Ecommerce Website Speed, Stability and Security: The Ecommerce Non-negotiables All Online Businesses Must Deliver

RLC58MRIX8

As an ecommerce executive, you probably think a lot about how you can take your business to the next level –– and there are a lot of tools at your disposal.

Yet, as the ecommerce space continues to become more and more competitive, consumers expect a certain level of quality from a retail website they visit. Yes, design matters. Yes, your messaging matters. Yes, whatever campaign you decide to run matters. But, none of those marketing aspects are necessarily non-negotiables.

In the ecommerce world, the following are absolute non-negotiables to running a successful business: site speed, stability and security.

Page Load Speed: Immediate

Time is money, especially for an ecommerce site. When an online shopper clicks Buy Now, something needs to happen –– and needs to happen right then. To accomplish this, your site needs a fast response time, boosted by a content delivery network.

Any delay on the web lowers results. Amazon, Google, Microsoft and many other companies have tons of research to prove that. For example, in 2006, the average online shopper expected webpages to load in eight seconds or less; by 2010, that number was down to 2 seconds or less.

This is why the speed of your site is critical for your business. If your page doesn’t load fast, many shoppers simply click away to a competitor — and may never come back. Using a content delivery network (CDN) is a smart way to speed up your website.

The CDN maintains servers at strategic points around the world; each server stores a “cache” of the biggest files on a website, such as code, photos or videos. Thanks to its special design, the CDN can serve up those files faster than your own site.

A big chunk of the internet’s traffic is handled by CDNs behind the scenes. And since CDNs provide a vital service, you normally pay a high fee to use one.

Not so with SaaS ecommerce technology like Bigcommerce. Our hosting already includes the industry-leading CDN, Fastly, which uses a smart, modern architecture to deliver the biggest bang for your buck.

And, Fastly is the only CDN with “instant purge of dynamic content.” That means you can update your product database and any visitor will see your changes immediately, instead of 20 minutes later.

This real-time content delivery is no longer a nice-to-have with consumers. Your site must load immediately, or you’ll risk losing a sale to Amazon and other sites that have accounted for this customer expectation.

99.99% Uptime

Just like an Olympic athlete, your site has to perform at peak condition through every grueling test. Can it handle the double-whammy of Black Friday and Cyber Monday? How about a guest spot on Shark Tank? What about a flash sale, or a celebrity influencer campaign?

Customers will expect it to.

For five years in a row, Cyber Monday has been the biggest single day for online shopping. On that day in 2014, ecommerce sales in the U.S. topped $2 billion for the first time ever. Black Friday added another $1.5 billion, and the days in between accounted for $2 billion more.

“From Black Friday through Cyber Monday 2014, Bigcommerce handled three times our normal traffic load with 100% uptime,” said Scott Baker, head of site reliability and operations at Bigcommerce. “We have one customer who did more than 70,000 orders in four hours that day!”

That’s one heck of a surge –– and it’d be a terrible time to lose site uptime, and thus revenue.

The holidays, though, aren’t the only high-traffic time for websites. Your flash sales or deals of the day can create big spikes in traffic. And, if a celebrity is spotted wearing a certain type of sunglasses, sales of that style can go through the roof.

To make sure your site can handle an unexpected burst of demand, it helps to know people who’ve been there and done that. Baker and one of his colleagues worked for two online ticketing services, where they got lots of practice dealing with spikes in traffic.

“Say Lady Gaga is doing a concert tour, and tickets go on sale at 7 a.m. In those first five minutes, you have to deal with hundreds of thousands of people coming to the site to get tickets,” says Scott. “And tickets often sell out in just a few minutes.”

Sites must be able to handle large amounts of traffic in very short periods of time.

“A lot of people just guess at their capacity,” notes Scott. “But we actually know ours. We don’t guess, we figure it out. That way, we can prepare for upticks in traffic.”

When you’re ready for your closeup, you shouldn’t have to be worrying that your site stays up, live and functional. Ensuring you have this non-negotiable nailed down is essential to growing your business and maintaining customer trust and loyalty.

Site-wide Security and Peace of Mind

In today’s ecommerce world, site security means protection against hackers. PCI compliance, DDoS mitigation when necessary and site-wide HTTPS are all the necessary means to properly achieve ecommerce security.

PCI Compliance

The PCI Security Standards Council (PCI SSC) defines a series of specific Data Security Standards (DSS) that are relevant to all merchants, regardless of revenue and credit card transaction volumes.

Achieving and maintaining PCI compliance is the ongoing process an organization undertakes to ensure that they are adhering to the security standards defined by the PCI SSC.

The SSC defines and manages the standards, while compliance to them is enforced by the credit card companies themselves. Again, these standards apply to all organizations that deal with cardholder data. Cardholder data refers specifically to the credit card number, along with cardholder name, expiration date and security code (CSC). The purpose for PCI compliance is simple: ensure customer credit card data is being properly secured.

There are different levels based on the amount you are transacting, and PCI compliance experts are expensive to hire. Good thing, then, that many SaaS ecommerce platforms handle this for their customers. This is an incredibly expensive and time consuming endeavor that most retailers cannot accomplish on their own expertise. For more information into exactly how to earn PCI compliance on your own, here is a guide.

Denial of Service Mitigation

DDoS attacks can strike without warning. They can happen intentionally by hostile outside parties or be triggered by scripts that scour the internet looking for known vulnerabilities. For online stores utilizing SaaS-based ecommerce technology, DDoS mitigation is handled for you, providing better protection than most self-hosted providers can offer, and much better protection than what your business is currently prepared to do.

Site-Wide HTTPS

Serving your entire site using HTTPS has two primary benefits: improved search ranking with Google and improved site security and shopper trust. What is site-wide HTTPS? It’s essentially site-wide SSL (Secure Sockets Layer). SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This secure link ensures that all data that passes between the web server and browser remains private and integral. In general, data delivered over an unencrypted channel is insecure, untrustworthy and is easily intercepted. In fact, in 2014, Google’s Pierre Far and Ilya Grigorik made their presentation calling for HTTPS Everywhere, reminding webmasters and website owners of the importance of  protecting the security, privacy and integrity of user data.

A fully secure site is a big deal, not just to the health and safety of your business, but important to your customers as well. They want to be reassured whenever possible that doing business with you won’t mean they are part of another retail data breach. Site-wide HTTPS is one way to ensure they aren’t.

Once you have these three non-negotiables covered, your ecommerce site is ready to launch against the competition. Companies that do not meet the above requirements for security, speed and stability should reconsider their ecommerce technology and work toward a cost-effective solution that allows their teams to focus on bringing in net-new customers and converting them, rather than on keeping the site up and hackers out when they get there.

Want to learn more about how to increase your brand awareness online once you have the non-negotiables in place? Join Paypal, Bigcommerce and Harvard Business Review in a webinar on Tuesday, October 13. Sign up here. 

The Complete PCI Compliance Cost Benefit Analysis

You can't afford to forgo PCI compliance, but you can lower the cost

  • Scott Baker

    Hey, Audio Bible,

    1. Using https instead of http will add some latency to response times, due to the initial SSL handshake, so there is a little bit of a trade-off. It’s usually about 50-100 milliseconds. However, after the initial handshake, encrypt/decrypt doesn’t usually add that much overhead. The SSL handshake only happens at the start of the https session, so for most users, it won’t be significant as they move from page to page, as the handshake has already happened.

    2. It’s unclear if Google is paying much attention to https over http yet. They have stated they think it’s important as a signal, so it might be a factor in the near future. Right now, performance of the site is definitely taken into account, so probably optimize for speed first, then site-wide https.

    3. Yes, but easy is a relative term.There is a way to convert your entire site to https. The complication is that you need your own domain name, dedicated IP address and certificate. Also, since there is some overhead in encrypt/decrypt, you may want optimize your site for less requests and less data per page.

    4. You don’t need to change all the code, but you may need to change some links to point to https rather than http so you don’t generate mixed-content warnings in your customers’ browsers. We have a link describing what to do here: https://support.bigcommerce.com/articles/Public/Site-Wide-HTTPS

  • 1. If you serve the website using http(s) instead of http, I thought that made your website slower to load? 2. Does changing the page URLs to http(s) instead of http, does this have any effect on the page listing or rankings in Google?
    3. Does BigCommerce have an easy way to switch the entire site over to http(s)?
    4. If so does all the code need to be changed inside the site?

    Let me know.

    Thanks.