Don’t let bad bots ruin your retail holiday season

For retailers, bad bots are the humbug of the holiday season. From click bots and credential stuffers to Grinch bots (no, really!), these fraudster-driven, malicious bits of software are notorious for disrupting holiday cheer.

Over the last 12 months, automated attacks driven by bad bots have been on the rise, especially in retail. According to a recent report by Imperva, more than 50% of bad bot traffic on retail sites was associated with advanced bots, which are harder to detect and stop. And the outlook for retailers isn’t merry and bright: Juniper Research predicts online fraud associated with bots will grow 131.2% between now and 2027.

What are bad bots and how do they impact retailers?

A bot is a bit of software programmed to perform a series of automated tasks, like opening a webpage or filling out a form. Bots aren’t inherently good or bad, it’s programmers who decide their fate, but essentially “bad” bots are designed to carry out malicious activities. From stealing data to hacking accounts and performing DDoS attacks, bad bots cause chaos and destruction in the digital realm.

Fraudsters use bad bots to simplify and streamline their efforts to scam retailers and shoppers, and there’s loads of options out there:

Grinch bots: Also known as inventory-scalping bots, Grinch bots monitor and snatch up high-demand retail items in bulk so they can be resold at higher prices. They’re most active during the height of the holiday shopping season (November through January) and can wreak havoc on a retailer’s website, reputation, inventory, and revenue potential.

Click bots: Click bots are the troops designed to carry out PPC click fraud attacks. Fraudsters use click bots to exploit ad campaigns by inflating metrics and click counts to generate more revenue from retailers. This results in low return on ad spend, skewed campaign metrics, and wasted ad budgets.

Credential-stuffing bots: Credential stuffers use stolen usernames and passwords to gain access to accounts. Retailers are targets for credential stuffing attacks because they regularly deal with sensitive customer data and payment details. They’re also vulnerable to attacks because customers often reuse the same passwords across different accounts, making it easier for bots to infiltrate. Once an account is compromised, fraudsters make illegal purchases, claim existing rewards or loyalty points, and steal other data.

Inventory-hoarding bots: These market disruptors acquire large quantities of inventory to create artificial scarcity. In other words, they add high-demand/limited-supply items to online shopping carts and never complete the purchase. For retailers, inventory-hoarding bots lead to lost sales opportunities, damaged customer relationships, and increased operational costs.

Content-scraping bots: Content scrapers are responsible for scraping product information and pricing details from retail websites. Fraudsters and competitors use this scraped data to undercut prices, resulting in lost sales for retailers and diminished brand differentiation.

The cost of doing business with bad bots 

In the eyes of fraudsters, retailers are goldmines. Aside from handling large volumes of financial transactions, especially during the holiday season, retailers are entrusted with safeguarding loads of customer data. From credit card details to login credentials, home addresses, and phone numbers, the sheer amount of personal consumer data exchanged and managed by retailers is vast — and fraudsters are eager to take advantage of mishaps and system vulnerabilities.

For retailers, bad bots lead to:

• Skewed analytics and metrics: Bots are great at clicking on ads to mimic humans. This fake engagement and false data results in distorted marketing metrics, wasted advertising spend, and poor decision-making.
• Supply chain disruptions: Retailers rely on a complex network of suppliers and distributors. Bad bots can disrupt this chain by depleting inventory, causing outages, and overwhelming websites.
• Frustrated shoppers: Bad bots can hoard items, cash in on loyalty points, disrupt web traffic flow, and take over valid customer accounts. Shoppers who don’t get their desired items or experience friction are more likely to take their business elsewhere.
• Lost sales and revenue: Even if retailers sell to bots, they lose out on building relationships with legitimate human customers who are likely to make repeat or additional purchases.
• Irreparable customer relationships: Trust and loyalty go out the window when customer data is compromised and a shopper is forced to cancel their store or reset their loyalty account.

• Damaged brand reputation: When a retailer doesn’t value online safety and security, they don’t value their customers. And bad news like malicious bot attacks, nightmare customer experiences, or unavailable goods spreads like wildfire.

How retailers can identify and stop bad bots

Recognizing and stopping bad bots in their tracks starts and ends with good data. An advanced fraud solution and analyzes customer data to track how shoppers behave online. Knowing how typical customers act in a digital environment makes it easier to spot atypical behavior from bad bots.

Step 1: Capture the data. To identify bots, retailers must first understand how legitimate customers behave. An advanced fraud defense solution captures and analyzes all customer data in real time to build profiles of typical consumers. From contextual interaction data to transactions and historical data, truly understanding consumer behavior requires data capture to begin the moment a user lands on your site (even before they’re authenticated).

Behavioral biometrics provide an additional layer of security by capturing and establishing baseline customer behaviors. From touch gestures and typing rhythms to hesitations and sudden changes in mouse movement, behavioral biometrics monitor consumer behavioral patterns in real time to verify identity and quickly spot actions that deviate from the norm.

Step 2: Build identity profiles to monitor activity. An advanced identity verification solution reconciles individual consumer data into comprehensive identity profiles. These profiles can be compared against activity happening in-the-moment to assess whether activity is legitimate or not — flagging suspicious data patterns and triggering alerts that stop bad bots in their tracks.

Step 3: Flex your defense muscles. Responding to fraud on your terms is important, but most prevention platforms are only equipped to sound an alarm when suspicious transactions are detected. What’s the good of noise without an automated interception? An advanced defense platform lets retailers respond to bad bots on their own terms with customizable rules. For example, if bot activity is suspected, a retailer can send an in-the-moment message (“Is this you?”) to an actively engaged customer to verify identity and stop fraud before it starts. But, if a known bot is detected trying to purchase a sale item, retailers can block the transaction in real time.

Step 4: Stay proactive. Staying ahead of fraud tactics is an important component to stopping bad bots. An advanced fraud solution uses machine learning (ML) and artificial intelligence (AI) to scale accordingly, even when bad bots evolve. Understanding human behavior versus bot behavior is crucial, and the right platform uses digital identity verification and biometrics to feed a ML model to ensure the instant (and ongoing) detection of new bots.

The way to keep Grinch bots from coming 

Bad bots are on the rise, but they don’t have to disrupt your holiday season. By leveraging customer data for fraud detection and prevention, retailers can detect and combat even the sneakiest bots in real time to stay ahead of threats and protect the customer experience.