State of E-commerce in India

| Comments

So, since moving back to India 4 months ago, we’ve trying to buy stuff off the internet, like we did back in Seattle (oh Amazon), from diapers to audio CDs (whaaaat? I know). While the world is much much better compared to 2006, there are still some Idiocracies in the UX and process. There are the big players (FlipKart, infibeam and the like) where (from the 4 months experience) you’d find what you are looking almost 6-7 times out of 10. The long-tail of e-commerce in India is the real deal though – the tail is really really long. I use to find the long time and almost always (9+ out of 10) the things I am looking for are found somewhere. Funny thing is that you’ll never find two things you need in one site. Over these 4 months, I don’t think any of these sites have come up more than once in my search.

To highlight some of the other differences:

To summarize, for the most part, it’s all good. You can find 9/10 things online and of that you can get 9/10 items delivered at your doorstep within a reasonable amount of time and pay after you get/inspect it. But that’s not why I started writing this piece today…

A uniquely horrible experience at

What I wanted to do today was share a very bad experience on one of these small player’s sites today. Remember the band called Silk Route? Heard them on radio and remembered how awesome their music was. Unfortunately the album’s not on spotify or in Amazon/MP3. So I looked up FlipKart (out of stock) and Junglee. That’s where I found – and they had it in stock! So I went through the registration process and signed up for an account.

Now, I use the most excellent 1Password for creating random passwords for every site and to manage signing-in/out. Did the same on ezmaal too – and it was all fine and dandy and got an account created. Now, just before checking out I wanted to see if the login/logout was working (you never know with small sites). So I opened up the site in an incognito window and tried loggin in. Here’s the screenshot of what I got back: [![ezmaal login failure][11]][11] click to see larger image

  1. They throw a really garbage un-customized error in the customer’s face. It means nothing to me!
  2. They are trying to validate my password for script-injection. I don’t think they are actively doing this, but it’s probably part of and they have not tested and not coded to handle login failures. Really really bad if the login on your site throws up gibberish.
  3. Password displayed on screen: The worst part is that they print my password three times on the screen, verbatim. Thank God I use 1Password and have a random (and more importantly, different) password on every site. But like most customer’s if I had a one-password-for-all and used that in here, it’s as good as being leaked. If nowhere else, this will be on their server-logs. An employee only need to grep for Password\= in the logs. On top of this, with this kind of an experience, I have no faith that they salt/hash the passwords. I am more willing to believe that they keep it all in cleartext in a SQLServer database.

I have seen bad e-commerce sites before, but will I shop at a place which does not care about my online security? No way in hell (yeah, I did not complete that order)!