Attackers will target every feature and function of your retail or eCommerce website, and they’ll use multiple techniques to do so. It’s an easy value proposition for them: inexpensive to launch attacks at scale, and the cost to companies can reach millions of dollars. Here’s how they do it — and how they fool traditional bot management tools.
The typical customer retail or eCommerce website experience features four phases, all of which are vulnerable: login, browsing, add-to-cart, and checkout.
Login Fraud – at login, attackers use techniques— like credential stuffing and account takeover — to hijack passwords and personal information from customers, steal their loyalty points and other promotions, and even create fake accounts.
Browsing – Adversaries build bots to browse — to perform sniping, scraping, spoofing, and scanning — and gather intel on your products, pricing, and inventory. They use this intel to sell counterfeit goods, snatch up recently restocked, in-demand goods, and exploit pricing errors on your site.
Add to Cart – That inventory intel comes in particularly handy when it’s time to add-to-cart. Attackers use bots to add massive quantities of items to effectively lock down stock and keep customers from getting it — this is called denial of inventory.
Checkout Abuse – At checkout, the threats continue. Carding, cracking, and checkout bots perform all sorts of nefarious tasks: testing and using stolen credit/gift card data, guessing missing values for payment data, and quickly purchasing the bulk of hype and limited-stock items.
You’ll notice the damage from multiple angles — through the vantage of your customers, your IT infrastructure, and to your bottom line. More specifically:
- Customers will be bothered by slower site performance and a general decline in overall user experience — they’ll be less likely to stay on your webpage and buy products.
- Your infrastructure costs will increase as site performance declines and your servers are strained. And without adequate protection, bots will exploit zero-day vulnerabilities by performing malicious scans.
- The power of your dollars and data will diminish. Bots will skew website analytics and performance metrics, and leach money from you in the form of payment and rewards fraud.
The greatest danger, though? The combined and mounting toll these problems have on your brand. Tarnished reputation. Eroded equity. Broken customer relationships.
Traditional bot management tools have to allow threats to infiltrate your site before they determine if, indeed, they’re a threat. By then, it’s too late — the damage is done.
Kasada, meanwhile, assumes all requests are guilty until proven innocent, and uses telemetry data, threat intelligence, and behavioral data to accurately detect malicious automation before it enters your site. Plus, Kasada remains effective over time with dynamic defenses that provide resilience against adversarial retooling.
The results speak for themselves:
- Kasada helped a global retailer manage a 100x increase in flash sale traffic during hype sales and flight checkout fraud. Read the case study
- A leading luxury brand suffered carding attacks, which not only bogged down the site but kept customers from being able to buy what they wanted. We stepped in and helped our customer achieve a 15% reduction in infrastructure costs, a 15% improvement in page speed, and over $100k saved monthly by reducing chargebacks.
- A renowned outerwear retailer found itself at the mercy of an international fraud ring that was selling counterfeit goods to customers — who were then returning them to the retailer. The cost? Damaged brand equity, dramatic increase in operational costs. But we stopped the scraping that was at the core of counterfeit websites and goods to eliminate the fraudulent activity.
“Kasada has been instrumental in the success of our highly visible flash sales. Implementation was super easy — we especially liked the team and experience they provided.”
Senior Director of eCommerce
International Footwear Brand