The busiest time for online retailers is almost upon us—the holiday season. Each business is looking at ways to take advantage of cyber week when a significant portion of annual sales are made. At this time, preparation is well underway for Black Friday and Cyber Monday promotions. But another group is also preparing to exploit ecommerce websites—bad bots.
This bot problem has become so bad that last year, the US Congress proposed legislation called the Stopping Grinchbots Act of 2018.
To examine this topic, Imperva recently released a new threat research report titled, “How Bots Affect E-commerce.” This is the first industry-specific report into e-commerce bots. In it, we analyzed 16.4 billion requests from 231 domains internationally, finding that 30.8 percent of website and mobile app traffic was bots.
Who Launches E-commerce Bots?
E-commerce bots are deployed by four main groups:
- Competitors that scrape content and prices to gather market intelligence.
- Resellers that launch Grinchbots and Sneakerbots to hoard popular or limited edition items and offer them at premium prices on secondary markets.
- Investment companies that launch scraping bots to gather information on the health of the business.
- And the most nefarious of these groups, criminals that use bots to takeover customer accounts, steal loyalty points, commit gift card and credit card fraud.
Bots Affect Conversion Rates and Website Performance
Some e-commerce domains see over 90 percent of their traffic coming from bots. These bots perform constant scraping of product and pricing information that skew online retail analytics. Bots pollute key metrics such as the conversion rate and lifetime value of a customer. In addition, the volume of bots, particularly during peak times like Black Friday, adversely affect website performance that can lead to cart abandonment and lost revenue if the website becomes unavailable.
How Criminals Attack Gift Cards and Loyalty Programs
Bots can be deployed to check for gift card numbers that contain a balance by using the gift card balance checking features on a website. Any balances that are identified can be used by criminals to fraudulently purchase goods. Criminals also use automation techniques to attack loyalty programs using bots. Because of the ‘currency’ held within loyalty programs, gaining access to these accounts is potentially lucrative. Bots are used by criminals to launch brute-force credential stuffing and credential cracking attacks to take over accounts. Once a loyalty bot is inside an account, the criminal can commit fraud. The customer relationship with the victim can be irrevocably damaged by their loss of loyalty points and confidence in the security of the website.
To understand more about how bots affect e-commerce, download the report.