Bots can carry out high-volume, automated attacks to your site with malicious intent. Here at YOTTAA where we specialize in e-commerce site performance, one of the things that we see given our visibility into site traffic on over 1,500 e-commerce sites, is that 40% of internet traffic is bots — and sometimes even more per site. Bots create a drain in resources and skew site data, but can also be very harmful by stealing site information, products, and shopper data, among other things.
We partner with PerimeterX to take on e-commerce bot threats because of their advanced threat detection capabilities, along with our ability to quickly add their technology to our customers’ sites. In this post, we’ll discuss the dangers of bot attacks, and what your brand can do to protect your site performance, your revenue, and your shopper data.
Bot Threats: What Are They?
Bots have a wide range of offenses they commit on e-commerce sites; some can be more of an annoyance while others can cause financial harm to shoppers and brands. Here are a few examples of bot threats:
Account abuse is when bots hijack user accounts or break into a site’s login page to steal shopper credentials. The goal is to commit fraud or place orders using the stolen account information.
Having a limited edition product release? A hoarding attack is when bots lock up products in carts, artificially depleting availability, frustrating customers and reducing sales. Bots can also grab all of the products and attempt to resell them at a profit.
Your site’s data is not safe. Bots constantly scrape your prices, product reviews, and inventory data for competitive-enabling intelligence.
In carding attacks (also known as carding fraud), cybercriminals use bots to test lists of recently stolen credit card and debit card details on merchant sites. They obtain the stolen credit card data from other cybercriminals on the dark web and usually test it with small-value purchases to avoid detection. This can also apply to e-gift cards, which have pin codes that are simpler to crack and have less stringent verification steps. Bots know this, and try number-pin code combinations until they gain access. They can make purchases or convert these cards into cash.
Understanding your site performance and business outcomes is vital to any e-commerce brand. Unfortunately, bots make that a lot harder. Bot traffic inflates your data which skews your analytics, decreasing conversion rates and misleading business intelligence.
Proactively Fighting Bot Attacks
Across our customer base, some of the more concerning bot threats that we’ve been able to identify are login attacks, gift card attacks, and credit card authorization attempts. Common indicators of these types of attacks are huge spikes in traffic, potentially fraudulent orders being placed, and excessive credit card or gift card validations which can increase processing costs and also slow down the handling of transactions. In order to mitigate these risks, we strongly recommend bot protection.
For example, if a site is experiencing excessive traffic originating from distributed IPs and routed to data sensitive pages (i.e. login pages or account pages), that needs immediate attention. The challenge is that these attacks are coming from lots of different places, not just one IP address that could be easily blocked.
Bot attacks are sophisticated, and it's important to have a layer of security to detect and mitigate them on the fly. When the attack is very basic, coming from a specific country or IP, a web application firewall (WAF) is easily able to handle that scenario. But when the attack is distributed, and coming from lots of IPs, that's where behavioral analytics really come into play. Behavioral analytics allows brands to truly understand traffic user patterns and be able to determine which traffic is malicious or normal.
Correcting Skewed Analytics
Once you have mitigated the attacks by cleaning up your data and reducing the malicious traffic, metrics and KPIs also become much clearer. Deploying PerimeterX Bot Defender across our customers has enabled the ability to clean up disjointed metrics.
It’s common for sites to see disjointed analytics caused by heavy bot attacks infiltrating a website. For example, popular domains may experience an increase in traffic, but conversion rates won’t correspond to the increase. The KPIs are skewed and the analysis is therefore unreliable for making decisions to help drive revenue for online business.
Bots can skew many KPIs and metrics, including user tracking and engagement, session duration, bounce rates, ad clicks, look-to-book ratios, campaign data, and conversion rates. In this scenario, brands are unable to progress with making important changes to their website due to inaccurate data.
YOTTAA and PerimeterX joint customers can confidently address their escalating bot problems. Using behavioral fingerprinting and machine learning to develop a real-time profile of each visitor, PerimeterX can accurately differentiate bot-generated traffic from real human traffic. By combining YOTTAA’s traffic and performance insights with PerimeterX technology, manual bot mitigation or intervention is no longer necessary for brands.
Detecting and Defending Against Bots
With an easy-to-use solution like Bot Defender, brands can rely on machine learning, behavioral analytics, and automated alerting to mitigate the threats from bot attacks. Bot Defender learns and continually adapts to all the different kinds of bot threats that are out there with very little human interference. Bot Defender has the amazing ability to detect bad traffic without any human intervention, and has very low false positive rates (e.g., when a real end user is trying to buy a product and they get served a bot challenge — reCAPTCHA — page).
YOTTAA and PerimeterX make a great team, not only because of what they can do for our customers, but because they hold the same values that we do in terms of customer service, analyzing data, machine learning, and visibility into traffic.
A huge component to our partnership with PerimeterX is that they, like us, are extremely responsive and focused on the customer. Because we are both so data focused, we are in constant contact with PerimeterX, flagging and remediating any traffic issues we spot. Together we make a great team, ensuring e-commerce brands are able to serve up the best online experience possible, protecting their shopper information, and enabling them with the right data for the best business outcomes.
The PerimeterX solution is very easy to implement. Based on the integration YOTTAA has built for PerimeterX, brands can turn this solution on within a matter of minutes to start learning and detecting bad traffic on your site. Please contact us to learn more about how easy it is to try out, and see how you can halt the bad bot traffic on your site.