Amazon’s annual sale event Prime Day takes place on July 12 and 13 this year. Early deals began on June 21. It is also prime time for fraudsters to launch automated bot attacks on e-commerce retailers.

Retailers Must Be Alert to the Possible Dangers That Bad Bots May Cause

Bot-driven attacks remain the top security threat to the e-commerce industry. Bots can abuse online stores and retailers in many ways. The below is frequently happened bot attacks on online retailing during annual e-commerce bonanzas, like Amazon Prime Day and Black Friday.

Account takeover (ATO)

It is among the top serious threats in e-commerce today. Account takeover is an automated bot attack where bot operators steal online accounts via credential stuffing or other bot attack techniques. ATO would lead to serious data breaches if it is not stopped. ATO has increased by 378% since the COVID-19 pandemic. 

Credit Card Fraud

Fraudsters use stolen card information to access batches of credit cards and then repeatedly buy things with the cards on an online shopping platform. Statistic from the U.S. Federal Trade Commission shows a 44.7% increase in credit card fraud from 2019. $24.26 billion was already lost globally due to card fraud in 2018.

Gift Card Cracking

Gift card cracking is a variation of credit card fraud. Fraudsters take away the benefit that retailers provide to real consumers through mass enumeration of coupon numbers, voucher codes, discount tokens, etc. It may severely impact payment systems for online retailing organizations.

Denial of Inventory

Denial of inventory is an automated attack that depletes goods or services stock without ever completing the purchase or committing to the transaction. It significantly cramps online retail businesses by preventing customers from placing orders.

How GeeTest CAPTCHA Fights Bot Traffic and Online Fraud?

GeeTest CAPTCHA offers a bot management solution that combines dynamic and adaptive methods to help online retailers deal with automated bot attacks mentioned above.

Proactive CAPTCHA challenge updates

For most CAPTCHAs, including GeeTest CAPTCHA, CAPTCHA images represent the main part of the CAPTCHA challenge. GeeTest CAPTCHA updates CAPTCHA images on an hourly basis, while most vendors are unable to do so.

GeeTest learns the pattern of bot attacks through 1.6 billion daily CAPTCHA requests. The AI-powered algorithm updates the images at the point when attacks are possible to start. 

Besides that, GeeTest creates image update plans according to the client’s industry. For example, an e-commerce organization may have a higher risk of being attacked during shopping festivals like Black Friday and Cyber Monday, and those from the blockchain industry are likely attacked while users make transactions. The CAPTCHA images will be updated at the high-risk moments of the client’s business.

Special “treatment” for suspicious requests 

• Real-time labeling

GeeTest CAPTCHA acts based on real-time monitoring. It estimates each request’s risk according to multiple real-time metrics, like IPs, the user’s behavior trajectory, signs of web simulators and CAPTCHA farms, etc.

• Proof of work (PoW) mechanism

Adjusting PoW for each user, GeeTest manages the time that each verification takes. For regular users, it takes only about 10 milliseconds, while for malicious requests, it takes more time and consumes more CPU.

Through “indirect” methods, GeeTest CAPTCHA notifies clients of the risk, and they will put restrictions on these suspicious visitors instead of simply blocking them.

Final thoughts

Online shopping festivals, like Amazon Prime Day, cast a higher incidence of bot-driven attacks and fraud targeting online retailing. CAPTCHA is the most common and effective way to stop bot traffic due to its easy implementation.

GeeTest offers Adaptive CAPTCHA that balances user experience and security. Try demos! Or register to claim a free 30-day trial today!