Retail Threats From Login to Checkout
1. Login
Fraudsters test thousands of stolen credentials (credential stuffing) to take over your customer’s accounts and sell them on marketplaces. New, fake accounts are created to exploit loyalty points, coupons for birthdays, sign-ups, and other promotions.
2. Browsing
Scraping is a common automated threat retailers face for various purposes.
2A. Sniping
Freebie bots monitor your site in search of price errors so they can quickly scoop up free or incorrectly discounted items.
2B. Price Scraping
Competitors scan prices to undercut your business and steal catalog content you’ve created and paid for.
2C. Spoofing
Bots scrape your site to create an identical site with a spoofed domain to deceptively sell counterfeit goods and damage your brand reputation.
2D. Scanning
Scanner bots check to see if your in-demand goods have been restocked before a checkout bot is used to automate the process.
3. Add to Cart
Fraudsters perform denial of inventory, using bots to add massive quantities of stock to their cart for checkout and denying legitimate customers from purchasing. The fraudster then resells the product for a profit while inventory is “locked-up.”
4. Checkout
Bots conduct different types of checkout fraud or checkout abuse.
4A. Carding
Cybercriminals test large volumes of stolen cards (like credit cards and gift cards) to see if they’re valid.
4B. Cracking
Bad actors use bots to guess missing values for stolen payment data, like security codes and expiration dates, or to guess active gift cards and loyalty reward IDs.
4C. Checkout Bots
Used to secure products from hype and limited stock releases quickly at scale.
The impact of bot attacks on retailers:
Customers:
Bots cause sites to slow down, resulting in a poor user experience with fewer conversions.
Business:
Bots cause large amounts of payment and rewards fraud, skew website analytics and performance metrics, and put additional strain on various departments.
IT:
Bots put a strain on servers causing slow speeds and high infrastructure costs. Without proper protection, bots also exploit zero-day vulnerabilities.