The ongoing Covid-19 pandemic has severely impacted in-store sales globally over the last eight months, but online retailers have benefitted from the safety restrictions that have changed consumers’ regular shopping and spending patterns. Even as traditional retailers suffer from the fallout of this massive disruption – including permanent closures of hundreds of stores or even bankruptcy – the huge increase in online shopping in 2020 is fueling record sales volumes. From mid to late June this year, online retail sales had grown by 30% in the Americas (and 17% higher globally) compared to pre-Covid sales averages in the first two weeks of February this year, according to a survey of 14,000 retailers around the world.
With the traditional Thanksgiving to Christmas shopping season now underway, there is a pent-up desire amongst many consumers to indulge in holiday shopping with some of the funds saved from months of reduced expenditure during the Covid-19 lockdown on travel, entertainment, dining out and other categories. Research from Deloitte predicts that the proportion of goods bought online will increase this holiday season when compared to traditional in-store sales volumes, with total online sales expected to generate between $182 billion and $196 billion this season.
According to Daniel Bachman, Deloitte’s U.S. economic forecaster, “While high unemployment and economic anxiety will weigh on overall retail sales this holiday season, reduced spending on pandemic-sensitive services such as restaurants and travel may help bolster retail holiday sales somewhat. E-commerce is likely to be a big winner because consumers have shown a clear movement towards buying online rather than at brick and mortar stores.”
As large numbers of price-sensitive consumers usually postpone their holiday shopping until Black Friday – the day after Thanksgiving – e-commerce portals fiercely compete to advertise the lowest prices on a wide range of gifts, gadgets, appliances, apparel, and other product categories. To find out what competing retailers charge for popular products on any given day, many e-commerce sites send bots to systematically scrape their competitors’ prices and discount offers. When companies increase the frequency of these price checks, the steep rise in scraper bot traffic added to already large volumes of consumer traffic tends to slow down websites and mobile applications, and frustrates bargain hunters.
Radware’s annual State of Web Application Security survey at the end of 2019 revealed that at least once every day, roughly 17% of respondents’ websites and applications were hit by bots that targeted their portals to carry out web scraping and denial of inventory attacks. A similar percentage reported skewed website analytics caused by unmitigated bot traffic. In addition, 16% experienced denial of service attacks every day, and 15% reported daily attacks attempting to carry out account takeover and payment card fraud. When combined with other types of bot attacks such as API abuse, form spam, and ad fraud (illegitimate clicks and impressions on digital ads), it’s clear that enterprises are faced with significant challenges when it comes to mitigating bad bot traffic. Of course, knowledge of the scale and impact of their bad bot traffic is the first step, which is why Radware Bot Manager offers a complimentary Bad Bot Analyzer to help enterprises discover how they are being impacted.
Figure 1: Breakdown of bot attacks experienced every day (Radware State of Web Application Security Survey)
Along with large volumes of consumer traffic, online retailers will also have to defend against attempted account takeover and carding attacks, through which cybercriminals try to steal reward and loyalty points, gift cards, and other forms of stored value. Many opportunistic scalpers deploy bots during the sales season to quickly snap up products that are in high demand and resell them for a large profit. Our recent article describes how a scalping campaign caused a total sellout of all available supplies of Nvidia’s latest graphics chip within minutes of its launch in September, which led to the company issuing an apology and implementing a bot management solution to prevent any such recurrences.
As job cuts and unemployment surged during this pandemic, some freelance gig-economy workers have resorted to using bots sold through shady websites to corner lucrative shopping and delivery tasks on apps such as Instacart before other freelancers can even see them, which we recently covered in our blog. Cybercriminals and nefarious competitors often carry out cart abandonment or ‘denial of inventory’ attacks using bots, which reduces conversion rates and hugely frustrates consumers and retailers by preventing legitimate sales to buyers who had waited months for large discounts sales to begin. Clearly, e-commerce firms have much to be concerned about when it comes to bots affecting their businesses.
During the 2019 holiday season, there was a 400X increase in bad bot traffic on login pages of e-commerce portals in our customer base when compared to regular non-holiday season traffic (see Figure 2 below).
Figure 2: Spike in bot traffic on log-in e-commerce pages in November 2019
With much higher e-commerce sales growth attributable to Covid-19 this year, we expect that bad bot traffic carrying out account takeover (ATO) attacks on log-in pages will grow by 1000X when compared to regular non-holiday traffic. We recommend that e-commerce firms secure their portals with a dedicated bot management solution to deter bad bots and ensure a great customer experience.
We anticipate that this year’s holiday shopping season will throw up reams of data on bot attacks, which we will analyze and breakdown in an upcoming report. In the meantime, follow our blog to arm yourself with the knowledge, insights and analysis you need to prepare your enterprise as we enter the peak of this year’s holiday shopping season.