Bots threaten to disrupt Black Friday and Cyber Monday UK retail spree
Merchants and online retailers could face an onslaught in bot attacks this Black Friday and Cyber Monday, with potentially 1 in every 40 online transactions expected to be a result of a fraudulent bot attack, according to analysis by LexisNexis® Risk Solutions.
Evidence from the latest LexisNexis Risk Solutions Cybercrime Report, shows a growth in both transaction volumes and attack automation in the first half of 2020. The fraud solutions provider today warns that this could signal a spike in attempted fraud attacks during the festive shopping period, as fraudsters capitalise on larger average basket sizes and use transaction volumes surges to hide their activity. It also points to the recent rise in automated bot traffic as a sign fraudsters may use this particular approach to mass-test stolen credit card details to place fraudulent orders in the run up to Christmas.
Between January and June 2020, the LexisNexis® Digital Identity Network® reported over 337 million e-commerce transactions in the UK, a growth of 21% compared to the same period in 2019. This growth was fuelled by a surge in in new-to-digital users and closing of physical stores resulting from the national lockdown environment, driving consumers online. However, this increase in transaction volume is creating the perfect camouflage for fraudsters to exploit, allowing them to remain undetected as they launch attacks and monetize stolen credentials. It seems that bots may be the favoured attack of choice for fraudsters targeting ecommerce, with the network seeing a comparative rise in automated bot attacks during the first half of the year; out of the 337 million ecommerce transactions reported in the first half of the year, the Network detected 9.3 million were in fact automated bot attacks, a huge 235% increase year-on-year.
Bot attacks allow fraudsters to test stolen identity credentials on a mass scale. By automating bot attacks, fraudsters can test and validate a myriad of stolen credentials at speed, allowing them to takeover genuine customer accounts to perpetrate further fraudulent activity. Fraudsters continue to adapt and evolve attacks, and with consumers increasingly choosing to transact via mobile device, the Network saw the percentage of attacks originating from a mobile device increase by 17% on last year.
This Black Friday and Cyber Monday, amid lockdown restrictions continuing to push consumers online to transact, the global data and analytics provider is urging both consumers and retailers to be vigilant – a call to arms made all the more important as third-party fraud, (to which bot attacks significantly contribute) account for a third (34%) of fraud losses each year in the UK retail sector, according to LexisNexis Risk Solutions True Cost of Fraud report.
The cost of doing nothing this Black Friday weekend could be considerable; for every fraudulent transaction, the cost to UK merchants is actually 2.66 times the amount of the lost transaction. Mobile will also take a prominent role this year, and despite inherent security controls such as biometrics, could result in fraud costs amounting to 1.67% of an organization’s annual revenues overall.
Rebekah Moody, director, fraud and identity at LexisNexis® Risk Solutions, comments: ‘Fraudsters will make the most out of the increased levels of online shopping activity on Black Friday and Cyber Monday to slip under the radar, test and fabricate stolen identities. The lead up to Christmas is the perfect time for fraudsters to strike, especially this year as consumers are forced to do more online as a result of government- imposed lockdown measures.”
“As criminals develop ever more complex methods to commit fraud, businesses must be able to keep pace with the shifting cybercrime landscape and arm themselves with fraud defences that layer multiple solutions to detect and block the full spectrum of attacks. It is vital to separate the good from the bad, the fraudulent from the legitimate – we can bring together digital identity intelligence, behavioural biometrics, machine learning techniques and other advanced technology to help prevent and detect fraud.”
“At the same time it is vital that consumers play their part and take the steps necessary to protect their data – by being aware of online scams like phishing, designed to steal their login details as well as being careful about what personal information they share online, particularly social media. Personal data is a valuable commodity. While transacting online, it’s sometimes easy to give it away without really thinking about how it is being used or why it is needed.
Only by consumers, organisations and law enforcement working together will we be able to finally stop fraudsters in their tracks.”