11.19.2018

By: Ilya Hemlin

The Holiday Retail Index by Verizon monitors daily traffic volume to the top 25 U.S.-based online retailers throughout the holiday shopping season.

Key findings for Black Friday and Thanksgiving

• 31.2% - eCommerce traffic change 2017 vs 2018 for Black Friday.
• 3.6% - eCommerce traffic change 2017 vs 2018 for Thanksgiving Day.
• 32.6% - Avg. eCommerce traffic change for 2017 vs 2018 for Mon, Tues, Wed before Thanksgiving

Increase (decrease) in traffic volume measured against each year’s 15 day average (Nov. 1-15) to account for year-over-year general network growth.

Key findings from the weekend before Thanksgiving

• 4.19% - eCommerce traffic change 2017 vs 2018 for Saturday, November 17.

• 14.93% - eCommerce traffic change 2017 vs 2018 for Sunday, November 18.

"The early engagement from retailers appears to be paying off as traffic this year continues to grow from years past," said Michele Dupré, Group Vice President of Retail, Hospitality & Distribution, Verizon Enterprise Solutions. “A strong trend in consumer confidence is highlighted by shopper’s interest in the early Black Friday deals that we started learning about in early November. The challenge will be to see if this trend can be maintained throughout the season."

Payment security top of mind during the holiday season

Ecommerce systems are public-facing and typically handle payment card and customer data – making them attractive targets for cybercrime. Among the most common Web application attacks take advantage of input validation weaknesses or stolen credentials.

According to Verizon’s 2018 Data Breach investigations Report, slightly more than half (53%) of the breaches recorded in retail affected a server, which may be related to the frequency of web application attacks.

Roughly one-third of all confirmed breaches in retail involved a web application. Common attack types include the capturing and exporting application data, OS commanding and the use of stolen credentials.

Another one-third of the breaches follow a pattern that is specific to brick-and-mortar retailers: card skimming. Typically, this is when an attacker sticks a device onto a card reader to secretly collect payment info as cards are swiped.