Changelog Master Feed

Securing ecommerce: "It's complicated" (Changelog Interviews #633)

Mar 20, 2025

Ilya Grigorik, a distinguished engineer at Shopify, shares insights on securing e-commerce checkouts against rising cyber threats like digital skimming. He discusses the complexities of compliance with PCI standards and the innovations needed to maintain security while fostering customization. Ilya also highlights the critical role of advanced engineering solutions and AI in enhancing the integrity of transactions. His experiences shed light on the evolving landscape of online shopping and the importance of collaboration in tackling security challenges.

01:05:09

Creator website

Episode guests

Ilya Grigorik

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

E-commerce security is increasingly complex due to sophisticated attacks like digital skimming, necessitating rigorous compliance with PCI standards to protect sensitive data.

The integration of third-party scripts in e-commerce platforms introduces significant security risks, highlighting the need for stringent management practices to maintain checkout integrity.

Innovative technologies like sandboxing techniques enable secure operation of third-party content while ensuring user experience and compliance with evolving regulations in e-commerce.

Deep dives

Securing E-Commerce Checkouts

The evolving landscape of e-commerce security is defined by increasing complexity due to sophisticated attacks like digital skimming. Efforts are being made to fortify e-commerce checkouts and protect sensitive consumer data through rigorous compliance with standards like PCI (Payment Card Industry) requirements. PCI compliance emphasizes the need for strong safeguards around payment processes, addressing the vulnerabilities that arise during digital transactions. This aspect of security is paramount for maintaining consumer trust and facilitating the smooth operation of online commerce.

Intro

3min

Expanding Recognition of Retool Beyond Silicon Valley

2min

Navigating E-Commerce Evolution

18min

Securing Ecommerce Checkout: Challenges and Innovations

7min

E-commerce Security Innovations

24min

Navigating PCI Compliance and AI in E-commerce

9min

The Complexities of E-commerce Security

2min

Ilya Grigorik and his team at Shopify has been hard at work securing ecommerce checkouts from sophisticated news attacks (such as digital skimming) and he’s here to share all the technical intricacies and far-reaching implications of this work.

Join the discussion

Changelog++ members save 7 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

Retool – The low-code platform for developers to build internal tools — Some of the best teams out there trust Retool…Brex, Coinbase, Plaid, Doordash, LegalGenius, Amazon, Allbirds, Peloton, and so many more – the developers at these teams trust Retool as the platform to build their internal tools. Try it free at retool.com/changelog
Augment Code – Developer AI that uses deep understanding of your large codebase and how you build software to deliver personalized code suggestions and insights. Augment provides relevant, contextualized code right in your IDE or Slack. It transforms scattered knowledge into code or answers, eliminating time spent searching docs or interrupting teammates.

Featuring:

Ilya Grigorik – Website, GitHub, X
Jerod Santo – GitHub, LinkedIn, Mastodon, X

Show Notes:

Something missing or broken? PRs welcome!

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Changelog Master Feed

Securing ecommerce: "It's complicated" (Changelog Interviews #633)

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Securing E-Commerce Checkouts

The Role of Third-Party Integration

Innovations in Checkout Technology

Navigating Compliance Challenges

The Future of Checkout and AI

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Changelog Master Feed

Securing ecommerce: "It's complicated" (Changelog Interviews #633)

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Securing E-Commerce Checkouts

The Role of Third-Party Integration

Innovations in Checkout Technology

Navigating Compliance Challenges

The Future of Checkout and AI

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights