As data breaches become more sophisticated, cyber criminals are finding new ways to increase the efficiency of attacks aimed at gaining confidential information such as login and payment data. One way they are doing so is by using bots, a software application that runs automated tasks. Such attacks, which range in variety and level of force, compromise the customer experience and tamper with payment transactions.
As a retailer, you’re looking to build long-term relationships and customer loyalty, and botnet attacks can have a detrimental impact on the customer experience in more ways than one. Such attacks can lead to customers’ personal information, including credit card numbers and passwords, being compromised. According to recent data, 64 percent of consumers are unlikely to return to a retailer where their financial or sensitive data has been stolen. On the other hand, you also need to keep convenience in mind so as not to add arduous authentication steps for returning customers. If a returning customer is asked to verify his or her personal information each time a transaction is made, they will likely turn to a competitor that offers a frictionless customer experience.
The following are several ways you can reduce botnet attacks while maintaining a balance between security and convenience:
- Good customer recognition: Passively authenticate the digital identities of customers across devices to recognize returning customers without compromising the digital experience. In doing so, you’ll ensure trusted customers do not need to answer added security questions or inadvertently have their transactions rejected.
- Behavior profiling: With behavior profiling and analytics using a global shared intelligence network, you can perform continuous cataloging of all the activities related to a device, account or persona. This enables detection of low-volume, low-frequency attacks that are typically harder to detect than those of a “brute force” nature. Bot attacks like this are known to be “low and slow,” meaning they use low volumes and slow traffic to appear as legitimate transactions and bypass any security measures already in place.
- Global shared intelligence: Attackers are increasingly adopting strategies to stay below the detection threshold of individual businesses, but they ultimately leave an identifiable global footprint. Therefore, no retailer or other business today can afford to stand alone in the fight against cybercrime. Using global shared intelligence through a digital identity network, you can share threat information across thousands of businesses to identify cross-industry, cross-business and cross-geography attack signatures. This enables you to easily flag suspicious behavior to either reject a transaction or put it through additional review.
- Malware detection: Malware, including keyloggers, trojans, man-in-the-browser and man-in-the-middle attacks, is frequently used to carry out botnet attacks. Malware detection enables you to scan mobile apps and operating systems for these potential threats. By incorporating advanced page fingerprinting into your malware detection, you can identify threats that typically evade outdated security measures.
Data breaches and associated botnet attacks are likely to continue their steady growth throughout 2016. With a layered, global approach to cyber security, you can ensure your customers stay protected and have the best customer experience possible.
Alisdair Faulkner is Chief Products Officer at ThreatMetrix.