When Bots Attack: How the E-Commerce Industry Has Reached an Inflection Point

Last year, consumers in the U.S. alone spent more than $517 billion with online merchants, up 15 percent from 2017. In 2018, the blockbuster holiday shopping season saw more than $17.8 billion in online sales in just the five-day period beginning on Thanksgiving, with a record $6.6 billion transacted on Cyber Monday. Black Friday marked the first day in history in which more than $2 billion in sales came through smartphones, a major milestone in the mobile revolution. Furthermore, according to our latest cybercrime report, sophisticated attacks targeting retailers have actually dropped over the past several months. So why does it feel as though the e-commerce fraud problem is more dangerous than ever? Simply put, it has a big bot problem.

The sector’s strong investment in cybersecurity has surely played a major role in the drop in sophisticated attacks, but those reductions may also stem from the fact that cybercriminals are finding more efficient methods of attack. Merchants conducting business in the online space are set to encounter a rapidly evolving threat landscape in the year ahead, with the key to success resting on the ability of merchants to identify the biggest threats — starting with bots. The aforementioned reductions in overall e-commerce fraud coincided with the deployment of 2.1 billion automated bot attacks. That’s a 142 percent increase year-over-year, and includes a 12 percent growth in bots targeting the mobile channel.

In fact, e-commerce was the target for two-thirds of all bot attacks last year. Despite the fact that human-initiated attacks have declined, the pernicious and widespread impact from high-volume bot traffic cannot be overstated.

The fact is, e-commerce is increasingly a key target for automated bot traffic around the world, with a growing proportion of that traffic flowing from a wider array of regions. Top bot originators during the second half of 2018 included Malaysia, Indonesia, Vietnam, Japan, South Korea, Russia, India and Brazil, as well as the U.S. This shows the dispersion of stolen identity credentials to practically all corners of the world, only increasing the challenge for retailers of all shapes and sizes.

The risk from automated bot attacks appears to be growing year-over-year, perhaps indicating the fact that cybercrime is developing into an industry in its own right, serving smaller growth economies with stolen identity credentials and the tactics for how best to monetize them.

As 2019 progresses, it’s likely that trends seen in the latter half of 2018 will continue to evolve, further aggravating an already complex cybercrime landscape. As the e-commerce industry looks toward the future, we can expect fraudsters to continue upping the ante. By using artificial intelligence and employing global networks of machines and humans to increase their chances of success, merchants must continue to evolve their own strategies to fight back.

One thing is clear: single-point solutions are unlikely to succeed in helping online merchants win the battle against cybercriminals. As many digital merchants are no doubt discovering, a layered defense of fraud, identity and authentication capabilities, executable in real time and across the entire customer journey, is the most robust solution to this growing problem. It won’t just help merchants defend against the $19 billion in cybercrime losses the sector suffered in 2018. According to Accenture, the trust this kind of protection could garner may translate into 2.8 percent in additional growth for those that can attain it.

Parul Sharma is senior director, fraud and identity at LexisNexis Risk Solutions, a data science company and leader in providing essential information to help customers across industry and government assess, predict and manage risk.