Bots A Rising Threat To E-Commerce Cybersecurity
In the following, Kay Gore explores the impact of bots on the e-commerce landscape, the nature of malicious attacks, protecting your business against bad bots and more.
Around 80% of e-commerce businesses deal with issues related to malicious bots ‘often’ or ‘very often’, indicates Kount’s 2020 Bot Landscape & Impact Report.
This includes 80% stating they have experienced increased financial loss because of more sophisticated bot attacks.
Another report on malicious bots focusing on Australia alone, Kasada’s Bots Down Under – An Australian Market Threat Report, shows that 90% of the country’s credential abuse attacks occur from within Australia via local ISP networks.
The findings are a wakeup call to businesses to tighten security measures with respect to bots, since the vast majority of e-commerce organisations rely on bots for the success of their ventures.
The reports indicate that not only are bot attacks increasing in complexity and number; they are also more difficult to quell, and tight coordination between IT, cybersecurity and infrastructure is key, as is relying on trusted merchant services providers.
WHY DO E-COMMERCE BUSINESSES NEED GOOD BOTS?
Around 96% of businesses consider ‘good bots’ to be essential to online commerce.
Essentially, every time customers search for a company’s products or services, the results they receive on their search page are made possible thanks to search engine spider bots or crawler bots. A few of the most commonly used include GoogleBot and Bingbot.
These bots utilise sitemaps and databases of links discovered during previous crawls.
Whenever a bot encounters new links on a site (in this case, an e-commerce site), it adds the links to the list of visitable pages. Sites that are available to these bots have frequently updated indexes.
Since e-commerce companies change or add products and other links so often, they need to be crawled frequently in order to ensure their SEO is optimal.
HOW CAN MALICIOUS BOTS IMPACT BUSINESS?
Malicious bots can target any point of the customer journey, with most occurring at the account creation stage and the account login stage.
Some 40% of all attacks, however, occur at the checkout or payment stage, and around 29% occur post-payment. Bot attacks can even occur at the customer service and returns stage.
Their aims vary widely, and include credential stuffing, automated credit card testing to identify usable stolen credit cards, and social bots designed to annoy users.
The attacks can take hours to detect, and ending them is costly, with around 25% of companies reporting that a single attack has cost their business around US $500,000.
Bots can do everything from crashing a website to freezing order fulfilment. It is therefore an area that should be given high priority at every stage of the game.
PROTECTING A BUSINESS AGAINST BAD BOTS
Businesses that accept credit card payments take many steps to ensure they avoid merchant account scams and fraud.
Most merchant account scams are centred on hidden conditions and exorbitant fees, but in so far as cybersecurity is concerned, backdoor merchant services scams (in which malicious bots access sensitive information as it passes through gateways) is the main issue.
Businesses contracting merchant services provider services should ensure the company they select offers security that is compliant with payment card industry standards, as well as enhanced encryption technologies.
They should also offer 24-hour fraud and chargeback prevention. Choosing the right merchant is just one component of a complex strategy that should also include the use of applications and technologies created to identify and destroy malicious bots.
These include web access firewalls and content delivery networks. Despite their use, e-commerce organisations can still be under threat from attacks, since current technologies can find it difficult to distinguish between useful and malicious bots.
RELYING ON A MULTI-FACETED TEAM
The Kount report found that when a malicious bot attack takes place, around 80% of organisations rely on IT teams, followed by cybersecurity, fraud teams, the Web, financial services, operations, and customer service.
Organisations should discuss the use of identity trust data networks and AI and machine learning technologies so that bots can be identified and categorised at key access points touched during the customer journey.
AI can analyse billions of potential risks in real time, giving companies key information about the type of attacks being attempted and the stages of the customer journey that are most at risk.
Malicious bots attacks are increasing not only in number, but in severity across the globe.
With just one attack having the ability to steal hundreds of thousands of dollars in revenue, bot attacks are a serious threat that require due investment in cybersecurity strategies.
Companies should discuss new applications and technologies, including AI, to separate good from bad bots in real time, to learn more about any possible vulnerabilities in their systems.
View more published content from Kay here.
For more TOTT News, follow us for exclusive content:
Facebook — Facebook.com/TOTTNews
YouTube — YouTube.com/TOTTNews
Instagram — Instagram.com/TOTTNews
Twitter — Twitter.com/EthanTOTT