This is page 2 of:
Never Mind Google’s Crumbling Cookies, It’s Retailers Who Are At Risk
What may be just as problematic is the fact that cookies can no longer give a retailer a competitive advantage. All your competitors use them, too, and in pretty much the same way you do.
Then there is the real downside. Right now, you know that you probably have at least a decade’s worth of cookie-using code in your E-Commerce systems. What you don’t know is what cookie-based tricks your developers (or third-party contractors) have used over that decade or so. Say there’s a cookie crackdown, and you clean up all the sketchy cookie practices you know about. If there’s old code in your system that sneaks a cookie in despite a customer’s preferences, you’ll eventually be caught, sued and investigated, probably in that order.
Ironically, there are several better ways to do what cookies currently do badly (because so many customers try to block them).
One is to track customers by way of their browsers and other characteristics of their computers or phones, but without putting a tracking cookie on the customer’s machine. That requires more server power than simply using cookies. But it neatly sidesteps all existing cookie controls, because you’re not putting anything on the user’s machine or retrieving any data from it.
For example, a project by the Electronic Frontier Foundation has found that at least 80 percent of customers can be uniquely identified without cookies, just by using a handful of characteristics reported by the Web browser, including time zone, system fonts and browser plug-ins. That’s 80 percent of all customers, not just the ones who aren’t blocking cookies. That rises to almost 95 percent if the browser has Flash or Java enabled.
A second approach actually improves security for customers: doing every E-Commerce session using Secure HTTP, which creates an encrypted tunnel for the customer’s transaction. That chews up more processor power, but it means no one (at least in theory) can hijack the customer’s online shopping session or eavesdrop on product choices or payment information. Lots of E-tailers already use Secure HTTP at checkout time; extending it to your entire site means you just happen to gain the ability to track each customer.
Then there’s a third approach: Just ask customers to identify themselves when they arrive at your E-Commerce site. Offer a carrot, such as special offers for customers who sign in or allow you to use cookies or other Web-tracking technology. If they say no, they can still shop—they just don’t get the bargains. If you already have a brick-and-mortar loyalty program, maybe that just means adding a box for the customer to type in that number, rather than requiring a user ID and password.
Considering how willing most shoppers are to sign over large quantities of CRM data when they sign up for a loyalty program, that seems like a reasonable bet. And with loyalty programs getting more popular as tracking cookies come under more suspicion, that may be the easiest way of getting out from under the Cookie of Damocles.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
