Retailers, shoppers and threat actors alike are preparing for the big day: Amazon Prime Day, when there are retail sales opportunities to be had as retailers run their own sale event to compete with, or leverage the public visibility of the day. There will be deals and (figuratively speaking) there will be steals. As the sale event approaches, shoppers and threat actors will prepare in much the same way. To find the deals, shoppers may set alerts, save bookmarks, download the app, create an account (perhaps multiple), and update the credit card on file, all in an effort to ensure they make a successful purchase.
Threat actors will prepare in the same way. However, to ensure their anonymous success, they will use automation, community forums, predefined tool kits and commercialized bot services (BaaS) – much to the dismay of the legitimate shopper.
Should Retailers Care Who Gets the Deal?
A sale is a sale, right? Perhaps. A sale to a legitimate buyer increases the chances they will become, or remain a customer, buying repeatedly based on sales and promotions and sharing their positive experiences with their network of family, friends and social media acquaintances. Statistics show that the cost of retaining a customer is far less than the cost of acquiring a new customer, while the revenue generated is comparatively higher. On the negative side, customers who lose a purchase to a bot are more likely to give negative reviews, sharing their poor experience on social media resulting in brand damage and start shopping elsewhere.
Based on a recent Forrester survey of more than 400 CIOs/CISOs and product managers, bots impact the business in many ways:
- 49% of the respondents indicated that employees were frustrated and are unable to do their job
- 37% saw customer frustration and loss of trust
- 39% documented an increase in infrastructure costs
- Most impactful was the fact that nearly half (48%) of the survey participants had seen bots negatively impact revenue with rates as high as 10%
Success Stories for Repelling Automated Shopping
When faced with an automated shopping bot attack, understaffed retailers are often overwhelmed by an army of threat actors using sophisticated tools to achieve their end goal. Over the last 12 months, Cequence Security has helped retailers successfully repel automated shopping attacks, more rapidly and with greater efficacy then their incumbent solution.
- Making a Change Weeks Before the Holidays: Normally, most retailers lockdown their networks and security settings long before the holidays set in to help ensure a successful season. In an unprecedented move, this clothing and home décor retailer chose to replace their incumbent bot solution just weeks before the holidays.
- From Under Attack to Protection in 33 Minutes: In this scenario, a new customer with an unprotected mobile application was able to make the necessary configuration and policy updates to protect the application in just 33 minutes. In contrast, the previous vendor would have needed several months to integrate the mobile SDK into the new app.
- Near Immediate Time to Value: After more than a year of delays and frustration with the integration efforts required by the incumbent bot offering, this retailer chose to move to API Spartan SaaS. The results were near immediate with API Spartan detecting and preventing a sophisticated attack during the proof-of-concept stage.
- $200K Undetected Gift Card Fraud Stopped: During the proof-of-concept, an unprotected application flow was analyzed by CQAI, our agentless, ML-based analytics engine to uncover a sophisticated gift card fraud scheme. It had gone undetected because of the cumbersome JavaScript integration efforts required by the incumbent bot solution vendor.
With API Spartan, retailers are enabling their customers to snag legitimate deals while simultaneously preventing automated shopping bots from making a “steal.”
Sign up for the latest Cequence Security news
By clicking Subscribe, I agree to the use of my personal data in accordance with Cequence Security Privacy Policy. Cequence Security will not sell, trade, lease, or rent your personal data to third parties.