Defending eCommerce from Bots… Without Dissing Your Customers

Dr. Eduardo Rocha Senior Solutions Engineer & Security Analyst @ GlobalDots
4 Min read

The real big winners of eCommerce surge

2020 saw the largest year-over-year growth in eCommerce sales. Throughout this growth, fraudsters continued to develop sophisticated attacks to fill their pockets. One of the most devastating attack types is automated fraud: bots that mimic the actions of a real customer so they can bypass fraud prevention tools. These bots use fake identities to gain access into an eCommerce site allowing it to initiate fraudulent transactions like chargebacks, account takeovers, or gift card skimming.

This caused malicious bot traffic on retailer sites to skyrocket: While in 2020, human-initiated attacks decreased (-6%). bot attack volume has risen +13%. Nowadays, it’s not uncommon to see malicious bots comprising 99% of an eCommerce site’s traffic.

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

So, what can be done to protect your store from online fraudsters while still maintaining an exceptional user experience for your real customers?

How Does Automated Online Fraud Occur?

Automated online fraud occurs at every step of the buying process. Upon entering a site, automated online fraud can begin through price scraping, stealing your content, or blocking inventory. Account creation is also susceptible to fake accounts associated with abuse of incentive programs.

Your login page is typically the most susceptible page to automated online fraud through credential stuffing and account theft. Once an account is stolen, the fraudster can utilize the stolen account’s loyalty points. Alternatively, automated online fraud can occur in the shape of gift card cracking where an online bot inputs random characters for redeeming gift cards. Even the checkout page is susceptible to scalping credit card information.

Business Implications of Automated Online Fraud

Each fraudulent transaction ends up costing the eCommerce business money in one way or another.

For example, most website hosting providers offer a set number of visitors or data in each plan, so an artificial increase in these numbers caused by malicious bots can force a business to upgrade its web hosting servers. Given that malicious bots can comprise up to 99% of an eCommerce site’s traffic, a site may need a hosting plan that’s x100 more than the volume of legitimate traffic. Now, just imagine how bot traffic may inflate your cloud and CDN costs.  

On top of directly costing online retailers money, automated online fraud also results in a loss of existing and potential revenue. The security features you implement in order to prevent automated online fraud also impact your customers. These security features create a longer checkout process resulting in cart abandonment and churn. Overall, this worsens the customer experience, which is the reason 61% of consumers decide to switch to a competitor.

Fighting Automated Online Fraud with a Holistic Anti-Bot Solution

The standard defense approach using static rules is simply not enough to stop the vast majority of automated online fraud. These static rules typically look at the number of times a user has attempted to log in or set a point scoring system based on different actions to detect bots.

However, modern-day bots utilize a number of different technologies, such as VPNs, to completely avoid these common approaches to defending against automated online fraud. Even Captchas are not effective as nowadays bots have a higher rate of solving Captchas than humans do, as captchas can also cause difficulties for real customers.

So, what’s the alternative?

Modern anti-bot solutions provide a separate “experience” for real users and bots to completely avoid these potential drawbacks and stop automated online fraud in its tracks. Essentially, these solutions provide one “experience” for unknown users with strong security controls and a separate “experience” for legitimate users that removes these security controls. This allows you to provide your real customers with an excellent user experience without compromising your security against automated online fraud.

To determine whether a user is a real customer or a bad actor, a holistic anti-bot solution uses a type of funnel that gradually determines if a user is legitimate. It starts with detecting and removing known synthetic traffic based on a variety of parameters. Then, the users who pass the synthetic traffic check go through a different set of security measures to determine the likelihood of them committing fraudulent behavior. Finally, the user proves their identity confirming that they are who they say they are. All of these steps need to be an automated, scalable, and quick-learning process in order to remain up-to-date with modern fraud tactics.

Once a user passes these measures, they can access a different online experience without security controls for an optimal customer experience. This often results in improved conversion rates, easily translated to 1-2% revenue increase.


When implemented effectively, advanced anti-bot and anti-fraud solutions can simultaneously enhance an organization’s security, increase profitability, and improve its reputation. An anti-fraud solution that is implemented correctly should not even need any ongoing maintenance and support as it becomes a fully automated system. Managed options also exist, and they may fit very large or quickly-growing eCommerce retailers, to cater for both the dimensions of potential risk and the evolving behavioral data.

In today’s highly competitive eCommerce landscape, an up-to-date and scalable anti-fraud solution is essential. But, it takes a professional technology partner such as GlobalDots to thrive in a world filled with online fraud. At GlobalDots, our engineers consult and implement the most accurate solution and configurations for your business, which also result in the highest possible ROI. 

Want to learn more about defending eCommerce sites from next-gen identity fraud? Check out the full webinar conducted by GlobalDots and anti-fraud innovator Shape Security.

Ready to take the next steps towards beating online fraud?

Contact us to set up a call with our solutions engineers.

Latest Articles

Announcing New Anti-Fraud Tool to Detect, Categorize and Bust Fraudulent Activity

Online fraud is destroying customer trust and corroding revenue. Data from the Federal Trade Commission show the full extent of today’s problem: fraud losses in the US rose to $5.9 billion in 2021, an increase of 436% from 2017. Further research conducted by PWC shows that it’s not just individuals being duped by these global […]

Dr. Eduardo Rocha Senior Solutions Engineer & Security Analyst @ GlobalDots
30th March, 2023
The New Ways Cyber Criminals are Attacking Travel Companies

Cyber breaches seem to make headlines every day, with Uber, InterContinental Hotels Group and Marriott International among the major travel brands to have recently fallen victim to attackers. Whether it’s a multinational corporation or a small startup, no travel company is immune to the threat of cybercriminals and fraudsters. Travel and leisure is one of […]

Nesh (Steven Puddephatt) Senior Solutions Engineer @ GlobalDots
19th October, 2022
The Horrendous Impact of DDoS Attacks on Enterprise Organizations

Distributed Denial of Service (DDoS) is usually performed by bombarding the targeted computer or resource with unnecessary requests to overload systems and prevent some or all legitimate requests from being completed. However, there is some good news: you can definitely mitigate the risk. Learn more here: How One AI-Driven Media Platform Cut EBS Costs for […]

Dr. Eduardo Rocha Senior Solutions Engineer & Security Analyst @ GlobalDots
14th June, 2022
How to Defeat Bad Bots in 2022 (and Why It’s Still So Hard)

Introduction  Bots today outnumber human users in eCommerce sites: From 15% in 2017, to 30% in 2019, to 64% in 2021. Some extreme cases we’ve witnessed peaked in 90-99.8% bot traffic. But perhaps the more concerning bit is the traffic share of bad bots: an approximate 39% of all internet traffic in 2021.   Hackers are […]

Dr. Eduardo Rocha Senior Solutions Engineer & Security Analyst @ GlobalDots
9th January, 2022

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

Unlock Your Cloud Potential