Fraud Prevention

9 Ways to Recover Sales after a DDoS Attack

If yours was one of the thousands of online stores that suffered from the October 21 distributed denial of service (DDoS) attacks, you likely saw a decline in sales. Hopefully, that was coupled with an increase in phone calls and emails so you could explain to online shoppers that the issue was beyond your control.

During a DDoS attack, an attacker sends a slew of garbage traffic to a server (or group of servers). The server becomes so overwhelmed trying to either process or deny the traffic that it can’t do its regular job of delivering data or content to legitimate connections. The result is a substantial slowdown or total shutdown of the server or the processes it’s designed to run.

Unfortunately, most newcomers will leave a store and never say a word. Some will not return.

User comment about returning to a small etailer after an outage took its site down.

We all wish for customers like Russ. He returned to complete his purchase and felt better about doing so after realizing the etailer had no control over the outage as a result of a mass DDoS.

Granted, such attacks are nearly impossible to foresee, and oftentimes hours elapse before business owners realize the actual problem. A small etailer from Arizona, for example, wasn’t aware of recent attacks until the sales department couldn’t process credit card authorizations.

While DDoS attacks don’t always mean your store will be inaccessible to everyone, it’s smart to be prepared to connect with shoppers who may have been affected. Your game plan should include the following.

9 Ways to Recover Sales after a DDoS Attack

Shopper activity tracking. Using scripts to track shoppers’ activity throughout the site helps explain the behaviors of your target audiences. It also comes in handy when those shoppers are logged in and get interrupted. This info gives you what you need to contact shoppers when the site is back up, inviting them to come back and pick up their session.

This feature, by the way, could also allow shoppers to pick up the session using a different connection, such as on a smartphone using cellular bandwidth. It’s a feature designed to boost cross-device conversions, but who says you can’t also use it as part of your backup plan?

Supporting cross-device shopping is key in making the best of a DDoS attack.

Supporting cross-device shopping is key in making the best of a DDoS attack.

Abandoned cart reporting. Most shopping carts have the ability to log the name, email address, and cart contents as people begin to check out so you can attempt to recover the sale. Typically this data is used to automatically send recovery emails. After a site outage, though, you can use it to send an explanatory email about the problem. Remember to use wording that puts the shopper at ease and increases his confidence with your company.

Company phone number and email address on every page of the website. Often, when a site is no longer reachable, the browser’s back button can load the previously cached page. If crucial contact information is absent, the shopper has no idea how to reach you to complete an order.

Online chat. Online chat can help close many sales, especially during the holiday shopping season. It can also be a lifesaver during a DDoS attack. That’s because not all websites are hosted on the same server, nor do they all use the same providers. This means a third-party solution that allows you to communicate with shoppers may run just fine while your store is actually down.

Alternate payment methods. Just as a service provider’s URL may be accessible while your store is down, a payment gateway may go down while people can still shop your site. Having backup payment methods can eliminate frustration during checkout and allow customers to finalize purchases. If you are unable to use simple credit card fields as a backup — e.g., the store can only offer other solutions like PayPal or Amazon Checkout — configure a special message to appear when the alternative method kicks in. Also, include a phone number customers can call to complete payment over the phone.

Alternate shipping methods. You don’t want the checkout process getting hung up due to a shipping gateway’s non-response. Having backup shipping methods that run off manual configuration is ideal.

Alternate email servers. Customers expect email receipts of their orders. If the email server is unreachable, expect complaints, phone calls, and potential cancellations or chargebacks. If possible, customize the error message that may appear on the website if the email cannot be sent. And, ask your host if there is an alternate server that can be used in case the primary mail server fails.

Telling email subscribers exactly what happened. After everything returns to normal, draft an accurate message to send to the mailing list. Be clear about what happened and what steps were taken as a result. If you’re not sure how to explain, simply link to an easy-to-understand web page and, if applicable (and in this case it should be), reassure customers and subscribers that their information was not compromised.

Tell website visitors what happened. To reach the broadest number of people who may have visit the store just prior to the attack, include a message on the website. Usually one or two lines with a link to more info are sufficient. Again, be sure to use language that puts the shoppers at ease.

Should you provide to shoppers a coupon or discount for their trouble? That is up to you. Just don’t be pushy about it. Loyal customers don’t particularly like stores using such events as crutches to sell more. In most cases, notifying shoppers of the problem is enough to encourage them to visit you again or finalize their purchase.

Do you have more DDoS-management ideas to add to this list? Please share, below.

Pamela Hazelton
Pamela Hazelton
Bio


x