Top Holiday Retail Threats: What to Watch out for in 2022

Bots pose a serious threat to customer satisfaction, data privacy, web performance, and revenue during holiday season.

Man wearing a Santa hat sitting in dark room sitting in front of five different computer screens
A woman with long wavy hair posing for a photo.

Maddy Lewis

It’s almost that time of year again, holiday season, where retailers stand to make up to 30% of their annual sales in just a few weeks. Significant pressure rides on these retailers to deliver the perfect customer experience, drive demand from various digital channels, and ensure orders are fulfilled and delivered in a timely manner, amongst other initiatives. But what we’ve found is retailers are still woefully unprepared for their biggest adversary – bots (cue dramatic music). Bots pose a serious threat to customer satisfaction, data privacy, web performance, and revenue.

Not all bots are bad, but the ones we’re warning you about are operated by fraudsters and cybercriminals who are looking to make money any way they can, and ‘tis the season where they can make their biggest scores. While eCommerce businesses are planning their customer journey, bot operators are plotting how to maximize their profits – by scoring the most in-demand items of the season for resale, stealing loyalty points or store cards, creating fake accounts, or conducting other attacks at scale. Each of these tactics are enabled through automation, since using bots is one of the easiest ways to attack online retailers.

Cybersecurity is important throughout the year, but it’s especially critical during the holidays. Last year’s holiday sales grew 14% and reached $886.7 Billion while e-commerce fraud attempt rates rose by 19%. With 46% of people saying they would shop online more if fraud wasn’t an issue, it demonstrates just how important it is to prevent cyber attacks.

According to our data, large eCommerce retailers deal with an average of 63.8 million bad bots per week in the U.S. alone. Below are the most prevalent automated threats and bot attacks targeting eCommerce organizations so far this year.

2022 Top Automated Attacks Targeting eCommerce Businesses:

  1. Web Scraping (38%)
  2. Carding (25%)
  3. Credential Stuffing (25%)
  4. Fake Account Creation (18.8%)
  5. Denial of Inventory & Hype Release (12.6%)

Figure 1: Kasada data shows the five most prevalent automated attacks retail businesses face in 2022.

2021 Holiday Retail Threats

Last holiday season, Kasada’s threat research team observed surges in bot activity. Traffic grew as much as 27% ahead of the Black Friday holiday weekend compared to earlier in the month.


Want to learn more?

  • Why CAPTCHAs Are Not the Future of Bot Detection

    I’m not a robot” tests are definitely getting harder. But does that mean more complex CAPTCHAs are the right path forward to outsmart advancing AI and adversarial technologies?

  • The New Mandate for Bot Detection – Ensuring Data Authenticity

    Can the data collected by an anti-bot system be trusted? Kasada's latest platform enhancements include securing the authenticity of web traffic data.

Beat the bots without bothering your customers — see how.