Last week I shared some of the less-good-news from our recent evaluation of retailers’ digital shopping experiences. Less-good seems like such a polite way to put it, and in these trying times, shouldn’t we all be trying to be more civil to one another?

But there was quite a bit of not so good news in this year’s evaluation; less than in years’ past – retailers have made some marked improvements – but still plenty to riff on. So here’s some more of the things that need improvement:

Retailers Must Provide More Innovative 3rd Party Features

Far too many retailers are keeping their innovative checkout features and functionalities a secret. Here’s what we experienced shopping their sites:

–FinishLine does support the 3rd party AfterPay (a great move), but not only is that not prominently displayed in its FAQs, but deep within the FAQ page there is a section on “Payments” – and it’s not even mentioned there

-Even retailers selling goods as high-end as Saks, who no-doubt want shoppers to know they can use the 3rd party Shoprunner before they start building a cart and thus prominently display it on their homepage – do not tell shoppers they can pay via PayPal until deep in the checkout process

-It is also very surprising that an aspirational brand like Kay Jewelers only accepts credit cards – no PayPal, and no AfterPay. Based on their product mix and customer, this is another genuine miss

-And during the checkout process at PC Connection, shoppers are just asked to type their credit card number into a blank field. No indicator is even given as to what cards are accepted

Furthermore, we were very surprised that none of the sporting goods category had more innovative 3rd party checkout features. AfterPay would make a lot of sense here, but REI, Backcountry.com, and Dick’s only take credit cards and PayPal. Some of these items are expensive!

Now, let’s move on to the really bad news. Poor checkout experience is nothing compared to what we learned about retailers regarding 3rd party services on checkout and login pages.

The Presence Of Third Parties Is A Legitimate Consumer Risk

We also asked a new question of our consumers this year, essentially wondering if shoppers are aware and concerned about privacy risks at checkout. What they told us was compelling. (Figure 1).

Figure 1: 89% Concerned About Privacy

89% are concerned that 3rd party tech could steal their personal information. And rightly so, as the numbers in the graph below showing how many 3rd parties we found on retailers’ checkout and login pages is disturbing:

As a best practice, retailers should only have absolutely essential 3rd parties on pages where customers enter sensitive information or choose from a drop down, like checkout and login pages. Maybe 3 or 4 at most. The fact that retailers have 25+ is clearly alarming. We cannot stress enough how fast this needs to be addressed by brands.

How does this even happen? Many retailers do not have the security measures in place to ensure that their 3rd parties are not leaving them vulnerable to data breaches and other security threats. Some aren’t even aware that this many 3rd parties have access to their shopper data. The Magecart breach Claire’s recently experienced is an example of this, where hackers injected malicious code onto Claire’s website and intercepted customer information entered at checkout.

We look forward to asking these questions of shoppers’ and retailers next year, so as to keep an eye on a trend that could easily – if it continues to climb – come back to bite retailers at the exact wrong time. At a time when consumers are so vocally hesitant to visit stores due to health concerns, it would be absolutely catastrophic for brands to lose online sales due to concerns over the use of personal information on their websites. Heed our warnings and fix this now.

The full report also includes a ranked listing of how all 80 evaluated retailers scored.