Bot Protection

Protect Your Digital Storefront from Automated Bot Attacks this Holiday Shopping Season


As originally published in Digital Commerce 360

Digital Commerce 360 Report

Online traffic and revenue have reached new heights with many retailers seeing daily peaks throughout the year that surpassed previous Cyber Five levels. With those traffic spikes come more automated cyber attacks. Data shows that daily attacks are now at the same level as previous Cyber Five periods—the five days between Thanksgiving and Cyber Monday. Digital Commerce 360 spoke with Kim DeCarlis, chief marketing officer of PerimeterX, about how retailers should plan for elevated volumes throughout the year and be especially vigilant during the classic holiday period.

How will the 2021 holiday shopping season differ from 2020?

Retailers need to be prepared for large volumes of online shopping, possibly starting earlier than the classic Thanksgiving timing of recent years. Our data from 2020 showed a large spike in account takeover (ATO) attacks in October, suggesting that attackers are testing and tuning their tools and tactics earlier in the year to better prepare for peak attack season. This indicates that retail businesses must have their defenses in place and updated well before the actual Cyber Five shopping season.

In addition, retailers will need to continue to improve their omnichannel presence, supporting buy online, pickup in store (BOPIS) and understand that in-store mobile app usage is increasing, as people check inventory, price and product location while they shop.

Finally, as development teams seek to rapidly add new features to their websites before the holiday code freeze, they will need to ensure proper visibility and control over all third-party scripts so that they don’t become an entryway for digital skimming attacks.

What are some of the latest trends retailers should have on their radars?

A broader array of online merchants will likely face attacks as cybercriminals expand on what they learned last year and go after both new verticals and smaller businesses more frequently than before. Retailers must always be aware that Cyber Five attack planning starts earlier, and that all holidays experience an increase in payment fraud so the measures formerly deployed only for Cyber Five now must be deployed year round.

Gift card fraud is another area to pay special attention to. The pandemic increased the use of gift cards, attacks on which have grown more sophisticated. The botnets that deliver these automated attacks are highly distributed. They use multiple IP addresses, multiple traffic sources and fake many different devices. Gift cards don’t have the same level of protection as credit cards which makes them easier targets. Additionally, many merchants provide a separate page for gift card balance checking, a feature that is widely abused by card cracking bots.

What strategies should retailers implement to address trends and challenges?

Retailers that wish to reduce their risk and better secure their web applications should implement technology that secures digital businesses against automated fraud and client-side threats.

PerimeterX, for example, works with retailers to take the following steps:

  • Assess your risks and audit your exposure.
  • Consider building a system to log attacks.
  • Evaluate and consider technologies to proactively block attacks.
  • Identify product pages that are targeted and protect them from scraping bots.
  • Analyze impact of challenges on checkouts and abandonment.
  • Adopt modern solutions that leverage machine learning.

Automated attacks have no season—every holiday season is attack season. And daily attacks are higher than ever. Retailers should plan to have solutions in place that allow them to be vigilant year-round, as well as throughout the holiday shopping season.

Forrester Report

PerimeterX Named a Leader in the Forrester Wave™: Bot Management, Q2 2022

Download Report
© PerimeterX, Inc. All rights reserved.