Dramatic Shifts in Online and Offline Behavior Lead to “New Normal” of Higher Volume, Frequency and Sophistication of Account Takeover, E-Gift Card, Scraping and Checkout Attacks
SAN MATEO, CA, May 25, 2021 – PerimeterX, the leading provider of solutions that protect modern web apps at scale, today released its Automated Fraud Benchmark Report: Ecommerce Edition, a comprehensive new annual report on ecommerce cyberattack activity over the past year. The report stems from research on traffic and threat patterns experienced by some of the largest and most respected brands in retail ecommerce.
The report examines the latest trends in automated attacks and fraud, culled from the observations of the PerimeterX research team. This year’s findings are taken from anonymous data collected during 2020, captured from live online interactions by millions of consumers and hundreds of millions of bots across hundreds of the world’s largest websites, mobile apps and application programming interfaces (APIs).
“What’s clear is that automated fraud has no season,” said Kim DeCarlis, CMO, PerimeterX. “The ‘new normal’ rate of automated attacks far outpaces previous seasonal peaks, and retailers should plan for elevated volumes throughout the year. Retailers in ecommerce will need to adapt to this new environment of higher automated fraud activity in order to continue to grow their sales and profits, increase efficiency and protect their brands.”
PerimeterX researchers observed an elevated baseline of automated fraud and criminal activity across a broad array of attack types and product categories. The year 2020 saw considerable growth across all the major types of automated fraud, including account takeover (ATO), gift card cracking, scraping and checkout attacks. The ongoing daily level of attacks was the same as during the most recent Cyber 5 period — the traditional Black Friday through Cyber Monday shopping timeframe.
Analyzing billions of user interactions, key findings included:
- Every major U.S. holiday in 2020 saw increases in gift card fraud
- 85% of all login attempts were ATO attempts in September 2020
- Checkout attacks rose 69% in April 2020
- Scalper bots drove more than 40% of total shopping cart requests during peak limited-edition sneaker sales
- Peak levels of blocked traffic were over 95% in four months
A wider array of online merchants faced automated fraud attacks as cybercriminals expanded into new industries and began to attack smaller businesses with greater frequency. The continued emergence of criminal specialization — selling lists, renting botnets, offering attack technology-as-a-service — and marketplace dynamics in advanced attacks has led to greater efficiency and a lower bar for fraudsters to enter the market.
“Our team observed cybercriminal activity we identified as testing of their Cyber 5 attack plans in September, a month earlier than in previous years,” said DeCarlis. “This compressed the time that development and digital teams had to react and respond to shifting trends in automated attacks and application security.”
In the report, PerimeterX offers steps to help organizations reduce their risk and better defend against fraud, including:
- Assess your risks and audit your exposure
- Consider building a system to log attacks
- Evaluate and consider technologies to proactively block automated fraud attacks
- Identify product pages that are targeted and protect them from scraping bots
- Analyze impact of challenges on checkouts and abandonment
- Adopt modern solutions that leverage machine learning
For a detailed breakdown of the types and frequency of attacks, and further recommendations, see the full Automated Fraud Benchmark Report and register for the webinar on June 8.
About PerimeterX
PerimeterX is the leading provider of solutions that protect modern web apps at scale. Delivered as a service, the company’s Bot Defender and Code Defender solutions detect risks to your web applications and proactively manage them, freeing you to focus on growth and innovation. The world’s largest and most reputable websites and mobile applications count on PerimeterX to safeguard their consumers’ digital experience. PerimeterX is headquartered in San Mateo, California and at www.perimeterx.com.