Category: News

In a remarkable turn of events, this year’s Black Friday sales period witnessed a significant 23% surge in overall e-commerce volumes, showcasing a dynamic shift in consumer behavior and shopping preferences.

Breaking Down the Figures:

• Mobile Commerce Skyrockets: One of the major contributors to this surge is the phenomenal growth in mobile commerce. Statistics reveal that mobile transactions accounted for an astounding 45% of the total e-commerce volumes during Black Friday. The increasing popularity of shopping on mobile devices, facilitated by user-friendly apps and mobile websites, has become a driving force behind the seamless shopping experience.
  
• E-commerce Giants Lead the Way: Industry leaders, including Amazon, eBay, and Walmart, reported unprecedented sales figures. Amazon, in particular, witnessed a remarkable 30% year-over-year increase in sales, solidifying its dominant position in the e-commerce landscape. The collective success of these giants further underscores the reliance of consumers on trusted online platforms for their holiday deals.
  
• Average Transaction Value (ATV) Rises: Notably, the average transaction value demonstrated an upward trend during Black Friday. This indicates that consumers not only increased the frequency of their purchases but also opted for higher-value items. The surge in ATV adds to the positive outlook for e-commerce platforms, showcasing their ability to cater to a diverse range of consumer needs and preferences.

Technology’s Role in the Surge:

The integration of advanced technologies played a pivotal role in shaping the success of e-commerce during Black Friday, ushering in a new era of online shopping experiences:

• Artificial Intelligence (AI) Algorithms: AI algorithms, employed for personalized recommendations, led to a significant 15% increase in conversion rates. This indicates a shift towards more tailored and engaging interactions, enhancing the overall satisfaction of online shoppers.
• Augmented Reality (AR) Applications: The use of AR applications, enabling virtual product try-ons, contributed to a substantial 20% rise in consumer engagement. This immersive technology is redefining the way consumers experience products online, bridging the gap between online and in-store shopping.

Challenges for Traditional Retail:

While the e-commerce surge marked success for online retailers, traditional brick-and-mortar stores faced significant challenges in attracting foot traffic. Physical stores reported a notable 10% decline in sales during Black Friday, emphasizing the critical need for an omnichannel approach to meet the changing expectations of consumers.

Some stats worth a notice:

• Black Friday online sales hit a record $9.8B in the US. A +7.5% year-over-year rise.
• Shopify hit a record +$4.1B in sales up +22%
• MasterCard sales +2.5%
• ‘Buy Now, Pay Later’ +47%
• Travel up +10%

Looking Ahead:

As we delve into the data surrounding this year’s Black Friday sales, it becomes evident that the e-commerce landscape is undergoing a transformative shift. The 23% spike in volumes not only underscores the resilience of online platforms but also signals a paradigm shift in the way consumers prefer to shop, emphasizing the need for retailers to adapt to this changing landscape.

 

Two MBA Spartans of Stanford Business School, Andy Dunn and Brian Spaly, popularized the concept of buying men’s pants online in 2007 with their ecommerce start-up Bonobos. What started as an MBA project soon turned out to be a mission to design an ideal pair of pants for men.

They launched Bonobos.com when the concept of buying online wasn’t popular as present times. Within one year itself, the company made $100000 as revenue. Today they have over 60 Guide-Shops, full suit products for men, and were purchased by Walmart for $310 million back in 2017.

 

Andy Dunn, an online culture enthusiast, was deeply interested in Brian Spaly’s pant designs, so he decided to invest 401k in launching the website bonobos.com. He raised capital from angel investors and Stanford lecturers. On the other hand, Spaly cancelled his plan to Brazil to work on fabric, the pattern for his curved- waistband with a flattering pant. In the year 2009, the company received a major investment of $3 million from angel investors.

Journey from Digital to Bricks

Bonobos’ remarkable journey began in the digital sphere as an e-retail brand, but in 2012, in response to customers’ request to “try on before buy”, Bonobos came up with Guide Shop, the first brick and mortar store in New York where the customer could try on clothes.

The idea of a Guide shop was innovative, unlike other clothing retailers. It was designed to be completely stock-free except the floor stock. Customers could book an appointment, try on pre-selected clothes and buy them online. In 2015, Bonobos sold its millionth pair of pants, making itself the US’s largest online retail shop.

In a statement, Andy Dunn confessed that customers who contacted Bonobos through Guide Shops purchased products 75% more. The main contributing reason for this is – human experience. “Having a great human one-to-one experience is unique these days. For me, it builds enormous loyalty if I like the people that I’ve transacted with”. In the following five years, Dunn opened additional 50 Guide Shops around the US.

 

Takeaways from Bonobos’ Success

1. Digital-First Mindset
Andy Dunn’s fascination with online culture and Brian Spaly’s love for great-fit pants brought Bonobos into life. Andy Dunn had an innate understanding of online culture, and he knew that creating a better physical product is essential for success. Most importantly, the model of business was pre-determined. He was clear with the idea to sell and market products digitally.

The model was hugely proven successful, and Dunn termed the coin DNVB for companies who followed Bonobos’ ethos.

2. Powerful Word of Mouth Marketing
Even before the launch of Bonobos, Dunn and other co-founders used to sell handmade pants stitched out of Trader Joe’s bag on their college campus. Gradual networking of friends and classmates who already expressed a desire to have well-fitted pants helped the company grow. As word of mouth spread, they started hosting truck shows. By the time Bonobos’ website was launched, the brand had a good number of following. Within the first six months only, the firm grew to 5 employees and $1million net revenue.

Ecommerce retailers don’t need a huge marketing budget. All they need is such a good product that can keep people talking. Bonobos was the first e-retailer to prove that.

 

3. “Make one thing great. Get one thing right”
What’s more important for success? Happy customers or selling more products? Well, this was deeply understood by Bonobos hence creating a better physical product became their strategy.

“Consumers don’t need many things from your company- they just need one thing. You may want them to need everything from your company but guess what: consumers don’t care what you want. Your job is to care about what they want, not what you want them to want… Make one thing great. Get one thing right”, Andy Dunn.

4. Ninjas for Customer Experience
When it comes to customer experience, Bonobos is described as “maniacal.” They are known to put the customer first both at a virtual and physical juncture. No online retail shop can touch Bonobos. They have an excellent team of customer service executives who tirelessly work to achieve the company’s goal and facilitate customers with a hyper-personalized shopping experience. When Bonobos was still an online-only platform, the company provided top-tier customer service experience- whom they called ‘Ninjas’ who were available to provide personalized support. The company’s only goal was to enrich customer’s shopping experience.

After Bonobos came up with Guide Shops, the philosophy was passed on to ‘Ninja Guide’ who provides one-to-one support and personalized attention to in-store customers. The customer is also greeted with complimentary chilled beer to experience hyper-personalized shopping.

 

5. Free delivery & Stress-free Online shopping
The biggest challenge for the company in the beginning was to convince people to go and buy pants online. Some questions were inevitable such as – What if the pants didn’t fit? Why wait for items to arrive when you can directly go & shop? Why pay shipping charges? All these challenges were smashed when Bonobos came with a fast checkout, free-shipping & free-return policy to make online shopping more convenient for customers.

 

6. Guide Shops for Personalization
What made the brand stand out from the rest is its Guide Shops. It was an innovative approach to blend personalization in digital spheres. A customer could visit the store, try on the clothes, place an order at the store and get it delivered at home or office on the following day. A Ninja Guide available at the store ensures a one-to-one customer experience to support the customer make right purchase.

 

 

7. Smart Inventory
Inventory-free Guide Shops helped keep turnover high and investment low, enabling Bonobos to expand the business rapidly. Currently Bonobos has 62 Guide Shops across the US.

 

Summing Up!

Here’s a little inspiration for all those who want to make it big!
“The risk is not in doing something that feels risky. The risk is in not doing something that feels risky”, Andy Dunn.

 

 

The tech world is trending with the articles that read –
“Shopify pulls down Trump’s eCommerce store from their platform.”

This won’t impact Trump organization a lot, but imagine what would have happened to a small or medium level Shopify store owner if the same action were taken against them.

The imagination is scary, isn’t it?

It’s scary because you don’t have,
– Source code of the store
– You don’t own the IP of your store
– Your store is hosted with them

In other words, you’re trapped & bounded.

The reason it happened to Trump is that in Shopify, you DON’T own the code or server. The key of your store is ultimately in the hand of Shopify even after paying lots of money & fees to Shopify.

The Trump organization had never faced this digital loss if their store was built on other platforms such as Magento. Because, Magento is not only open source, but it also gives the authorization of all your digital rights such as codes, IP, etc.

For Shopify store owners, the thought from Shopify’s action should be, “If Trump (World’s most powerful person in 2020) gets banned on Shopify platform, are they really owning their store? are their stores safe?”

The better advice is to migrate your store to Magento and be the sole owner of your eCommerce store.

Contact us today and we can tell you how can we help you.

Almost 2000 stores using the Magento eCommerce platform had been affected over the weekend.

Security researchers claim this to be the “Largest Campaign Ever” they have observed to date since 2015.

According to security experts, it was a typical Magecart scheme where hackers inject malicious code to breach intercept and logged the payment card details that trusted shoppers entered inside the checkout page.

The founder of Sanguine Security (Sansec) Willem de Groot, a Dutch cyber-security firm specialized in tracking Magecart attacks found the following data during the observation:

• 11th September (Friday) 10 stores got infected.
• 12th September (Saturday)1058
• 13th September (Sunday) 602 and
• 14th September (Monday) 233

Most stores were operating on Magento 1.x (EOL) version

The Sansec notes that the affected stores were found to be running Magento version 1.x.

On June 30, 2020, Magento version 1 reached its end-of-life (EOL). Currently, this version is not receiving any security updates or support for any fixes.

Last year in November 2019, Adobe (owned by Magento) issued the first alert about store owners needing to update to the Magento 2.x as the company was expecting attacks since last year.

Earlier, Adobe warned about the forthcoming attacks on Magento 1.x stores which were later resonated in similar advisories issued by Visa and MasterCard. Several experts in the web security community said that new Magento 1.x vulnerabilities had not been spotted in a while, which was uncharacteristic because the 1.x branch was old and damaged with security holes.

So, the experts were right!

However, de Groot has not yet identified how hackers attacked Magento1.x websites that have been targeted over the weekend.

Sansec founder added that ads for a Magento 1.x zero-day vulnerability had been posted last month on underground hacking forums, further confirming that attackers were waiting for the EOL to come around.

On Friday (29th March 2019), an attack code was published that showed the vulnerability in the Magento eCommerce platform, all but assuring that it will be used to plant payment card skimmers on sites that have yet to install a recently released patch.

PRODSECBUG-2198 is a SQL injection vulnerability that attackers can exploit with no authentication required. Hackers control the admin panel to download user names and password hashes and then crack the hashes. As per their choice, they will install the backdoors or skimming code. Recently Web Security researcher said that the company has reverse-engineered an official patch that released on Tuesday and it has successfully created a working proof of concept exploit.

For few months, crime gangs are increasing and they are racing to attack e-commerce sites with JavaScript in order to secretly steal credit card details. With their wild attacks, the same card-skimmer gangs are attacking around 300000 businesses and merchants.

“There is no doubt threat actors are either actively reversing the patch or waiting for a proof of concept to exploit this flaw at scale,” Jérôme Segura, lead malware intelligence analyst at Malwarebytes, told Ars on Thursday. “When it comes to hacked Magento websites, Web skimmers are the most common infection type we see because of their high return on investment. As a result, we can expect another wave of compromises in light of this newly found critical vulnerability.”

A proof-of-concept exploit was published on Friday which consists of Comments in the code that says “can easily be modified to obtain other stuff from the [database], for instance, admin/user password hashes.” It also says the underlying vulnerability has resided in Magento since version 1. So it means all Magento sites that haven’t installed the patch are susceptible and it was also published on Friday to provide additional exploit details along with the disclosure timeline.

Segura wrote in an email Friday, “As predicted, we are going to see sites getting hacked pretty soon,”

Sucuri researcher Marc-Alexandre Montpas concurred with that assessment. In Thursday’s blog post, he wrote:

SQL injections allow an attacker to control site arguments to inject their own commands to SQL database (MSSQL, Oracle, MySQL, MariaDB), and this way they can retrieve sensitive data from an affected site’s database including usernames and password hashes.

These kind of unauthenticated attacks are serious as they can manipulate any data and makes it easier for hackers to spread attacks against vulnerable websites. A vulnerability has become more dangerous due to active installs, ease of exploitation, and a number of successful attacks.

From more than three dozen security bugs, PRODSECBUG-2198 is one that Magento developers have disclosed and fixed on Tuesday, and below versions may be affected by it:

• Magento Commerce < 1.14.4.1
• Magento Open Source < 1.9.4.1
• Magento < 2.1.17
• Magento < 2.2.8
• Magento < 2.3.1

Be quick in protecting your site from this Vulnerability by installing a stand-alone patch. There are other flaws too but that requires a hacker to be authenticated so they are not considered as severe.

Magento officials have said, “As the majority of exploits tend to target software installations that are not up-to-date with the latest security updates, we always strongly recommend that users install security updates as soon as they are available.”

You need to check your site if it is been targeted in 2198 exploits by checking the access_log file for several hits to the below-mentioned path:

/catalog/product/frontend_action_synchronize

A legitimate request is indicated to a small number of hits to that particular path, but if you come across the number of hits from the same IP address in a few minutes that you should suspect it.

Upgrade to Magento Commerce or Open Source 2.3.1 or 2.2.8. to protect your site against all vulnerabilities.

The Dutch Data Protection Authority has recently issued a statement, that appeals that cookie walls used by websites and apps to track their visitors’ Internet browsing for ad-targeting, do not comply with The General Data Protection Regulation (GDPR.)

Websites generally demand their visitors to accept cookies or any digital method of tracking as a pay to access their content. DPA declares that it has received numerous complaints that some websites are only open when the visitor accepts cookies, and so it has decided to tighten its grip on the issue. Websites that are complained about the most shall be monitored on priority basis and such cases shall be taken with more care.

The chairman of DPA, Aleid Wolfsen claimed that digital tracking collects personal data of people on a very large share. To protect privacy, he said, it becomes important that websites and apps request permission from their visitors. Besides preventing the tracking of Internet browsing without having consent, the concern also states that the personal information of a visitor shall be safe and the visitor must trust the Internet for the same. So, the netizens must be asked for permission before websites or apps have hands-on their personal data, and the denial in the same must not be disrespected.

Dutch DPA writes that users should trust the websites regarding their data and personal information. It goes on to state that websites and apps can and must use cookies and other methods that are necessary for their working and there is no restriction to that. But the use of the data and analysis of the user’s behavior and habits must be done only after asking for permission, and that permission must be completely free. Users should be given an option to deny cookies and tracking software that are not necessary for the functioning of the website or an app.

A spokesperson from DPA was questioned on the same, by TechCrunch, when he quoted that Cookie walls are non-compliant with the principles of consent of the GDPR. He continued to state that any website or app with a cookie wall on its page must be reported as soon as possible.

The spokesperson also assured that the matter will be looked in surely even if not in a couple of months.

Cookies that are necessary for the functioning of apps and websites, or the ones that do not demand personal information or data, skip the critical eyes of DPA. However, other kinds of cookies do stand in the lists of concern.

Internet Advertising Bureau (IAB)’s European site makes a perfect example of what not to do. Their website basically wants visitors to agree to various cookies that demand personal information or issue ads in a single click under the title ‘I AGREE.’

TechCrunch approached IAB questioning about the concerned issue when a spokeswoman claimed that GDPR does not really prohibit making access to content when consent is asked. IAB’s director for privacy and public policy claimed that they do not intend to make any changes to their cookie banner for the law does not demand them to let the users access the content without agreeing to their cookies as a condition.

He continued to claim that law is complicated and that when a browser connects to a web link, it basically requests for the content of the website, and hence hinting that it’s the publisher who holds the power to show his content upon certain conditions. He also stated that there is nothing in GDPR that demands him to show his content to everyone and that it is completely legit to determine conditions for showing the content. He claimed that it is his right to not show his website to certain people as much as it is their right not to agree to all cookies and tracking software.

IAB clearly offends the statement of DPA that clearly states that “When cookie walls on websites that do not grant access unless permissions are not accepted, the permissions cannot be considered to be given ‘freely.’ GDPR says that permission is not ‘free’ if the visitor has no real choice. Or if the person cannot refuse giving permission without unfavorable consequences.”

The access to users’ personal data allows websites to earn more and more, and the critical eye over the cookie walls that do not comply with GDPR might reduce the publishers’ profit to a great extent. However, this sure might help the netizens trust the Internet and might happen that websites earn more visitors when the awareness spreads positively.

Magento 1.x has been very useful to many eCommerce businesses over the last decade but somehow everything comes with an expiry date. Magento will cease support for eCommerce merchants using its 1.x version after JUNE 2020. So, you need to transition your store to either Magento 2 or a different platform because stores will no longer receive the security updates which are essential for keeping your website safe.

With the chances of only year’s notice before support ends, eCommerce businesses are thinking about various things.

Guidelines for Merchants:
Sometimes merchants may have to decide between the Community and Enterprise versions of Magento as part of an upgrade to Magento 2. To be noted that you need to buy a new Magento 2 extensions and install address frontend designs, migrate data and also address another setup for the complete launch. Magento doesn’t have one single “one-click” upgrade you need to go for various steps due to which many vendors are still not ready for Magento 2 and they also find it costly to opt for and upgrading procedure for the platform is not simple which could take few months to complete.
Magento like any other has its own pros and cons and we have few suggestions that can work as an alternative such as BigCommerce, WooCommerce, Zoey, Miva, X-Cart, VTEX, PrestaShop, 3dCart, and Shopify&Shopify Plus.

Key Questions answered which are the major concerns of Magento merchants.

When is the correct time to Re-Platform?
You can transition to Magento 2 now but still, the platform is fairly young and many people have reported bugs. Hence, switching now will be little risky and bug issue will impact on your business. So, wait until closer to Magento’s end of life. Mage Monkeys is a trusted Magento agency which can help you to perform Magento migration.

Should merchants continue using Magento 1.x?
No, it has a security updates issue which means that your store can quickly become vulnerable to security breaches, errors and other attacks. You can rely on Magento’s community for security patches but still, no assurance can be provided.

Should merchants worry about Magento 2 issues?
Many extensions are not yet compatible with Magento 2 and extensions are a vital component of most Magento stores so yes it’s a worry and also it has a different interface and layout which you may have to re-train your staff to use thoroughly.

Summary
If merchants are interested in the security of their stores and confidentiality of their client’s information then they have to upgrade to Magento 2 stores ASAP.