Freely subscribe to our NEWSLETTER

"The NCSC guidance on how consumers can protect themselves in the lead up to Black Friday and Cyber Monday is laudable but it puts the onus on the consumer by advocating two factor authentication and fails to address the cause of much of the online fraud we see. Retailers must ensure they have the proper security controls in place to monitor, authenticate, and restrict traffic without which attackers can exploit weaknesses in applications and their associated APIs which are the backbone of many e-commerce platforms. Abusing these APIs can allow an attacker to carry out Account Takeover (ATO), fraud and to overload sites for malicious purposes, causing lost revenue and custom due to frustrated customers and reputational damage.
These attacks are typically bot driven and the consumer is powerless to do anything about them. Often sophisticated and in many cases custom-coded, these bots can only be detected by solutions that employ machine learning and behavioural analysis. Such solutions identify and separate malicious traffic and bots from the good and track them as they change tactics to evade detection. When it comes to stopping an attack, it’s vital the retailer has a number of options at its disposal to counter the attack, particularly if the attacker pivots. Actions like logging, tagging, rate limiting, deception, and blocking can all be used to arrest the attack. It’s also important that the retailer uses a solution that addresses both bots and API attacks because if you have one tool detecting bots and another providing mitigation, response time suffers which can allow some bots to get through.”