Changelog Interviews

Securing ecommerce: "It's complicated"

Mar 20, 2025

Ilya Grigorik, a distinguished engineer at Shopify, dives deep into the complexities of securing e-commerce checkouts from threats like digital skimming. He highlights the importance of PCI compliance, particularly the transition to version 4, and shares insights on managing scripts safely during checkout. Ilya also discusses innovative techniques like sandboxing and Content Security Policies to enhance security without sacrificing performance. Tune in to discover how technology is evolving to keep online shopping safe and efficient!

01:05:09

Creator website

Episode guests

Ilya Grigorik

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Securing e-commerce checkouts requires sophisticated strategies to combat advanced threats like digital skimming, emphasizing the need for robust security measures.

Achieving PCI compliance is essential for businesses to protect sensitive payment information and build consumer trust amidst evolving security standards.

Sandboxing techniques employed by Shopify isolate third-party scripts, enhancing the checkout process's security and performance while managing potential risks effectively.

Deep dives

E-commerce Checkout Security Challenges

Securing e-commerce checkouts involves navigating complex technical challenges due to sophisticated attack methods like digital skimming. As these attacks become more prevalent, it's crucial for platforms to implement robust security measures that ensure consumer safety during online transactions. Properly managing sensitive customer data, including payment information, is essential to prevent potential fraud that can have severe implications for both businesses and customers. To address these security needs, developers must adopt innovative strategies that comply with industry standards while enhancing the overall user experience.

Intro

3min

Exploring Recognition and Efficacy of a Development Tool

2min

Ecommerce Evolution and Web Performance

18min

Navigating E-Commerce Script Management

7min

Enhancing E-Commerce Security through Scripting Control

24min

Navigating PCI Compliance and E-commerce Innovations

9min

Navigating the Complexities of E-Commerce Security

2min

Ilya Grigorik and his team at Shopify has been hard at work securing ecommerce checkouts from sophisticated news attacks (such as digital skimming) and he’s here to share all the technical intricacies and far-reaching implications of this work.

Join the discussion

Changelog++ members save 7 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

Retool – The low-code platform for developers to build internal tools — Some of the best teams out there trust Retool…Brex, Coinbase, Plaid, Doordash, LegalGenius, Amazon, Allbirds, Peloton, and so many more – the developers at these teams trust Retool as the platform to build their internal tools. Try it free at retool.com/changelog
Augment Code – Developer AI that uses deep understanding of your large codebase and how you build software to deliver personalized code suggestions and insights. Augment provides relevant, contextualized code right in your IDE or Slack. It transforms scattered knowledge into code or answers, eliminating time spent searching docs or interrupting teammates.

Featuring:

Ilya Grigorik – Website, GitHub, X
Jerod Santo – GitHub, LinkedIn, Mastodon, X

Show Notes:

Something missing or broken? PRs welcome!

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Changelog Interviews

Securing ecommerce: "It's complicated"

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

E-commerce Checkout Security Challenges

Understanding PCI Compliance

The Importance of Inventory Management of Scripts

Sandboxing and Performance Enhancement

The Future of Checkout with Agents and Automation

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Changelog Interviews

Securing ecommerce: "It's complicated"

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

E-commerce Checkout Security Challenges

Understanding PCI Compliance

The Importance of Inventory Management of Scripts

Sandboxing and Performance Enhancement

The Future of Checkout with Agents and Automation

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights