The Retailer Summer Edition 2021

THE RE TA I L ER

40

THESE AREN’T THE DROIDS YOU’RE LOOKING FOR

Amir Nooriala Chief Commercial Officer Callsign

O nline bots are more of a nuisance than ever before, but as Amir Nooriala shows, they can be stopped. Changes are afoot. Online shopping is still on the rise, and the loosening of social distancing measures is bringing opportunities such as live events back onto the table. That’s good news for consumers and businesses alike, but less welcome is the equal rise in bot fraud and online scams. Over the last year we’ve seen huge increases in online scams affecting a multitude of indus- tries. Our recent survey delving into this rise in online scams has shown that no one is safe, with 45% of consumers suggesting that simply receiving a scam message claiming to be from your company is enough for them to lose trust in your business (regardless of any real association with the message). It’s an evergreen problem, and one that’s evolv- ing rapidly. We’re all acutely aware of the issues bots pose in credential stuffing and data mining in the hope of accessing accounts for nefarious gain. To a point, authentication techniques such as OTPs have gone some way in preventing credential stuffing attacks. However, this is just the beginning of the problem bots pose to online retail, and organizations need to ensure their authentication is evolving at a quicker rate.

Right place, right time – every time

These issues aren’t leading to scarcity demand or hype on your product, it’s leading to customer frustration and loss of trust. Which, if you read the start of this article, you’ll know is easier to lose than you’d think. And it doesn’t end there. Old dog, newtricks We’re all aware how bots are also being used for Account Takeover (ATO) fraud from social engineering through to loyalty point fraud. For many, second factor authentication has been seen as a robust solution to manage the bot headache – until now. The trouble is, bots evolve, and at the moment they’re outpacing authentication solutions such as one-time-passwords (OTPs) with the latest evolution of bots designed to socially engineer victims into passing over their personal information. Using scripted programs, they are being used to call unsuspecting victims to convince them into handing over OTPs. With such advances already underway, it’s not just bots directly crawling your site that you need to be aware of, they’re bypassing you and heading straight for your customers. We’re nowat a stagewhere bots have bypassed current authentication solutions and we need to consider a more robust defense, one that combines layered intelligence.

The evolution of the bot has been significant over the last few years. Now, readily availa- ble on the app stores, they are beginning to wreak havoc for brands, particularly thosewho specialize in large sales and limited edition runs. After a quick download from the app store, your customers can become owners of limited-edition stock or even top the eBay biddingwithout being at their desks; all thanks to these bots using data injections to input checkout details including billing and shipping data. Whilst many of these bots are likely to be genuine customers simply trying their hand and getting a slight advantage, it’s a different game when it comes to criminals operating at scale. Scalpers have long been adept at using bots to buy event tickets in bulk to be resold for a greater price on reseller platforms. However, with opportunities diminished over the last year or so, and fueled by the increases in limited edition runs and new seasonal sales such as Black Friday, we’re seeing bots being used to clean out inventories of high-demand items for resale at a huge markup, as well as artificially creating an illusion of scarcity by selecting items and abandoning the transactions. While device fingerprinting is going some way in preventing such attacks, it’s not a failsafe solution and bots are evolving at a faster rate.

‘‘

Businesses need to ensure their authenti - cation technologies are evolving at a quicker rate than the bots are”.