Our first benchmark report uncovers hidden trends and provides unique insights into automated fraud gleaned from billions of anonymized online interactions by real users and bots across hundreds of the world’s largest shopping sites.
The COVID-19 crisis pushed businesses’ global digital transformation priorities into overdrive. Online traffic spiked. Fear of the pandemic drove entire business sectors from mostly offline to mostly online. Grocery shopping, for example, was a niche pursuit prior to the pandemic. The number of consumers buying groceries online doubled during the pandemic to 52% of all shoppers. From Instacart to Amazon to WalMart, we live in a digital world where shoppers prefer to use a company’s website or web app to discover and shop for products and to interact with brands.
At PerimeterX, we have had a front-row seat at this inevitable transformation of the global economy. Our platform is trusted with blocking automated fraud against hundreds of the world’s leading websites. The crucial first step in that process is to identify the nature of the traffic attempting to access these websites and web apps. Traffic and attack trends are what actually drive the intelligence of our machine learning systems, and with more and more exposure they improve over time.
We wanted to share our insights with the world and are introducing the first PerimeterX Automated Fraud Benchmark Report: 2020 E-commerce Edition. This report examines the latest trends in automated fraud witnessed by our research team. The findings are extracted from anonymous data captured from billions of live online interactions by millions of consumers and hundreds of millions of malicious and non-malicious bots across the world’s largest websites, web apps, mobile apps and application programming interfaces (APIs). Data in this report was collected during 2020; we anticipate using it as a basis for comparison in future years, building a detailed dataset of automated fraud behavior.
Some of the key findings of the report include:
- The COVID-19 pandemic correlated with major spikes in malicious activity across the board. This was particularly marked for account takeover (ATO) attempts, checkout attacks and scraping attacks.
- The increases in ATO attempts likely came from an expansion of high volume and focused attacks against a broader range of target verticals; sectors that received more attacks than in the past included home goods, e-learning and exercise equipment.
- The triple-digit spikes in malicious checkout activity in April 2020 was likely strongly correlated to a rush by criminals to capitalize on shortages and to arbitrage hard-to-buy goods for greater profits driven by supply chain disruptions and shifts in demand to new product categories.
- The big spike in malicious scraping was likely another manifestation of this opportunistic push to make money off chaotic environments caused by COVID-19. The percentage of blocked malicious traffic peaked at 38.2% in March 2020.
For businesses, the impacts of trends identified in the report are wide ranging.
- A wider array of online merchants faced attacks and suffered fraud losses due to attacks as criminals expanded both into new verticals and began to attack smaller businesses with greater frequency.
- The continued emergence of specialization — selling lists, renting botnets, offering attack technology-as-a-service — and marketplace dynamics in advanced fraud has led to greater efficiency and a lower bar for attackers. This likely means businesses will face faster-evolving and more efficient automated attack dynamics going forward.
- The earlier start of pre-Cyber 5 attacks and the carding attacks occurring at every holiday demonstrated that seasonality of attacks is going away. A new normal of constant attacks means that many measures formerly put in place only for Cyber 5 — the traditional Black Friday through Cyber Monday shopping timeframe — now must be deployed year round.
This is the beginning of an expansion of original research that we want to share with the world to benefit from our insights and our unique vantage point and data. We invite you to download the report and learn more.