PerimeterX released its “Automated Fraud Benchmark Report: E-commerce Edition”, a comprehensive new annual report on e-commerce cyberattack activity over the past year. The report stems from research on traffic and threat patterns experienced by some of the largest and most respected brands in retail e-commerce.
The report examines the latest trends in automated attacks and fraud. This year’s findings are taken from anonymous data collected during 2020, captured from live online interactions by millions of consumers and hundreds of millions of bots across hundreds of the world’s largest websites, mobile apps and application programming interfaces (APIs).
“What’s clear is that automated fraud has no season. The ‘new normal’ rate of automated attacks far outpaces previous seasonal peaks, and retailers should plan for elevated volumes throughout the year. Retailers will need to adapt to this new environment of higher automated fraud activity in order to continue to grow their sales and profits, increase efficiency and protect their brands,” said Kim DeCarlis, CMO, PerimeterX.
PerimeterX researchers observed an elevated baseline of automated fraud and criminal activity across a broad array of attack types and product categories. The year 2020 saw considerable growth across all the major types of automated fraud, including account takeover (ATO), gift card cracking, scraping and checkout attacks. The ongoing daily level of attacks was the same as during the most recent Cyber 5 period — the traditional Black Friday through Cyber Monday shopping timeframe.
Analyzing billions of user interactions, key findings included:
- Every major US holiday in 2020 saw increases in gift card fraud.
- 85% of all login attempts were ATO attempts in September 2020.
- Checkout attacks rose 69% in April 2020.
- Scalper bots drove more than 40% of total shopping cart requests during peak limited-edition sneaker sales.
- Peak levels of blocked traffic were over 95% in four months.
A wider array of online merchants faced automated fraud attacks as cybercriminals expanded into new industries and began to attack smaller businesses with greater frequency. The continued emergence of criminal specialization — selling lists, renting botnets, offering attack technology-as-a-service — and marketplace dynamics in advanced attacks has led to greater efficiency and a lower bar for fraudsters to enter the market.
In the report, PerimeterX offers steps to help organizations reduce their risk and better defend against fraud, including:
- Assess your risks and audit your exposure.
- Consider building a system to log attacks.
- Evaluate and consider technologies to proactively block automated fraud attacks.
- Identify product pages that are targeted and protect them from scraping bots.
- Analyze impact of challenges on checkouts and abandonment.
- Adopt modern solutions that leverage machine learning.