It's risk brain-storm time! When you're thinking up risk scenarios for the eCommerce product you're working on, what comes to mind?
I wrote a case study on ShowPo as my testing portfolio showpiece. I want to talk to you a little more about the elements I didn't quite get to cover there, and review the top priority product risks identified in that document.
From the outside view, I can only see their website, their technology stack (thankyou BuiltWith), and news reports about issues for information about the specific risks they face, but nonetheless, it makes an interesting experiment.
While putting it together I discovered the testing activity 'risk-storming'. As I am doing this portfolio piece by myself I certainly can't go anywhere near replicating the exact process, but it did inform me of many more quality aspects and test methods.
I did the next best thing, which was to take from my experience in three different fields - marketing, customer service, and test.
While these (mostly functional) risks certainly aren't universal to every eCommerce company there are most certainly patterns. Over the years, propelled by the ubiquity of platforms like Shopify and giants like Amazon, customers have developed expectations for e-commerce websites, which they expect to be consistent across platforms.
I found this paper on e-commerce testing taxonomies after writing this article, and I think I should link to it.
The product risks I take a look at are the below
- functionality
- reliability
- performance efficiency
- security
Tax
Different types of products are given different tax treatments.
Is the tax rate applied correctly?
This is a discussion your test and product team would have with finance.
It's a question more for food & beverage than fashion.
In FMCG, there are processed foods, and unprocessed foods, amongst other product categories with and without GST charges. It's well worth bringing in your test team. With this one, a defect could land you in trouble with the Tax Office!
Payment Processors
Do all options process payments successfully when they should?
Does it comply with PCI?
Do you have HTTPS?
What happens when the internet crashes?
Can a transaction still take place over ADSL or slower?
What happens if the call to say PayPal times out?
Shipping
Are the right rates applied for each region?
Are the right rates applied for each level of shipping urgency?
Are the correct shipping tracking codes added to the email?
Do your order tracking emails go out reliably as each stage ticks over?
If the shipping price API provided by your courier company falls over, what happens? What if the data format changes unexpectedly?
If the tracking code API provided by your courier company falls over, what happens?
If the postage assessment calculator API provided by the courier company falls over, what happens?
Inventory
Is the inventory transparency accurate?
How fast is the inventory level update? How fast do products sell out?
Do your par-level alerts send to the right departments on time? What does the email/slack alert look like? Do they know that's what it means/how it looks? How do you set par-level? What data is it based on?
What happens when a product goes out of stock? Does it disappear from the site? Do you enable back-ordering? Where does that list go? How is it stored?
What happens when a size goes out of stock?
What happens if par-level isn't set for a product and there is unexpected high demand for it?
Search and filter
If you have a search feature, how do you handle typos? How do you handle SQL injection? What do you do with Base64?
Does your filter have category-specific options?
How easy is it for a user to find the filter they want? How do you set filter order? Popularity of use?
What happens when a user tries to select multiple filter options? (Blue AND Green)
What happens when a user wants to find by theme?
How do you display selected filters? What happens when one is deselected? Does it remove just that filter, as it should, or do all filters refresh?
Are filter changes separate events in browser history? What happens when the user clicks the back button? Does the entire filter feature refresh?
How do you handle filter options with non-existent / only out-of-stock products?
Internationalisation
Do you change the price symbols? (Of course)
Do you localise the pricing?
What happens when the price localisation service falls down?
Do you change the default shipping country in the checkout?
Do you change the language?
All of this depends on your customer base and your future intentions with it. If your customer base is 95% English-reading no matter where they are in the world, and that's how you intend to keep it for now, but tax and invoicing requires localised pricing, then that's actually pretty a good case for keeping the language on all sites English.
Do you accept non-Latin scripts? Cyrillic? Korean? Japanese? Chinese? Arabic? What's your name character allowance?
Where are the servers based? Are they close/in the country the site serves?
Support
What are the most frequently asked questions about orders to support? Why?
How does support access this information? How much traffic can it support?
How reliable is this data source / integration?
What’s the process for updating delivery addresses when customers make a mistake?
Cart and Checkout
Does the review order table sit comfortably on the page?
Does it still sit comfortably on mobile?
Do the price field & quantity fields not slide into the next column? Are they not obscured?
Does the quantity number field only accept numbers?
How do you do input validation?
Security
Is your site protected by HTTPS?
In sign up, is the password field set up so that a customer can use a password manager?
Can a user use the 'use suggested password' feature in their browser or password manager?
Do your forms let in Base64 strings?
XSS?
CORS?
The OWASP Top Ten?
SQL injection?
Do you NOT show the customer's current password in reset email / account confirmation emails?
How well does the website do with the OWASP Top Ten?
Is your customer's credit card data encrypted?
Is your customer's password encrypted?
Is your customer's address encrypted?
Privacy
Is your Privacy Policy easy to find?
Do you comply with GDPR?
Is your customer able to delete their account without calling support?
Getting in contact
Does your contact form work?
Does your contact email work?
Does your contact phone work?
Do you have the correct contact email on the site?
Do you have the correct contact phone number on the site?
Can your customer tell that you have received their message, or does it feel like it's disappeared into the ether?
How do you do input validation?
Speed
The slower a website loads, the more likely a potential customer is to leave.
How slow is too slow for your wanted conversion rate?
How much does it slow during a surge in traffic? Is that a deterrent?
What happens if there is double the usual traffic levels?
What are your plans for Christmas season?
Have you reviewed the traffic from last year's ClickFrenzy? What do they suggest we should do as initial planning for this year?
What happens if Cloudflare is under major attack?
Sales Promotions
If the boundary [say free shipping for orders over $80, but the defect makes it so orders of $80 also receive free shipping] is breached, do you honour it out of customer goodwill? Most likely yes, that would be the right action to take, in the long term.
Do your coupons do what they say they do on the box? How do you know?
I've seen this defect on quite a few sites!
Database
What happens when your databases run out of space?
What happens when it overloads?
Sessions
When a user clicks away from the site, how long is their session data preserved?
What happens to form data after the user clicks the back button? When they click the forward button is the data preserved or deleted?
What happens if they click on ~any~ form element after their internet drops out? Does it hang? What if their internet is laggy?
Cross-Browser / Cross-Platform
Is it mobile friendly?
How does it look and function on different viewports?
How does it work on the major browsers?
SEO
Do the meta and Schema tags appear on the right places?
Are the default image sizes different for each social media platform?
Backups
How often is customer data backed up? How is it backed up?
Top comments (0)