During the Thanksgiving, Black Friday and Cyber Monday holiday shopping period, U.S. online retail sales hit $28.49 billion, up 17.7% from $24.21 billion the same holiday period last year, per Adobe Analytics. Cyber Monday alone topped $9.4 billion in sales! During that period, PerimeterX found that 94% of total login attempts on the top e-commerce sites were malicious and blocked them, dramatically reducing the load and risk from our customers’ infrastructure. This enabled our customers to realize blockbuster online revenue surpassing $5 billion for the five-day period. With visits from smartphones growing 19% year-over-year and accounting for 54% of traffic to retail websites, it was critical for our customers to have a superior bot mitigation solution protecting both web and mobile applications.
Fraud-related direct-losses stemming from account takeover (ATO) and carding range in the billions of dollars. However, the total financial impact from the threat of these attacks is not easy to estimate. One impact of automated attacks on e-commerce websites that site owners routinely miscalculate is site downtime resulting from such attacks. Lost online sales during the five-day period are impossible to recuperate. Even if just 1% of the total revenue protected by PerimeterX during the holiday weekend were to be lost due to degraded site performance, it would exceed $50 million in lost revenue!
During the holiday season, retailers also regularly release limited availability products that drive a high amount of scalping bot (aka grinch bot) checkout activity. Overall we’ve seen increased activity of these bots in the month of November leading to Black Friday, where on some days 67% of requests in the checkout flow were malicious. During the 5-day period of the holiday weekend, we detected and blocked up to 96% of requests on checkout around specific sales events. Timely detection and prevention of these attacks helped protect revenue and brand loyalty.
As expected, scraping and carding attacks spiked before the holiday season and remained steady during the busiest buying weekend. Scraping thousands of deals from various competitors and dynamically updating online deals is a herculean task for website owners. The scraping attacks during this year’s holiday weekend accounted for 20% of the total traffic on the product pages. Stolen cards had to be verified prior to this weekend and the attack data reflects that trend, with no significant change in the volume or the sophistication of carding attacks. During this weekend, attackers typically reap the fruit of their efforts, using the stolen cards they have collected leading up to the holiday.
Detecting and stopping automated attacks as early as possible is the key to positive user experience and maximizing online revenue. Superior application security shouldn’t come at the expense of user interruption. By continuously evaluating risks to one’s web application infrastructure, retailers can avoid incurring millions of dollars in losses and safeguard their brand during the time of year when it matters most.