In ecommerce, malicious bot activity can be incredibly harmful. Netacea takes a unique machine learning based approach to detecting and reacting to threats.
The company works with some of the biggest retailers in Europe, such as AllSaints, saving some of them over €1 million every month by tackling the problem of malicious bots.
Here Thomas Platt, Head of eCommerce at Netacea, explains how the technology identifies bots and solves retailer pain points around complex security concerns.
Basic web security is not enough
Retailers can follow every piece of security best practice advice—patching when needed, using a web application firewall—and still be vulnerable to “business logic” attacks. Bot operators don’t need security vulnerabilities to attack, when they can simply attack the way a retail business works.
To provide good customer experience, retailers know that they need to have straightforward checkout processes and great user interfaces, but this makes it easier for bots to attack. Making every customer complete a CAPTCHA is one solution, but this means more customers will abandon in frustration. It’s a seemingly impossible situation, only solved if retailers can identify bots through other means.
What harm can bots cause to ecommerce sites?
Many bots are malicious, but not all—search engine spiders are vital to a website’s search visibility. Bots with ill intent perform credential stuffing attacks, carding, or overwhelm a website with traffic. Retailers need to understand the intent of bots so they can prevent access to those that do harm.
How do you protect from malicious bots?
Retailers with Netacea not only get insight into their web traffic, but protection from malicious bots and the havoc they can wreak. This includes:
- Credential stuffing attacks, where bots take stolen usernames and passwords and use them to gain access to accounts, including loyalty points
- Carding, where stolen credit card details are checked for validity
- Sneakerbots that jump the queue and snag limited edition goods for resale
Retailers are at risk from all these automated attacks and more, such as the additional cost of increased traffic; which is not inconsiderable. Though what Netacea offers differs from most security solutions, what the customer gets is the same: peace of mind. The big difference is that Netacea defends against attacks that subvert the way an online business works, rather that exploiting security vulnerabilities.
Fast return on investment from bot mitigation
It can be as short as a month. Fraud and stolen loyalty points are obviously expensive, but other attacks come with unexpected costs. Carding, where a bot uses a payment gateway to check stolen credit card details for validity, can mean a retailer is charged tens of thousands of pounds in fees alone by its payment provider.
Even simply limiting the traffic due to bots can be enough for the solution to pay for itself through reduced infrastructure costs, even before taking into account the savings made by preventing fraud and theft.
Which kinds of retailers would get most value from this?
Retailers with loyalty point schemes and those that deal in luxury limited edition goods have the most to gain from bot mitigation.
Loyalty points are fast becoming a currency on the dark web, especially with the fall in bitcoin prices, and as they lack the same protections as bank accounts they are a prime target for hackers.
For limited edition goods, ‘sneakerbots’ are the enemy. Anyone who has failed to buy in-demand concert tickets just after they have gone on sale may suspect something fishy is going on. They’d be right—chances are that a sniper bot bought everything before they had the chance. Similar things happen with limited edition trainers that can be worth thousands on the resale market.