Changelog Master Feed Securing ecommerce: "It's complicated" (Changelog Interviews #633)
Mar 20, 2025
Ilya Grigorik, a distinguished engineer at Shopify, shares insights on securing e-commerce checkouts against rising cyber threats like digital skimming. He discusses the complexities of compliance with PCI standards and the innovations needed to maintain security while fostering customization. Ilya also highlights the critical role of advanced engineering solutions and AI in enhancing the integrity of transactions. His experiences shed light on the evolving landscape of online shopping and the importance of collaboration in tackling security challenges.
AI Snips
Chapters
Transcript
Episode notes
PostRank and Google
- Ilya Grigorik's startup, PostRank, aimed to improve search algorithms by incorporating social signals like thumbs-up and comments.
- This led to acquisition by Google and work on Google Analytics, infrastructure projects, and web performance standards.
Core Web Vitals
- Core Web Vitals, developed by Ilya Grigorik at Google, defines key metrics for website user experience, focusing on real-world measurement and shared thresholds.
- It aims to provide a common understanding of 'good' website performance, evolving beyond initial loading metrics to include interactivity.
PCI and iFrames
- PCI DSS sets security requirements for handling sensitive credentials, like credit card numbers, aiming to reduce online fraud.
- Traditionally, iFrames delegated PCI compliance to payment providers by isolating credential input, effectively outsourcing security.