Site icon Merchant Fraud Journal

PerimeterX Annual E-Commerce Report Shows 106% Increase in Bot Attacks Plus Sharp Increases in Scraping and Carding, Fueling the Web Attack Lifecycle

SAN MATEO, Calif., March 8, 2022 – PerimeterX, the leading provider of solutions that detect and stop the abuse of identity and account information on the web, today released its annual Automated Fraud Benchmark Report: E-commerce Edition. The report provides detailed analysis of e-commerce cyberattack activity over the past year, generated by unique insights and research on the web app traffic and threat patterns experienced by some of the largest and most respected brands in retail e-commerce.

The report provides a deep dive into the ways that cybercriminals use bots to scrape, validate and fraudulently use consumers’ identity and account information. Findings were taken from anonymous data collected during 2021, captured from live online interactions by millions of consumers and hundreds of millions of bots across hundreds of the world’s largest websites, mobile apps and application programming interfaces (APIs).

Analyzing billions of user interactions, key findings included:

“Mobile apps and websites continue to be the primary way consumers discover, shop and interact with a brand, especially during popular hype sales events. Stored credit cards, gift card balances, loyalty points and personally identifiable information (PII) make e-commerce apps the ideal target of threat actors who are increasingly leveraging automated attacks,” said Kim DeCarlis, CMO, PerimeterX.

Individual attacks themselves are not the only threat. Online accounts now hold a piece of a user’s identity — which becomes more valuable than simply a stored credit card. If a cybercriminal can hide behind a legitimate user’s identity, the opportunities to commit fraud increase significantly, laying the foundation for the “web attack lifecycle” by digitally skimming PII to steal information, validating it with credential stuffing attacks, and fraudulently using it to commit ATO or create fake accounts.

The report also found:

“Attackers are increasingly diverse in their sophistication and attack methods. This includes technically adept youngsters, amateur botters, savvy professional cybercriminals and cybercrime communities, as well as a growing crime-as-a-service (CaaS) ecosystem that allows just about anyone to get in on the action,” explained Liel Strauch, PerimeterX Director of Cyber Security Research.

Automated Fraud Protection Best Practices

PerimeterX offers steps to help organizations reduce their risk and better defend against automated fraud, including:

“E-commerce providers are often handicapped by limited visibility into only their own data. We’ve published this report as a service to the industry. E-commerce providers can use the report to compare themselves against their peers, discover attack trends and learn ways to more efficiently safeguard their site and customers against fraud. We also provide guidance for protecting their revenue and reputation without adding friction to the buying journey,” noted DeCarlis.

For a detailed breakdown of the types and frequency of attacks, and further recommendations, see the full Automated Fraud Benchmark Report and register for the webinar on April 13 at 10am PT.

 


About PerimeterX

PerimeterX is the leading provider of solutions that detect and stop the abuse of identity and account information on the web. Its cloud-native solutions detect risks to your web applications and proactively manage them, freeing you to focus on growth and innovation. The world’s largest and most reputable websites and mobile applications count on PerimeterX to safeguard their consumers’ digital experience while disrupting the lifecycle of web attacks. PerimeterX is headquartered in San Mateo, California, and at www.perimeterx.com.

Exit mobile version