As the holiday shopping season fast approaches, it’s time for digital businesses to prepare for the increase in cyberattacks and bad bot traffic. Here are three types of attacks to keep an eye out for:
1. Gift Card Fraud: The Gift that Keeps On Depleting
Gift card sales grew 114% during the 2021 holiday shopping season, reflected by a 4x increase in automated gift card balance lookups. Because gift cards do not have the same level of security as a credit or debit card, cybercriminals have an easier time making fraudulent purchases with them.
Last year, the Federal Trade Commission (FTC) reported $147 million in losses from gift card fraud, due to refunds, chargebacks, processing fees and cost of lost merchandise. Online retailers should expect an uptick in fraudulent gift card purchases this holiday season. Don’t let bots deplete your users’ gift card balance!
2. Credential Stuffing: Not a Great Addition to Your Holiday Meal
Malicious login attempts spike up to 10x their usual rate during the holiday shopping season. Called credential stuffing, cybercriminals deploy bots to attempt logins using stolen usernames and passwords with the aim of gaining access to user accounts.
If the login goes through, the fraudster is able to access the value stored therein, including credit and debit card numbers, gift card balances, loyalty points, airline miles and personally identifiable information (PII). Attackers can use this to make fraudulent purchases, submit fake warranty claims and commit other types of fraud during the holidays.
3. Grinch Bots: Scalping Your Holiday Cheer
Meet grinch bots, the holiday edition of your favorite scalping bot. Scalpers deploy these bots to quickly snag hot ticket items, such as limited-edition sneakers, concert tickets, and popular toys and holiday gifts. They then sell the products at inflated prices on resellers or the dark web.
Although scalping is not technically illegal, it is damaging to your business. Grinch bots frustrate human consumers, who may be unable to purchase the item they desire because it was snatched up by a bot. They are then forced to pay more money on a third-party site to get the gift. This negative customer experience damages consumer trust and motivates buyers to elsewhere next time around.
The grinch bot problem has become so dire that it has spurred political action. Last November, lawmakers introduced the Stopping Grinch Bots Act in a second attempt to outlaw this type of scalping. In the words of Representative Paul Tonko (D-NY), “[Grinch bots] don’t just squeeze consumers; they pose a problem for small businesses, local retailers and other entrepreneurs trying to ensure they have the best items in stock for their customers.”
Preparing for the Holidays Ahead
When it comes to preparing for the holiday shopping season, the name of the game is stopping bots without disrupting the buyer journey. Many legacy solutions add friction and latency, which frustrates customers and drives abandonment.
It doesn’t matter how many bots you block if human consumers leave your site as well. The goal isn’t just to weed out bots, but to optimize the buying experience for human customers. Here are some steps you can take:
- Enable a bot management solution to determine if login and checkout attempts are human or bot
- Serve a verification challenge to high-risk users only, without adding friction to the customer journey
- Prevent logins using compromised credentials and force a password reset, stopping fraud before it happens and reducing the surface area of vulnerability
- Enforce additional detections during hype sales to prioritize human shoppers during high-demand sales events
Now is the time to get ready for the holiday shopping season. See how PerimeterX can help.