Apple Privatizes Shopping

Checkout Page Becomes Battleground for Those Who Control Identity

While shopping online, you’ve undoubtedly been confronted with the same unfilled checkout forms for payment and shipment. You may have even wondered why some startup hasn’t solved this problem: offer a cross-merchant payment wallet that remembers you and saves you the hassle. Even ShopRunner, which has integrated many top retailer websites to offer a free shipping annual membership, still forces you to click out of the experience to login.

This very friction is undoubtedly costing merchants billions a year in lost sales as people fail to convert, especially on mobile with its tiny form fields. Changes for privacy purposes in fact reshaped the shopping experience and redrew the strategic landscape for e-commerce.

Apple Pushes Privacy

In 2017, Apple began its industry defining strategy to limit cross-website user tracking with the launch of Intelligent Tracking Prevention (ITP) technology in its Safari browser. ITP stopped 3rd-party cookies from working, which meant even if a company had its code on multiple websites (e.g. Pinterest Pin button, Facebook Like button, Google Analytics) which attached cookies to your browser to keep track of you, you'd look like a different user to that common service on each website domain (e.g. GAP.com, bestbuy.com) you visited if you didn’t do anything.

Since Apple's Safari browser has ~60% US mobile browser market share and ~20% global total device browser market share, the introduction of ITP meant retailers and really all advertisers would struggle to identify a consumer across websites whether it was for checkout purposes or marketing purposes. Consumers with Safari browsers (basically iPhone users) could now browse stores anonymously.

Google CEO Sundar Pichai argued Apple turned privacy into a luxury good, but better data meant better experiences for many. He pointed out data-enabled products:

“take the friction out of daily life (for example, by showing you the fastest route home at the end of a long day) and give you back time to spend on things you actually want to do”

He undoubtedly would include checkout forms in that list of daily friction. Google Chrome and other browsers have auto-fill forms in an attempt to solve this problem, but you still often need to login, create an account, fix autofill, add new info, or just worry about the massive security issues involved with autofill. Better solutions were still needed. 

Retailers Adjust to Mystery Shoppers

Even if a retailer wanted to remember my info across different stores, they wouldn’t be able to do so in Safari without using a common website domain. While 3rd-party cookies are banned in Safari, 1st-party cookies are allowed which means as long as the cookie came from the same domain you’re currently visiting, then it will work. The moment you go to another site, that 1st-party cookie becomes a 3rd-party cookie in the contexts of that other website.

This new problem rewarded identity scale.

Global retailers with sub-brands could adapt. GAP today has brands on a common domain and redirects its brands to the common domain. See how the Banana Republic domain redirects to a subdomain of GAP?

Otherwise, the cookie from Banana Republic would go from being 1st-party cookie to being 3rd-party (and therefore blocked) when you visit a different GAP brand since the browser has no idea about corporate ownership and only wants to protect the user from cross-site tracking.

Smaller retailers are a bit out of luck. Even if they build on a common e-commerce platform like Shopify, the problem is they all run on their own domain, not Shopify.com, so retailers on the same platform can’t recognize each others’ shoppers . The next best thing these merchants can do is add one-click “redirects” to outside payment wallets (e.g. Shop Pay, Paypal, Amazon Pay, Venmo, Google Wallet and soon Facebook Checkout) that increase conversion rates of customers.

Wallets Welcomed

What these services have in common is plenty of registered user accounts connected to credit cards and shipping information. Given their scale, you've likely interacted with them at least once in the last month, which lets them keep a 1st-party cookie attached to your browser.

That 1st-party cookie is tied to your login/info with that service. As a result, when you click on these express checkout buttons, you’re actually being taken to those wallet website domains so they can re-use the existing 1st-party cookie that has kept you signed in with their service. They receive your shopping cart info from the retailer and voila, easy checkout.

Shopify and Paypal are great backend services that many customers use on a monthly basis. But imagine if this was done by a consumer brand that you interact with on a daily basis?

Google, Pinterest, Facebook, and other major web publishers are in prime position to leverage their 1st-party domain to expedite checkout services because you’re consistently logged into those sites already, which means they can make “express checkout” faster than anyone else. For many of them, there are two-fold benefits to offering a checkout service:

  • Revenue share: Processing payments gives a small % of the sale. For these players that used to only get paid/used for providing exposure to the merchant, they can now participate in some of the success they drive.

  • Measurement: They can now directly capture sales information that can be connected back to their logged-in user base which means they can better measure ad effectiveness.

Apple itself offers Apple Pay, which integrates seamlessly with the very browser that has created this problem, to offer easy payment to retailers. Surprise! The privacy protecter has simultaneously created a business opportunity for itself.

Apple’s solution doesn’t even need to leverage 1st-party cookies since Apple built this solution into its software (Safari) and hardware (iPhone, etc.). So Apple can now take a % of revenue for facilitating a more private shopping experience.

So what’s ended up good for consumer privacy has also ended up being good for business, at least for the ones with strong identity and engaged users.

Still, Apple may push privacy further at the cost of user convenience and break these express checkout services. Consumer platforms aren’t waiting to find out, and we’ll dive deeper into their potential options in the next Privatization post.