Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

promote webinar 600x108 2

Friday, 02 September 2022 10:42

How a major electronics retailer ended the bot menace on its portal

By Siddharth Deb, Radware

GUEST OPINION: It's May 2020 and a large electronic goods retailer realises its bot problem is going from bad to worse.

In a single week, its online store is hit with eight million bot visits to systematically scrape pricing and product information without authorisation, not to mention 53,000 customer account takeover attempts, 136,000 denial of inventory attacks, and 234,000 attempts to conduct affiliate link fraud.

Even without these malicious activities, bot traffic is tying up valuable resources in ways guaranteed to hurt the bottom line.

For a firm operating 300 retail stores that attract ten million shoppers a year to its website, this level of bot traffic is unsustainable. It's risking not only lost sales and rising costs but also damage to a brand image built with huge effort over many years.

Bad bots affect retailers in a range of sinister ways:

• Account takeover (ATO) fraud – Criminals breaking into a customer's account to carry out a range of frauds, including identity theft, stealing loyalty points, or making fraudulent transactions.

This often happens because of credential stuffing, which exploits the fact that many customers reuse the same username and password across multiple accounts. When those reused credentials are leaked or breached and then sold on the dark web, users' accounts are vulnerable to ATO.

• Denial of inventory – Filling baskets with products without paying for them. This ties up inventory, artificially reducing product availability while damaging the retailer's sales.

• Affiliate fraud – Earning rewards from a site by generating large amounts of junk traffic. Retailers end up paying for nothing.

• Wasting resources – Dealing with bot traffic makes it difficult for marketing teams to get accurate KPI data to plan for growth.

• Carding attacks – Using retail websites to 'test' stolen credit and debit card data. Retailers are often left with the cost of reimbursement ­— and a poor merchant reputation.

• Scalping – Using automated programs to grab desirable inventory before real customers can. The goods are then resold at inflated prices on the secondary market.

• Web scraping – Stealing pricing and other proprietary data for rivals or other malicious purposes. A variation on this is scraper bots that steal other website content, including reviews and product descriptions.

Oddly, the last two bot activities are not illegal in many countries. However, this doesn't mean that the retailer should tolerate them. For example, scalping can hurt the reputation of a retailer with genuine customers.

Bots can be hard to see until trouble strikes. Bad bots plague today's retailers all year round, but the extent of the problem often becomes even more magnified at peak times such as holiday seasons when traffic naturally spikes.

For example, during Thanksgiving 2021, a group of six prominent e-commerce websites protected by my company's bot manager were flooded with bot traffic. Traffic volume ranged from more than four million bots per day to well over nine million bots per day during the week prior to the holiday.

To a retailer without bot protection for its website or apps, these numbers represent potential attacks that can wreak havoc on the user experience. Some retailers may experience website slowdowns that frustrate shoppers. Others may see a drain on the inventory of highly sought-after products that are snatched up by scalpers for resale rather than loyal customers.

Still others will field complaints on their support line about cashed-out gift cards and loyalty points. Not only does the customer experience suffer, but ultimately brands are damaged, and revenue is lost.

So, how did the bot battle end for the large electronics retailer mentioned earlier?

The retailer knew something was wrong, but what? How big was this problem? In search of a solution, the company made the decision to trial a leading web application firewall (WAF) and application protection solution.

The security vendor's analysts discovered that more than 50% of all visitors to the retail site were in fact bots. This was an unsustainable situation that if left unchecked could lead to the adverse consequences mentioned above and invite even more damaging bot attacks.

To further evaluate the situation, the retailer initiated a proof of concept (POC) trial with my company's bot manager, using our NGINX connector to integrate with its website. After analysing visitor traffic for a week, the bot manager went into 'active mode' and began to block over two million bad bots every day thereafter.

Suspected bots were shown a captcha to solve to enter the website. Only 0.25% of these challenges were solved, which meant that almost all bots were blocked, and genuine visitors were not shown a captcha while visiting the website.

Captcha challenges, of course, are only an initial step in an overall bot detection process that is powered by a patented intent-based deep behaviour analysis technology. This technology offers unmatched accuracy in detecting sophisticated bots that emulate human behaviour as they traverse a website or application.

Soon after our successful engagement with this retailer, my company learned that earlier they had also conducted a POC with a global provider of CDN and bot mitigation services, which fell short in two major areas when compared to our results:

• The competing solution detected approximately 20% fewer bad bots than we did. Considering we detected and blocked two million bots daily, this would theoretically mean 400,000 bad bots carried out attacks every day.

• The competing CDN-bundled bot mitigation solution required all website traffic to be rerouted through its servers for bot detection, which was an unacceptable proposition for this retailer (and any organisation serious about data privacy and protection).

In the end, the result was clear — a leading bot protection solution had proved itself more effective under real world conditions. Click here to calculate how much bad bots are costing your business.

Read 1301 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.


Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments