Neustar's Holiday Don't-Just-Wish List for IT Teams!

Three ways to improve your website’s holiday performance for an exceptional customer experience.


Let’s skip right past the festivities to another side of the holidays – one filled with serious risk for online businesses.

  • Over 40% of companies report that a DDoS outage would cost over $1M a day (Source: Neustar 2014 DDoS Attacks and Impact Report.) That’s any day of the year – with holiday losses likely much higher.
  • On average, consumers give your webpage about four seconds to load before abandoning it. Slow performance takes a toll on sales and revenue.
  • As online transactions spike during Q4, so does credit card fraud. The sheer volume of traffic can tax your anti-fraud defenses.

How do you protect your website and delight holiday shoppers? There’s no magic to it – but the practical tips and case studies presented here can help.

Happy holidays from everyone at Neustar!


Load testing gives you precise measures of website speed and capacity. Armed with this data, you can find and fix problems now and avoid customer loss during the year’s busiest season.

Best Practices

  • Run multiple tests. Neustar’s engineers recommend a series of three load tests: the first to see what needs to be fixed, the second to check your progress and the third to confirm that performance continues to improve.
  • Start now. You’ll likely need several weeks to run and follow up on tests. When can you better spare that time – now, or when the madness hits?
  • Know what to test. It’s not practical to test your entire site, so prioritize. Two smart ways to do that: look at your monitoring data, especially Real User Measurements, and ask Marketing which products and pages are due for heavy traffic.
  • Scale up incrementally. Identify the scale you need, for instance, 3,000 users. Launch the test with 10% of that number, see what happens and, assuming all goes well, add 10% more. Repeat as necessary—until you see errors spike or the application collapse.

Besides nailing down current scale with a greater degree of precision, you’ll avoid a crash right out of the gate – who needs that?


If your business has an online presence, you probably have DDoS protection against distributed denial of service (DDoS) attacks. But as the holidays approach, do you have all the protection you need to avoid a site outage, loss of revenue or even data theft?

According to Neustar’s 2014 DDoS survey, nearly 30% of companies estimate outage losses at $100K per hour, with twice as many businesses attacked than the year before.

Best Practices

  • Use a purpose-built solution. Deploy technologies designed specifically to block DDoS attacks. Don’t rely solely on firewalls, routers and switches. These traditional solutions can get bottlenecked during attacks and actually accelerate an outage.
  • Consider hybrid DDoS protection. Hybrids blend always-on equipment located on site with a cloud-based mitigation solution. Your local gear responds immediately, 24/7, while cloud defenses give you the bandwidth to block larger attacks.
  • Have a plan and practice. Whether you plan to mitigate in house, with your ISP or a third-party specialist, develop a mitigation plan and don’t let it gather dust. Know who is responsible for what during a DDoS emergency. Set clear lines of communication and specific attack responses. DDoS protection providers run drills ceaselessly. Your team should practice too on a regular basis.
  • Clearly understand the danger. DDoS attackers no longer stop at causing site outages. Increasingly, DDoS is a smokescreen for malware installation. The real target is your data. Even worse, one business recently shut its doors after an attack—when they refused to pay ransom, the attackers used stolen credentials to destroy most of the company’s data, machine configurations and offsite backups.


Reducing fraud on your website depends on your ability to verify transactions, quickly and at scale. When activity spikes in October- December, this takes on crucial importance.

Best Practices

  • Combine real-time consumer intelligence with IP geolocation. This one-two punch gives the extra assurance you need at year’s end. With accurate consumer data—Neustar’s verification services are a leading source—you can compare phone numbers, physical addresses and more to verify identity. IP geolocation lets you compare the expected location (physical address) with the device’s actual location. If you’re expecting Phoenix and see Lagos, the red flags might go up.
  • Set criteria for lower risks — and approve faster. When your consumer intelligence can verify multiple identifiers—phone, email, etc.—your fraud risk drops. For example: transactions where you can confirm name and phone; name and email address; or where there’s been outbound phone activity in last three months.
  • Send higher-risk transactions for manual review. Here, the scenario reverses: name and phone number aren’t verified or there’s an absence of recent outbound calls. Have experts investigate further.
  • Pay attention to less obvious fraud indicators. IP geolocation data yields more than just the “where.” A good solution will also tell you the top-and second-level domain addresses, time- zone information, connectivity speed and the presence of proxy servers—all useful in scoring fraud risk.

Download Full Document