Tal Rotman | Is Your Ecommerce Site Being Hijacked?

Thousands of customers… millions of dollars in revenue… are being lost to an insidious type of malware that is very widespread among ecommerce sites yet remains very little-known. It’s estimated that it hijacks 25% to 30% of customer sessions on ecommerce sites.

Worse yet, says Tal Rotman, head of the partnerships and development team at Namogoo, most online businesses haven’t taken steps to prevent this threat from draining their profits. In fact, even if their security teams look for it… they won’t find it because this specialized-type of malware isn’t actually on their ecommerce site at all.

If it sounds complicated… it is. But Tal offers a clear explanation of what this malware is, how it works, and how to block it, which actually turns out to be quite simple.

Listen in to get all the details, as well as…

  • The one line of code that you need to prevent your site from being hijacked
  • How to boost conversions 2% to 5% when you deploy this solution
  • The most common ways this malware can impact your business
  • The browsers and devices most at risk
  • And more

Listen now..

Mentioned in this Episode: www.namogoo.com

Episode Transcript:

Joris Bryon: Hey this is Joris of the Ecommerce Excellence podcast and today I’m really excited to talk to Tal Rotman. Tal Rotman heads up the partnerships and business development team at Namogoo and Namogoo, that’s N-A-M-O-G-O-O. He works with solutions and technology partners to help their e-commerce customers recover tens of millions per year in lost revenue due to customer journey hijacking. Tal, he has worked in technology across three continents and in multiple roles. Yeah. Right now, he’s on a mission to build awareness of this phenomena of customer journey hijacking. I’m guessing most of you will never have thought of, or even heard of customer journey hijacking before. I’m sure this is going to be a very interesting episode. Tal, welcome to the podcast and I’m super happy to have you here.

Tal Rotman: Thank you, Joris. Nice to meet you and nice to be involved in this podcast. It’s very exciting.

Joris Bryon: Cool, cool. Yeah. First of all, you and your company, you’re specialized in countering customer journey hijack. I have to admit, I’ve been in the game a long time and I had never heard of customer journey hijacking. When you explained to me what it was and showed me and it’s too bad, this isn’t a visual medium, but it kind of blew me away. Can you explain to me what exactly that is, customer journey hijacking?

Tal Rotman: You’re right. It is a highly visual phenomena. What I’ll do is, I’ll actually give you an analogy to kind of explain the problem. Just to give you that analogy, imagine you’re at the Nike store and you’re about to buy some new running shoes and you’re right about at the checkout and somebody walks up to you and very quietly whispers to you, “Hey. I’ve got those same shoes for 50% on the shop across the street. Why don’t you come with me?” You say, “Sure. Obviously, 50% off, same shoes. Why wouldn’t I do that?” That visitor, that customer’s leaving the store, because they got that competitive offer in the merchant’s retail store.

That phenomena, that analogy, is actually the phenomena of customer journey hijacking that’s happening online. I imagine you’re on at the merchant site, Nike, for example. You’re looking at some shoes at their website and all of a sudden, you see a popup for I don’t know, an Adidas ad, or even worse, same shoe that you’re looking at for 50% off at a discount retailer. That actually is what’s happening online. It’s very significant and something that a lot of people aren’t aware of.

Joris Bryon: No. At first, it seems hard to understand, because you’re like, “Okay. I’m not affiliated to any kind of ad network, how can someone else steal my clients away?” How exactly does it work? How does it occur?

Tal Rotman: That’s a good question. It’s actually a form of malware. It’s a relatively new form of malware, that’s residing on the browser. It’s called ad injection malware. There’s some academic research, dating back to 2012 that speaks about it. It’s becoming more and more proliferate. It’s expanding. This ad injection malware is occurring both in various geographies across different devices and this is actually how it’s infecting the browser. Many different types of malware are existing. This is just one additional form of it.

Joris Bryon: Okay. How do I actually get that malware there? Me, as a customer, so, how do I get infected?

Tal Rotman: Yeah. It’s actually pretty common. Think about all the other forms of malware that are out there. We all know that they exist and they’re infecting our browser, this ad injection malware is infecting browsers, just like all those other forms, actually, whether it’s through typically a kind of an extension, you’re installing an extension on your browser, or sometimes, if you’re using public WIFI, you might actually be agreeing to terms and conditions, which include various marketing software.

Some actually, we’ve even seen instances of the WIFI routers themselves having this pre built in. We even see it sometimes in legitimate applications. If you download, let’s say a CNET for a PDFU, or from CNET, that might actually have again, this kind of software piggybacking on the legitimate application. What’s interesting is, that there’s a whole ecosystem around the delivery of the malware and it’s a very developed ecosystem around that, very interesting, lots of academic research, but it’s very prevalent and it’s infecting all the different browsers out there.

Joris Bryon: Yeah. Is there any specific browser that is more problematic than others?

Tal Rotman: This is where people often say, well, I’ve got an Apple phone. I’m good. That’s not the case, actually. Now, I mentioned extension, so typically, we see a lot of interaction on Chrome, but it happens across Safari. It happens on different devices, mobile, tablets. In fact, what we see is, when a new version of iOS will be released, we’ll see a downturn, in terms of the infection rates on those new iOS devices. Then, we see it spike back up, while the malware developers figure out how to infect that new form of the iOS.

Joris Bryon: Mm-hmm (affirmative). Okay. Even Apple users, they should worry, as well. Right?

Tal Rotman: It really is across the board.

Joris Bryon: Okay. Cool. How big is this problem? Do you have any idea of how many users out there might be affected, for instance?

Tal Rotman: Today, we analyze over 3 billion sessions a week. From our customer data, we’re seeing infection rates of somewhere by the way 25 to 25% on all of the different sessions that we’re analyzing across the board. We actually produce an annual report of customer journey hijacking, where we give some data across the year, where we saw some seasonality. During Black Friday, we definitely see spikes in the infection rates, across verticals and so on, which is all very interesting, but the point being that really, it does affect across geographies, across devices. It really is very significant. Again, 15 to 25% is arranged, like I said, during Black Friday, we see upwards of 30% infection rates on some retailers, particularly around the US, or certain geographies in Europe that participate on Black Friday and so on.

Joris Bryon: Okay. Yeah. It’s a pretty big problem. Just to make it clear to investors, is it always some kind of pop up, or are there different ways to be hijacked?

Tal Rotman: Yeah. The hijacking takes different forms. The most successful, or compelling one is where it’s a competitive product ad. like I said, the shoes on Nike, for example, that appears on white spaces where you’re used to seeing an ad on a publisher’s site. If you go to a CNN.com, or your publisher of choice and you’re seeing an advertisement in the white space, this is where the ad injectors will try to inject ads and because people are so used to seeing them there that, they feel like it’s a native experience, but obviously, merchants don’t advertise for other companies.

Right, but people are so used to seeing them there, that they feel like it’s a part of the native experience, but there are other forms that are more obtrusive. They sometimes will have a brute force re-direct, where you’re just suddenly popped from one site, you go to the other site, or they might have pop overs that are right on top of the page, splat on top of the page, or they pop down. Those more obtrusive experiences start to feel like there’s a problem.

If you’re a visitor, or a buyer in the buyer journey on a merchant site and you suddenly see this kind of stuff that’s more obtrusive, maybe it’s even something salacious like pornography, or gambling and you start to say, “Hey. There’s something wrong with the merchant site. You know what? Maybe I won’t give them my credit card details. Now, they’re going to start to exit from the site, not only due to the competitive ad, by clicking the competitive ad, but also because they think that there’s something wrong with the site and you have issues of check code abandonment and card abandonment, brand equity issues. Those all result in people leaving the site.

Joris Bryon: Right. Yeah, because they don’t trust it anymore. If you don’t trust the site, you’re not going to take out your credit card for it.

Tal Rotman: Yeah.

Joris Bryon: Yeah. Just to be clear, let’s say, I have an e-commerce site and customers on my site, they’re being hijacked and I see an ad of a competitor. It’s not the competitor that is behind it. Right?

Tal Rotman: You’re absolutely right. The competitor is just buying ad space. The affiliate ad networks, which are so abstracted between the original buyer and where the ad space is located, allows these malware companies, these ad injection companies, to actually get the ad inventory and apply it to the ads that they’re actually demonstrating are appearing in the buyer journey. What they’re doing actually is, they’re very intelligent. It’s a very big business. They’re applying very advanced development techniques to actually personalize the ad to the visitor. If you’re in the process of buying some shoes, then they’ll pull inventory that is most relevant to your buyer journey, either for inline text analysis, or image recognition.

Sometimes, they’ll actually look at cookies and history and pull inventory, add inventory relevant to what you were looking at last week, for example. Maybe you were looking to buy a gift for your loved one. You’ll suddenly see ads for those products that you were looking at before, but they’re highly customized again, with one intention, the ad injection companies are looking to monetize by clicks. Right? They get paid for clicks, just like any other ad, they’re getting paid per clicks. The impact of people leaving the site isn’t really what they’re after. All they care about are the clicks, but then, the net effect is of course, people are leaving the merchants and the conversion files.

Joris Bryon: Right. Yeah. That leaves me with a difficult question. Why don’t the browser developers fix this?

Tal Rotman: It’s a good question. The browser developers, there’s a lot of different types of malware out there. That’s not their core competency. They’re not out there to fix other types of viruses and so on. That’s not what they do. The main reason is because, it’s a lot of work. There’s a lot of changes. Right?

Joris Bryon: Mm-hmm (affirmative).

Tal Rotman: Think about malware. You and I both know there’s always in the news, a new form of malware makes the news, and everybody says, “Oh. You’ve got to install the latest patch and that sort of thing. Well, there’s a lot of work involved in tracking all of those different new types of malware. That’s why there’s companies that specialize in that. That’s not what they do. They’re there to produce the customer experience and to develop a whole product set around blocking different types of malware is essentially another product.

Joris Bryon: Okay. The browser developers then, they don’t really fix it, but it’s still happening in the browsers. I have an e-commerce site. Basically, it’s on the browser of my customers. Why should I try to fix it, as a retailer?

Tal Rotman: The companies have been around for five years. When we originally were pitching the products, we’re pitching it as a security product. Right?

Joris Bryon: Sure.

Tal Rotman: It’s solving a malware problem, but when we talk to merchants and we were talking to their security folks, they said, “Well, is this happening inside my domain?” We said, “No. Well, it’s happening on your customer’s.” Well then, that doesn’t really interest me so much. Right? That’s a question that you might think of, but if I’m a merchant and my customers are going through the conversion funnel and all of a sudden, they’re leaving the funnel, I’ve invested so much money on developing that organic growth and are bringing that organic traffic to my site.

Now, you’re telling me that 10 to 15%, or 25% in some cases, is actually leaving and leeching out of my site, of course I want to stop it. That’s conversion. That’s potential conversion that I could actually generate revenue from and they’re leaving my site. Not to mention, the impact to brand loyalty, because people are concerned about giving their credit card details and associating all sorts of unsavory advertisements with my brand, there’s a significant impact to both the brand and most importantly, to the revenue, to the bottom line, because of this problem and I may not have even known about it.

Joris Bryon: Yeah. Yeah. That makes total sense. Can you tell me how do you fix it with Namogoo?

Tal Rotman: Sure. The solution that we’re using is actually a very commonly accepted deployment technique, used by SAAS Benders. It’s a single line of code. It’s one line of JavaScript code, often called a tag, or a pixel. Many companies out there are using tag managers to deeply such software. To use that is incredibly easy. We deployed one of the largest brick and mortar clothing brands, deployed with them in 50 minutes across all of their brands globally. It’s really, really easy to deploy. Now, the benefit of doing this and blocking this injection is to be clear, it’s a revenue benefit. We actually quote a 2 to 5% increase in conversion, by deploying this technology and blocking it. I just want to reiterate, the benefit to the merchant is significant revenue uplift.

Joris Bryon: Mm-hmm (affirmative). Yeah. I see. You put a single line of code on the site. Behind it, Namogoo is constantly keeping up to date with what’s happening in the hijacking sphere and all the new techniques and whatnot and make sure that all of that gets blocked. Right?

Tal Rotman: Yes. Basically, that single line of JavaScript code, is pulling our software from our CDN and it’s running inside the browser. Now, it’s running inside the dom, which is unrendered JavaScript. We’re basically running inside the grain of the browser. Then, we identify those ad injectors. We know all of the ad injectors that are out there. We identify and block them in real time, before they become visible. The experience is basically neutral. The visitors who would have experienced that ad injection, that customer journey hijacking, no longer experience it.

Now, what’s unique about our solution and just to tie back to your question about the browser developers, we’re actually looking, as I said, millions of sessions per week and we’re leveraging machine learning to identify new forms of the malware, just like any other malware. These ad injection companies are developing new forms. They’re morphing. They’re mutating. We leverage all of these sessions, this crowdsourced intelligence, to identify the new forms of ad injectors. We have many different types of machine learning algorithms are running on the sessions, to identify them and flag them out.

Now, one note, we don’t let the machines make the decisions, because we don’t want any false positives, so we actually well flag up suspected ad injection malware. Then, we have a human curation team that will validate, make sure that this is indeed a new form of ad injector. Then, we’re adding them to a list of ad injections that we stock when people are actually viewing the next page. It’s very effective and it allows us to keep on top of the ad injectors. That’s actually what helps us to maintain those committed 2 to 5% conversion uplift, that we commit to our retailers.

Joris Bryon: Right. The human check that also ensures that you don’t block anything legitimate. Right?

Tal Rotman: Exactly. There’s different types of legitimate software. There might be something. Other SAAS vendors, just like Namogoo, that are actually deploying. We don’t want to block them. We don’t want to block anything new that they put on. We also don’t want to block anything that the visitor intentionally put on. There’s price comparison tools out there. There’s all kinds of extensions. We don’t want to block what the customer legitimately installed on their browser. We actually are ensuring that, that doesn’t happen, by having the human double check the machines.

Joris Bryon: Cool. Yeah. By the way, I’m pronouncing it incorrectly, I guess. I say, “Namogoo,” but it’s, “Namogoo.” Sorry.

Tal Rotman: Yeah. We hear it all the time. The word is actually a biblical word in Hebrew, the company I work for, it’s in Israel. It means to vanish. Namogoo is to vanish. That’s basically what we’re doing to customer journey hijacking.

Joris Bryon: Okay. Yeah. I already wondered about that name. Cool. Let’s say I have a mobile installer on my site. I’m not infected. How can I be sure that you’re actually blocking it?

Tal Rotman: That’s a question we hear a lot. Right?

Joris Bryon: Mm-hmm (affirmative).

Tal Rotman: What is this magic? How can I be confident? It’s a new sphere. The whole sphere of malware, but ad injection malware is so new. It’s an innovative solution, but it also leads to a lot of skepticism, which is fair. What we do is, we put our money where our mouth is and we prove it. We actually test our value proposition with the customer, by running an AB test. I’m sure many of your customers and the folks who are listening in on this podcast are familiar with AB testing, but just a high level. We’re actually putting the Namogoo solution on 50% of the visitors that are coming to that particular merchant.

We’re putting them on 50%. 50%, they’re running without Namogoo’s solution. Then, we just measure, over some weeks, we measure the deltas between those two groups. That’s actually how we measure how many sessions are actually experiencing the problem, what we call infection rate, what percentage, what is the conversion uplift? That’s how we measure the revenue uplift. What we do is, we actually measure all of these things and we feed that into the customer’s analytics. We’ll tell the customer’s analytics platform which sessions are actually experiencing the problem and which ones we blocked.

That will, in all of those measures, there were measures of conversion and revenue uplift, revenue per visitor, are all being measured on the customer’s analytics platform. We’re doing the split, or the AB test with the customer’s analytics split platform. We’re measuring all of the revenue metrics on a customer’s analytics platform. All of that, the issues of skepticism and credibility, are actually eliminated, because the measurements are actually being done on their side. That’s really important to us, because again, we accept that there’s healthy skepticism of the phenomena and the problem. Actually, the revenue that we are committing to helping bring to the merchant. That’s why we offer to do this test with the customer.

Joris Bryon: Yeah, cool, because personally, I’ve been infected. Well, my browser has. I have been infected once a couple of years ago. Sometimes, it may be hard to believe, for people who haven’t been affected at all. It’s great you have a clear-cut way to show the results of what you do. Typically, you see the 2 to 5% conversion rate improvement, that’s quite a lot. How can it be so much?

Tal Rotman: We get that question a lot, as well. It’s significant. E-commerce departments are fighting for points of conversion rate uplift. If you think about the millions of dollars that, that can equate to, in some cases, tens of millions of dollars in additional revenue. Again, a lot of healthy skepticism. One of the interesting things, if you think about that infection rate, the 15 to 25% of sessions, if we’re actually cleaning their sessions and they’re going through the conversion funnel, they have the opportunity to complete the conversion funnel.

The interesting thing that you have to think about it, these are the types of people who are clicking those links. They’re looking at the competitive product ads and they’re saying, “Oh. That’s interesting.” They’re a warmer buyer. They are actually more likely to continue down the conversion funnel and actually convert. We actually see this in the data, as well. We actually noticed this a number of years ago. We did some data analysis after we had deployed with one of our customers. We found this to be the case. We actually found that the infected population, that 15 to 25% of visitors that actually, we had cleaned, they were converting at something like two to three times the base line.

Joris Bryon: Oh. Okay.

Tal Rotman: That’s huge exactly. What we’re finding is that, this group is, either they’re more digitally native, they’re more of an online shopper. They’re also more price conscious, they’re more likely to jump off and buy elsewhere, or to be digitally distracted, as well. All of those factors combined lead to the increased likelihood of them converting. That’s actually why we see those increases of conversion rate. A, we’re cleaning the experience, but B, these are the types of people who are more likely to buy, as well. They do, once we clean your experience.

What’s interesting as well is, if you think about that, that 15, 25% of your visitors, that are two to three times more likely to convert, that’s a very interesting segment. That’s actually a VIP segment. That’s something that we took on with some of our retailers where we did this project and we actually integrated into a number of different personalization and behavioral analytic platforms where they were able to then run some more aggressive, or experiments with different personalization campaigns, because this is a very interesting segment. We’re seeing some very interesting results. It’s another way, as a secondary part of our value proposition, another way to actually generate additional revenue with your visitors, after we clean their experience.

Joris Bryon: That makes total sense. Cool. Yeah. Is there anything else Namogoo is working on?

Tal Rotman: We are. Our road map is full of interesting ideas, but one of the very interesting things that we’ve been developing is a number of different modules to provide you intelligence on what your different SAAS vendors are doing. Namogoo is just one of many different SAAS vendors. One of the interesting things that we found, as a result of the GDPR campaign last year in Europe and some other privacy issues, some SAAS vendors are very well in control of their technology, but some, they might make a mistake and accidentally release some private data, some personal data. We’ve built a module that’s coming out. We’re in the early stages of deploying it across some of our customers, but this is a capability where, we’re able to tell you about the different vendors and whether they’re actually keeping your customer’s data safe. That’s a very exciting solution that we’re expecting to see hit the market on a wider scale very soon.

Joris Bryon: Wow. Cool. What is very soon? Next couple of weeks, months?

Tal Rotman: We’re probably looking at later this year. Yeah.

Joris Bryon: Mm-hmm (affirmative). Okay. Could be anything. Anyway, cool. Yeah. That sounds great. Hey Tal, this has been really great. We could probably nerd on for hours and hours, but we’re running out of time and I want to make sure people know how they can find Namogoo, how they can learn more about you. Yeah. What’s the best place for people to connect with you?

Tal Rotman: Obviously, the best place is www.namogoo.com, but you can always reach out directly to me on LinkedIn, to any of the folks that I’m on Namogoo. We have lots of highly referenceable customers. You can see some of our case studies on our website. You can also reach out to Judas himself and he can tell you more.

Joris Bryon: Yeah. Absolutely. I can put you in touch with anyone who’s listening, with Tal. Anyway, thank you so much for being here, Tal. It’s been absolutely great.

Tal Rotman: Thank you for the opportunity. I appreciate it.