Automated fraud attacks against e-commerce retailers have increased in volume, frequency and sophistication, according to new research published today.
The Automated Fraud Benchmark Report: E-commerce Edition by PerimeterX is a new comprehensive annual report based on e-commerce cyber-attack activity over the past year.
Findings draw upon anonymous data collected during live online interactions by millions of consumers and hundreds of millions of bots in 2020. Analysis of the data revealed traffic and threat patterns across hundreds of the world’s largest websites, mobile apps and application programming interfaces (APIs).
Researchers determined that considerable growth occurred across all major types of automated fraud, including gift card cracking, account takeover (ATO), scraping and checkout attacks in 2020.
“The ongoing daily level of attacks was the same as during the most recent Cyber 5 period — the traditional Black Friday through Cyber Monday shopping timeframe,” said a PerimeterX spokesperson.
Key findings of the report were that checkout attacks rose 69% in April 2020, and scalper bots drove more than 40% of total shopping cart requests during peak limited-edition sneaker sales.
In September, 85% of all login attempts were ATO attempts, while peak levels of blocked traffic were over 95% in four months.
Researchers also observed that every major US holiday in 2020 saw increases in gift card fraud.
The report reveals that a broader range of online merchants faced automated fraud attacks last year as cyber-criminals expanded into new industries and started to target smaller businesses with greater frequency.
“What’s clear is that automated fraud has no season. The ‘new normal’ rate of automated attacks far outpaces previous seasonal peaks, and retailers should plan for elevated volumes throughout the year,” said Kim DeCarlis, CMO, PerimeterX.
“Retailers will need to adapt to this new environment of higher automated fraud activity in order to continue to grow their sales and profits, increase efficiency and protect their brands.”
DeCarlis added that last year, cyber-criminals were observed trialing their Cyber 5 attack plans in September, a month earlier than usual.
“This compressed the time that development and digital teams had to react and respond to shifting trends in automated attacks and application security,” explained DeCarlis.