The Reign of Good and Bad Bots in eCommerce

by Shira Itzhaki, Head of Identity and Bot Protection at Forter

A bot is a software application that performs automated tasks. Bots can range from simple to highly sophisticated, capable of performing a variety of functions from filling out forms and automating gameplay to more complex actions like scraping a website for personally identifiable information (PII).

The first bot ever developed was by MIT professor Joseph Weizenbaum in the 1960s. It was called ELIZA, and it employed pattern matching and substitution techniques to simulate a conversation. Then came PARRY in the 1970s, which was used in healthcare and assessed using a variation of the Turing test, as well as the Jabberwacky in the 1980s. This bot was used for academic research, which has led to other technological growth. Since then, bots have evolved, eventually making their way to the internet.

However, not all bots found online are alike. Distinguishing between good and bad bots as well as the bot’s reputation or intention to impact online merchants is a challenge not often discussed.

“Good for the Business” Bots

Traditionally, bots have been primarily categorised as malicious, engaging in harmful activity such as penetrating websites to steal inventory, testing stolen credit cards, or executing credential-stuffing attacks.

However, with the emergence of GenAI tools, powerful user-friendly features – such as crawling the web to find the most affordable flights quickly – have become commonplace. This is an example of a “good” bot. Taking this one step further, we predict a not-too-distant future where these bots become good for business – making online purchases on behalf of consumers, using their credentials and payment information to automatically restock your fridge, cleaning products or other household products, for example.

While AI’s impact has primarily been in the back end of workflows, this is a prime example of how GenAI technologies are bringing bots to the forefront of online shopping.

Another “good for the business” bot use case is when online merchants allow resellers to make large quantity purchases of dead stock or stock overfills using bots. This use case, in particular, needs to be monitored carefully to ensure the reseller bots are not in competition with the retailer but instead purchasing unwanted products in bulk.

“Good for the business” bots can also help retailers optimise their pricing, promotions, and merchandising by determining demand and subsequently altering sales strategies based on this data. This can be used to deliver personalised and relevant experiences to customers including offers and product recommendations, based on preference or need.

Bad bots-as-a-Service

On the other hand, bots can also be bad for business. In 2023, bad bots accounted for 32% of all internet traffic. The online criminal ecosystem has become so advanced, that with the accessibility to GenAI tools, anyone can craft a bot. Bad actors are now selling their bots on the dark web to those looking to make a fraudulent windfall, essentially bots-as-a-service. Criminals can then use these bots to carry out credential-stuffing attacks to “take over” consumers’ online accounts with major retailers. From there, they may choose to make fraudulent purchases or steal loyalty points.

Unlike “good for the business” bots that help retailers manage excess inventory, bad bots can purchase low-quantity, high-demand items in bulk within a matter of seconds. Fraudsters can then either resell the items after the hype has died down or resell them at an extortionate price on third-party marketplaces.

CAPTCHAs (as a Bot Protection Solution?)

CAPTCHAs are widely employed to distinguish between human users and bots, but can they effectively differentiate between malicious bots and beneficial ones? Could they ensure that business-friendly bots can operate on your platform while blocking bad actors? The answer is, unfortunately, no. CAPTCHAs serve a singular purpose: to determine if a user is a human or a bot. This simplicity creates a significant gap and poses a barrier to conducting business in today’s environment, where beneficial bots are becoming increasingly prevalent.

Identity is key to distinguishing between good and bad

The dynamic nature of today’s bots requires a different approach. Digital commerce leaders must abandon traditional and legacy technologies in favour of solutions that offer identity intelligence. These systems can pinpoint the exact identity – good customer, bad actor, or bot – behind every interaction.

This approach ensures legitimate customers have a frictionless experience across the whole buying process while blocking activity from bad bots and fraudsters. Furthermore, retailers should:

●       Implement identity intelligence tools at every step of the digital commerce journey, before and not only at checkout.

●       Gather data to inform decisioning, including whether users are utilising proxies or not, behaviours such as browser activity, device usage and payment methods. This will help retailers understand how consumers purchase, the frequency of their transactions, and their login patterns.

●       Ensure bot experts are working with fraud experts to track behavioural patterns, helping to identify fraud.

Using identity-level intelligence, fraud and bot detection teams can distinguish between humans, good bots and bad bots – resulting in stronger bottom lines and an enhanced consumer shopping experience.

spot_img
Ad Slider
Ad 1
Ad 2
Ad 3
Ad 4
Ad 5

Subscribe to our Newsletter