With the accelerated growth of online retailers — especially after the Covid pandemic — we are witnessing an alarming rise in the deployment of malicious bots. While it’s certainly the case during the holiday sales season, digital storefronts are open year around. No time of year is safe. E-commerce websites and applications are increasingly being overwhelmed by bots deployed for malicious reasons. These include product scalping, pricing and product data scraping, user account takeover (ATO), inventory denial, DoS attacks and payment card and affiliate fraud. This is just a sample of the threats; there are many more.
Bot Attacks are Among the Biggest Threats to Online Retailers
Separate or combined, bad bot attacks pose some of the biggest threats to online retailers. They directly impact operations in an array of harmful ways, including:
- Website slowdowns and outages
- A frustrating customer experience (CX)
- Account takeover (ATO), which leads to:
- Theft of personally identifiable information (PII) and payment card/ bank account information
- User complaints about cashed-out gift cards and loyalty pointsли>
- Poor availability of highly sought-after products due to scalpers buying them for resale later
- Loss of revenue and brand image
- Skewed traffic analytics that hinder strategic and marketing teams from getting accurate and actionable data with which to workли>
How Bad Bots Affected Allo, Ukraine’s Leading Electronics Retailer
Electronics retailer Allo turned to Radware Bot Manager for help in mitigating ongoing, harmful malicious bot traffic. With annual revenues of over $400 million, Allo operates over 400 retail stores and attracts more than 10 million shoppers to its website each year. Its digital storefront was regularly attacked by bad bots that took large bites from its revenue through several types of automated attacks.
During a single week, over 8 million bots swarmed Allo’s website to systematically scrape pricing and product information without authorization. While certain types of bots are useful to shoppers wanting to find the best prices, these bots undermined Allo’s pricing strategies by potentially using the scraped data to harm its competitiveness in the marketplace. The scraped data could be used by competitors to undercut Allo’s prices and affect its market advantage and sales numbers.
In that same week, there were over 53,000 ATO attempts by bots against Allo, and approximately 136,000 bad bots carried out cart abandonment attacks that made products appear as unavailable to genuine shoppers. This, of course, significantly reduced Allo's sales volumes. Additionally, it was discovered that bots carried out affiliate link fraud through Allo’s website, which deprived its affiliates of commissions and harmed business relationships.
Radware Bot Manager Proves Itself Throughout Rigorous Trial
Prior to trialing and implementing Radware Bot Manager, Allo had initially approached Radware to implement a web application firewall (WAF) and application protection solution. Our analysts discovered that more than 50% of all visitors to Allo's retail site were actually bots. It was an unsustainable situation that, if left unchecked, would have led to a range of adverse consequences.
For the Radware Bot Manager proof of concept (POC), visitor traffic was analyzed for a week. Soon after, Radware Bot Manager went into ‘Active Mode’ and started blocking over 2 million bad bots each day thereafter. Suspected bots were shown a CAPTCHA to solve to enter the website. Overall, only 0.25% of these challenges were solved, which meant almost all bots were blocked and most of the genuine customers were not shown a CAPTCHA while visiting the website.
Need to Stop Malicious Bots?
Radware has helped e-commerce firms around the world prevent malicious bot attacks, and secure their websites and mobile applications against the constant threats bad bots pose to online retailers and their customers. Radware Bot Manager works across all channels (websites, mobile applications and APIs) by combining behavioral modeling for granular intent analysis, collective bot intelligence and fingerprinting of browsers, devices and machines. For help keeping your digital storefront safe from malicious bots that can jeopardize revenue and tarnish your organization’s brand reputation, reach out to our cyber security experts at Radware.
If you’ll be attending the RSA Conference in San Francisco on April 24-27, make sure and stop by the Radware booth (#2139). Meet with our team of experts and take your cybersecurity to the next level. Better yet, you can set up an appointment with them here.