Bots: An E-tailer’s Greatest Friend, or Greatest Foe?
By Tony Klor
When consumers purchase goods online, they rarely think about what is going on behind the scenes on the retailer’s site. If they found out how much of the transaction process was automated through the use of bots, they would likely be very surprised.
Bots are essentially the worker bees of the online world. They are programmed to run automated tasks at a much faster rate than humans and play a huge role in the efficient and seamless running of web applications.
In the last few years, bots have transformed the online shopping experience, with many e-commerce sites turning to bots to take on jobs that were traditionally carried out by humans. For instance, many e-tailers have deployed chatbots to help with customer service.
These bots can be used to answer customer questions, help with order tracking inquiries, and work 24/7/365 meaning they never take PTO or sick leave. Bots are also used as part of promotions and sales, to interact with customers, provide shopping advice and help consumers locate products online.
However, just like most things online, not all bots are friendly. Unfortunately for retailers, some bots are just plain malicious and have been programmed to damage the customers’ shopping experience and carry out cyberattacks.
The Rise of Malicious Retail Bots
Malicious bots have had a major impact on online retailers over the last few years and this has been significantly heightened following a mass shift toward online shopping. It is estimated that retail ecommerce sales amounted to approximately 4.9 trillion dollars worldwide in 2021; which has made the industry a prime target for cyberattacks and automated fraud.
These malicious bot creators and operators can include cybercriminals, fraudsters, scrapers, scalpers, and even a company's competitors. It all depends on the type of attack and the target. There are a variety of ways criminals will use malicious bots to target e-commerce sites. The top three most frequently faced include:
1. Scalping Attacks
Scalping attacks have received a lot of publicity recently as they were behind a number of scams where criminals deployed them to get their hands on limited merchandise,including the PS5 and Xbox Series X. In scalping attacks, cybercriminals unleash automated scalping bots to buy sought-after products, such as limited edition sneakers, technology, designer clothing, and handbags.
Scammers set up fake accounts that browse product pages and execute checkouts to increase their chances of success. Once they have secured the products they are after, they will generally sell them for a much higher price on another online marketplace. These bots can significantly impact the customer shopping experience, as it makes it difficult for them to get their hands on coveted goods. This also means customers are more likely to boycott a brand over an inability to get their hands on a desired product at a reasonable price and could end-up favoring competitors or giving the brand negative publicity online.
2. Denial of Inventory Attacks
In denial of inventory attacks, bad actors use malicious hoarder bots to add an item to a shopping cart thousands of times with the primary goal of putting it out of stock, so it can’t be purchased by others. By hoarding a high-demand product, bots keep it out of stock, annoying customers, taxing a retailer’s infrastructure, and reducing conversions and revenue.
3. Account Takeover (ATO) Attacks
Account takeover attacks occur when criminals deploy bots to guess user credentials and access their online accounts. Criminals know that60% of consumers reuse passwords so they understand that when they have one valid set of credentials, it will give them access to a whole host of sites. Once they have access to accounts, they can purchase goods, cash in loyalty points, sell the credentials, or even take out credit. All of this can cause serious harm to customers andcan cost retailers millions of dollars in damages.
Criminals will use bots to automate the process of ATOs to scale their efforts and guarantee a greater return on investment; however, this does cause traffic spikes on websites which can be tracked by retailers if they have monitoring technology in place.
Protecting Against Malicious Bots
Given the challenges of malicious bots, it is paramount that retailers disrupt the web attack lifecycle, which is the cyclical and continuous nature of cyberattacks involving the theft, validation and fraudulent use of identity and account information. They can do this by employing a multi-layer defense-in-depth solution that helps protect users’ account and identity information everywhere along their digital journey.
This includes tools that recognize the behavioral patterns of bots based on a collection of data points, including the different ways they interact with the website, along with environmental data, traffic volume, and device fingerprints.
So, are bots the greatest friend or foe for retailers? In reality, it all depends on the context in which they are used. Legitimate bots are making huge improvements to the online shopping experience; however, malicious bots are a real threat to retailers and can cost millions of dollars in damages.
With this in mind, retailers must prioritize their mitigation efforts against malicious bots to fight back against them before they cause any serious harm to their business or customers.
— Tony Klor, Product Marketing Manager, PerimeterX