charge back from banks and losing trust factor because they’ll know you’re not doing a proper job. What do you think or have witnessed with clients?

[C]: Well, for me [aCommerce], speaking to brands, big or small, they offload all of it onto their ecommerce service provider right? 

If you work with an ecommerce specialist, they assume we take care of everything and we do but it’s funny because I actually bought an airline ticket online. CheapOAir actually has a full fraud protection team but the process is so tiresome – I put credit card details into the system, they send me an email and call the number provided and then check with your bank and then email you again to ensure that this credit card is yours and not a fake.

They couldn’t connect with my international number and I called them back and explained my situation separately to seven different agents and each agent.

Fraud management needs to be there especially if you’re dealing with like you said larger order volumes or if you’re paying a lot of money you need to ensure that a customer feels they’re safe but at same time, if the process itself is too tiresomeI would have cancelled the entire order and moved on to someone else.

It’s important to get that balance right so if you’re going to implement fraud management, it needs to be seamless. Yes, that’s almost impossible but at least a process that’s not going to the deter the customer from thinking your brand isn’t that…great. I probably won’t be buying from them again and I hope my credit card details are safe with them. 

[D]: You want to have a process but not too much of a process.

[C]: Exactly, they were also asking for my credit card details over the phone so all of that was... a little bit sketchy as I would say. And they told me, oh, don’t worry, we have a privacy policy on our website and a quick Google search showed me that some people had a lot of problems with them.

They are a legitimate company but people were complaining how long everything took. Definitely need a balance. 

[D]: I agree, more brands should look into what is the proper compliance, especially in the early stage. Working with service provider and finance guy to know what is going on. Stores should know orders, fraud orders

A lot of communications internally and externally and with partners too to make it a better experience.

[C]: This is something that all companies should really keep in mind. I know that a lot of them are just thinking launch the site and forget about security, which is especially important because Southeast Asians are not very trusting in the first place of any sort of institution or they don’t want their details to be out there on the internet.

It’s something that we definitely can look forward to, I hope there will be more awareness about these fraud prevention tools.

[C]: Thank you so much for sharing Deric. All the tools you mentioned are below this transcript. I look forward to having you join me next time to tackle another topic. If you have any comments or issues you’d like us to cover, drop it into a comments section. 


Tools URL links mentioned: