Retailers Beware: E-Gift Card Attacks, Automated Fraud and Scalping Bot Usage is on the Rise

E-commerce retailers need to take note of fraud that can greatly impact their business, including their revenue, brand reputation, and the loyalty of their customers. In fact, up to 80 percent of e-commerce retailers’ operational costs are negatively impacted by malicious bot activity.

PerimeterX recently conducted a comprehensive survey of 2,000 U.S. consumers to gauge awareness of fraud-related threats to online shopping, including e-gift card fraud, bots and CAPTCHAs. The results reveal that automated fraud is a prominent concern for consumers, and that it will likely impact customer experience for the foreseeable future.

Key findings included:

• 50 percent of respondents have had unauthorized transactions on their debit or credit card;
• 51 percent of respondents who know what a bot is have used one to purchase a limited-edition item; and
• 36 percent of respondents have abandoned an online purchase after being hit with a CAPTCHA to prove they’re a human.

E-Gift Card and Automated Fraud on the Rise

Industry statistics estimate that 60 percent of all e-gift card transactions are fraudulent, yet consumer sentiment remains mixed on the topic. According to the PerimeterX survey, 63 percent of respondents were shocked by this statistic, yet only 45 percent said their fear of e-gift card fraud stops them from purchasing e-gift cards.

Additionally:

• 50 percent of those surveyed have had unauthorized transactions on their debit or credit card;
• 35 percent were notified that their username and password may have been stolen;
• 69 percent have had to change online account passwords as a result of a data breach, and 40 percent have done this multiple times;
• 24 percent had an online account stolen, abused or taken over; and
• 24 percent had money stolen from them as a result of a data breach.

Interestingly, only 31 percent of consumers surveyed said they lose sleep over identity theft.

With credit card providers, financial institutions and other online service providers limiting consumers’ liability by assuming responsibility for fraudulent purchases and transactions, it’s really not surprising that consumers are taking identity theft in stride. This protection is a welcome and valuable benefit for consumers. As a result, e-commerce retailers need to remember that consumers are relying on them to protect their identities and accounts.

Scalping Bots Come of Age

Almost half — 45 percent — of the survey respondents said they've tried to buy a limited-inventory, high-demand product, service or experience online and have been unsuccessful.

Awareness and usage of bots is growing, evidenced by these findings:

• 53 percent said they know what a bot is;
• 51 percent of respondents who know what a bot is said they've used one to purchase a limited-edition item, and 21 percent of those have done so multiple times;
• 43 percent of those who have used bots used them to purchase hot new consumer items; and
• 39 percent of those who have used bots made restaurant reservations.

CAPTCHAs

Every consumer has at some point struggled with CAPTCHAs, which are used by web applications to confirm that the user is a human and not a bot. When asked about their experiences:

• 36 percent of respondents said that being hit with a CAPTCHA would stop them from using a specific website;
• 19 percent have stopped using websites because of this in the past; and
• 36 percent have abandoned an online purchase after being hit with a CAPTCHA to prove they’re a human, and 23 percent have done so multiple times.

The accelerated digital transformation of merchants and other service providers has created a parallel increase in automated fraud. While it starts with an individual transaction, to combat these threats, e-commerce retailers need comprehensive account protection — i.e., the ability to secure consumers throughout the lifecycle of potential attacks by detecting and stopping the theft, validation and fraudulent use of their identity and account information on websites and mobile apps.

Brian Uffelman is vice president and security evangelist at PerimeterX, a provider of solutions that detect and stop the abuse of identity and account information on the web.