Defending eCommerce from Bots… Without Dissing Your Customers
The real big winners of eCommerce surge
2020 saw the largest year-over-year growth in eCommerce sales. Throughout this growth, fraudsters continued to develop sophisticated attacks to fill their pockets. One of the most devastating attack types is automated fraud: bots that mimic the actions of a real customer so they can bypass fraud prevention tools. These bots use fake identities to gain access into an eCommerce site allowing it to initiate fraudulent transactions like chargebacks, account takeovers, or gift card skimming.
This caused malicious bot traffic on retailer sites to skyrocket: While in 2020, human-initiated attacks decreased (-6%). bot attack volume has risen +13%. Nowadays, it’s not uncommon to see malicious bots comprising 99% of an eCommerce site’s traffic.
So, what can be done to protect your store from online fraudsters while still maintaining an exceptional user experience for your real customers?
How Does Automated Online Fraud Occur?
Automated online fraud occurs at every step of the buying process. Upon entering a site, automated online fraud can begin through price scraping, stealing your content, or blocking inventory. Account creation is also susceptible to fake accounts associated with abuse of incentive programs.
Your login page is typically the most susceptible page to automated online fraud through credential stuffing and account theft. Once an account is stolen, the fraudster can utilize the stolen account’s loyalty points. Alternatively, automated online fraud can occur in the shape of gift card cracking where an online bot inputs random characters for redeeming gift cards. Even the checkout page is susceptible to scalping credit card information.
Business Implications of Automated Online Fraud
Each fraudulent transaction ends up costing the eCommerce business money in one way or another.
For example, most website hosting providers offer a set number of visitors or data in each plan, so an artificial increase in these numbers caused by malicious bots can force a business to upgrade its web hosting servers. Given that malicious bots can comprise up to 99% of an eCommerce site’s traffic, a site may need a hosting plan that’s x100 more than the volume of legitimate traffic. Now, just imagine how bot traffic may inflate your cloud and CDN costs.
On top of directly costing online retailers money, automated online fraud also results in a loss of existing and potential revenue. The security features you implement in order to prevent automated online fraud also impact your customers. These security features create a longer checkout process resulting in cart abandonment and churn. Overall, this worsens the customer experience, which is the reason 61% of consumers decide to switch to a competitor.
Fighting Automated Online Fraud with a Holistic Anti-Bot Solution
The standard defense approach using static rules is simply not enough to stop the vast majority of automated online fraud. These static rules typically look at the number of times a user has attempted to log in or set a point scoring system based on different actions to detect bots.
However, modern-day bots utilize a number of different technologies, such as VPNs, to completely avoid these common approaches to defending against automated online fraud. Even Captchas are not effective as nowadays bots have a higher rate of solving Captchas than humans do, as captchas can also cause difficulties for real customers.
So, what’s the alternative?
Modern anti-bot solutions provide a separate “experience” for real users and bots to completely avoid these potential drawbacks and stop automated online fraud in its tracks. Essentially, these solutions provide one “experience” for unknown users with strong security controls and a separate “experience” for legitimate users that removes these security controls. This allows you to provide your real customers with an excellent user experience without compromising your security against automated online fraud.
To determine whether a user is a real customer or a bad actor, a holistic anti-bot solution uses a type of funnel that gradually determines if a user is legitimate. It starts with detecting and removing known synthetic traffic based on a variety of parameters. Then, the users who pass the synthetic traffic check go through a different set of security measures to determine the likelihood of them committing fraudulent behavior. Finally, the user proves their identity confirming that they are who they say they are. All of these steps need to be an automated, scalable, and quick-learning process in order to remain up-to-date with modern fraud tactics.
Once a user passes these measures, they can access a different online experience without security controls for an optimal customer experience. This often results in improved conversion rates, easily translated to 1-2% revenue increase.
When implemented effectively, advanced anti-bot and anti-fraud solutions can simultaneously enhance an organization’s security, increase profitability, and improve its reputation. An anti-fraud solution that is implemented correctly should not even need any ongoing maintenance and support as it becomes a fully automated system. Managed options also exist, and they may fit very large or quickly-growing eCommerce retailers, to cater for both the dimensions of potential risk and the evolving behavioral data.
In today’s highly competitive eCommerce landscape, an up-to-date and scalable anti-fraud solution is essential. But, it takes a professional technology partner such as GlobalDots to thrive in a world filled with online fraud. At GlobalDots, our engineers consult and implement the most accurate solution and configurations for your business, which also result in the highest possible ROI.
Want to learn more about defending eCommerce sites from next-gen identity fraud? Check out the full webinar conducted by GlobalDots and anti-fraud innovator Shape Security.
Ready to take the next steps towards beating online fraud?
Contact us to set up a call with our solutions engineers.