Bad bot, bad bot whatcha gonna do…damage e-commerce sites

Bad bots hitting an organization’s website are a very common occurrence, but a new report shows e-commerce sites are bearing the brunt of and being negatively impacted by this invasive activity.

Bad bots comprise 17.7 percent of all e-commerce site traffic, compared to 13.1 percent for good bots and the 69.2 percent generated by human traffic, according to the report How Bots Affect E-commerce, which was generated by Imperva’s Bot Management threat research team (formerly Distil Research Lab). As this is the first report looking at bot traffic and e-commerce there are no earlier figures for comparison.

The vast majority of bad bots, 63.6 percent, originated from a U.S. source with Germany, 18 percent, and France, six percent, being next in line.

Interestingly most of the groups sending the bad bots are not criminal in nature, but are often looking for a competitive edge.

The impact these bad bots have is far ranging. Some bots scrape prices and product information, while others check inventory, denial of inventory activities, scalping, customer account takeover, gift card abuse, spam comments and transaction fraud. In addition to obtaining unauthorized information these large number of bots can slow down sites causing customer dissatisfaction, Imperva reported.

“This study shows that bad bots cause round-the-clock damage on e-commerce websites, APIs and mobile apps,” said Tiffany Olson Kleemann, VP of Bot Management at Imperva, adding that “Online retailers must also practice good web security hygiene and take advantage of the technology solutions at their disposal to protect their websites and customers. Gaining a granular understanding of bot threats is a critical first step in the right direction.”

Imperva found that these bots are sent from four main sources:

  • Competitors which scrap product prices and check inventory.
  • Investment companies which are interested in product pricing, discounts offered and delivery fees.
  • Resellers which may instantly purchase in-demand items for their own store along with scraping product details.
  • Criminals looking to take over accounts, conduct credit and loyalty card fraud and abuse gift cards.

Another impact bots have is skewing an organization’s analytics. Bad bots make it almost impossible for an e-commerce site to measure conversion rates, visits turned into sales, because most bots just come to the and then leave without making a purchase. This can cause a retailer to start increasing funds money to boost customer acquisition, as well as, on adding to their infrastructure to ensure the bad bots don’t cause brownouts or downtime.

Criminal activity can also directly impact those with accounts at a particular e-commerce retailer. The reported noted that many bots spend their time conducting account takeover attacks using previously obtained login in information to conduct dictionary or credential stuffing.

Imperva compiled this data by looking at 231 domains over a 24-day period in July and reviewing 16.4 billion requests.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.