Retail Threats From Login to Checkout

Retail Threats From Login to Checkout

1. Login

Fraudsters test thousands of stolen credentials (credential stuffing) to take over your customer’s accounts and sell them on marketplaces. New, fake accounts are created to exploit loyalty points, coupons for birthdays, sign-ups, and other promotions.

2. Browsing

Scraping is a common automated threat retailers face for various purposes.

2A. Sniping

Freebie bots monitor your site in search of price errors so they can quickly scoop up free or incorrectly discounted items.

2B. Price Scraping

Competitors scan prices to undercut your business and steal catalog content you’ve created and paid for.

2C. Spoofing

Bots scrape your site to create an identical site with a spoofed domain to deceptively sell counterfeit goods and damage your brand reputation.

2D. Scanning

Scanner bots check to see if your in-demand goods have been restocked before a checkout bot is used to automate the process.

3. Add to Cart

Fraudsters perform denial of inventory, using bots to add massive quantities of stock to their cart for checkout and denying legitimate customers from purchasing. The fraudster then resells the product for a profit while inventory is “locked-up.”

4. Checkout

Bots conduct different types of checkout fraud or checkout abuse.

4A. Carding

Cybercriminals test large volumes of stolen cards (like credit cards and gift cards) to see if they’re valid.

4B. Cracking

Bad actors use bots to guess missing values for stolen payment data, like security codes and expiration dates, or to guess active gift cards and loyalty reward IDs.

4C. Checkout Bots

Used to secure products from hype and limited stock releases quickly at scale.

The impact of bot attacks on retailers:


Bots cause sites to slow down, resulting in a poor user experience with fewer conversions.


Bots cause large amounts of payment and rewards fraud, skew website analytics and performance metrics, and put additional strain on various departments.


Bots put a strain on servers causing slow speeds and high infrastructure costs. Without proper protection, bots also exploit zero-day vulnerabilities.