The growing challenge of bots for e-commerce-based businesses

It’s no exaggeration to say that the coronavirus pandemic has left an indelible mark on consumer habits. According to Michael Keenan at Shopify, online purchases only accounted for 17.8% of total sales in 2020. Throughout the Covid crisis, however, the market share of e-commerce positively soared, due to the temporary – in some cases, permanent – shutdown of high street retail. This forced many companies to push their trading online, and eCommerce sales rose exponentially as a result. Now, online purchases are set to reach 20.8% of total sales in 2023, and then 23% by 2025 – a 5.2 percentage point increase in a matter of just five years.

While the strength of the e-ommerce market is highly encouraging – especially at a time when the UK’s economy is in the doldrums – its continued prosperity is far from guaranteed. There are many threats online that would seek to thwart the growth of e-commerce-based businesses, with malicious bots standing among the most significant. These are programs designed to carry out online fraud, often by targeting pay-per-click [PPC] ads or websites with fake clicks, thus providing a skewed perception of traffic, limiting website performance, compromising security, or wasting a business’ online budget.

While bad bots have long posed a serious threat to the performance of eCommerce firms, there is mounting evidence to suggest that the problem is worsening, and will likely be exacerbated as online sales continue to grow.

How the threat of bots is rising

Malicious bots may not be a new phenomenon, but they have certainly evolved significantly in recent times, rendering many traditional security tools ineffective. According to a recent study by Juniper Research, the total cost of e-commerce fraud will exceed $48bn globally in 2023 – rising from just over $41bnin 2022. This rise has been facilitated not only by the growth in the financial incentive to commit attacks with bots, but also because the cost of carrying out an attack has decreased significantly. On top of this, the technology has become more readily accessible to those who would use it for amoral purposes, and the opportunity to use bots has also grown, given the increased expenditure in online ads over the past few years.

Figures show that ad spending via Google Ads rose from $149bn in 2020 to £209bn in 2021, reflecting the acceleration in e-commerce brought about by Covid. The pandemic also prompted many businesses who did not previously have a strong online presence to launch their own websites, through which they could continue communicating with and selling to customers. With so much more advertising activity taking place online, and many more new websites having gone live, attackers have a wealth of opportunities to prey on marketers, making the internet an increasingly dangerous space for businesses to be in.

However, it is not only companies’ own interests that are at risk; consumers are also falling victim to online fraud. With the pandemic having driven the shift towards digital payments, there are now more accounts and transactions to protect. Despite this, it is all too easy for attackers to purchase a customer’s leaked credentials and card numbers online, and then use bots to test and verify this information against websites in the hopes of finding a match. In fact, according to cybersecurity experts Imperva, almost half [45%] of all stolen data is customer data, whereas Veeam research shows that more than 80% of organisations believe their data is not protected well enough. As such, eCommerce businesses not only stand to lose revenue to bot fraud, but also to incur reputational damage brought about by compromised customer data.

All this combined means that online fraud is a more lucrative, easy, and cost-effective proposition than ever before, so it is hardly surprising that the threat of attack is on the rise. As such, it is vital that e-commerce businesses are aware of the dangers posed by malicious bots, and what steps they can take to mitigate the impact on their online activity.

What can e-commerce businesses do to mitigate the risks?

The trouble, however, is that, given the myriad ways click bots can attack a website, there is no single solution to tackling the problem. Nevertheless, there are a number of things that organisations can do to help protect their revenue – and their reputation – from attack.

For example, marketers can ensure that they are both monitoring and reviewing detailed analytics and other request data. This should allow them to identify any holes in bots’ disguises, thus separating genuine human traffic from that which is artificially generated by bots. Once they have done this, businesses can then begin to dig deeper into the purposes of bots. While some bots should be considered beneficial – e.g., search engine crawlers from Google, Bing, Facebook, etc. – others have malicious intent, namely to commit click fraud. Simply by identifying which bots are good and which are bad helps to make limiting the capabilities of malicious bots that much easier.

Another tell-tale sign of bot activity can often be a high bounce rate or low conversion rate. If there is lots of traffic on a website but not much of this is being converted into sales, it could be down to the presence of bots. If the problem is allowed to persist over time, the advertiser could find themselves wasting a large amount of their marketing spend on bots that are never going to convert, meaning the return on investment is ultimately low. To avoid this from happening, firms can define their failed login attempt baseline, then monitor for anomalies or spikes in activity. Additionally, setting up alerts to provide automatic notifications can be effective.

Marketers cannot tackle the problem alone

While there are certainly steps that can be taken to mitigate the risk of online fraud, the threats that bots pose are growing at such an alarming rate that organisations simply cannot hope to tackle the problem by themselves.

As the technology used to commit online fraud grows more sophisticated, so too must the defences against it. It is vital for eCommerce businesses to have security solutions in place that are agile and well-equipped enough to respond to the challenges that click bots present, and to receive guidance and dedicated support from experts.

Although there is little that e-commerce businesses can do to eradicate online fraud altogether – especially given the continued rise of internet retail – they can certainly take action to protect themselves and their customers from the ever-evolving threat posed by bots.

Stewart Boutcher is chief technology officer and Data Lead at Veracity