back Back

Concerns around bot attacks among FS businesses

By Puja Sharma

June 13, 2022

  • API
  • Automated Chatbots
  • Bots
Share

Bots attacks, fraud, FinTech

The bot detection, and mitigation specialist, Netacea, releases its new report on how businesses are dealing with bot attacks. It reveals one key area where businesses are failing to tackle attacks—bots are going undiscovered for an average of 16 weeks, up two weeks from last year’s findings.

The study, The Bot Management Review 2022, surveyed 440 businesses including e-commerce, financial services, and telecoms sectors in the United States and the UK. It is a follow-up to last year’s report and finds that in almost every measure, businesses appear to be doing worse than last year in the fight against bots—though this may not necessarily mean they are losing the fight.

“On the face of it, this looks like a very poor result for businesses hoping to fight the effect of bot attacks. Our research has shown that bots have a substantial effect on business revenues, and so it’s in their interest for our results to move the other direction,” said Andy Still, CPO and Co-Founder, Cetacea.

“However, we think that the results can be interpreted another way. Businesses are taking time to wake up to the threat of bots, and we see at least part of this increase in bot attacks being down to greater awareness. Businesses are getting better and recognising bot attacks, and so while it may look like things are getting worse, there is some cause for cheer.” he added.

The report’s results on bot myths go some way to confirm this theory, with incorrect assumptions about bots believed less than in previous years. Fewer businesses believe that all bot attacks come from Russia and China, that a Web Application Firewall will stop sophisticated bots, and that ReCAPTCHA is an effective tool against all bots. However, more than 50% of businesses still believe these myths, suggesting there is still some way to go.

“Businesses may be beginning to turn the tide against bot attacks, but if so it is just the beginning,” said Matthew Gracey McMinn, Head of Threat Research, Netacea. “The most damning result of our research, that attacks go unreported for 16 weeks, shows the risk of complacency—bots can essentially run wild for months before the threat is tackled. Better understanding is vital, but just the first step.”

Bot attacks include:

Scraping financial data: There are many ways that competitors can steal your custom content, including financial data scraping and FinTech companies scraping your data for use and resale. Aggregators can also collect your sensitive data. These actions and more may cause competitors to lose revenue.

Account takeover and fraud: Credential stuffing, credential cracking, and dictionary attacks are all terms used to describe account takeover and fraud. This attack intends to get unauthorized access to user accounts by using brute force. Many financial services are targeted by this type of attack.

API attacks: Bots are attacking API endpoints to gain access to sensitive data via API scraping, web API hijacking, and mobile API hijacking. API security is often neglected by organisations, which rely on simple authentication tokens and IP rate limiting to secure these critical attack vectors.

Fraudulent use of credit cards: These are both examples of ways in which bad actors use bots to either authorize stolen credit card information or guess the missing parts of partial credit card information they have already collected. This directly damages a business’s fraud score and increases customer service costs.

Key takeaways

  • Bot owners are shifting their tactics, with 60% of businesses detecting attacks on APIs and 39% detecting attacks on mobile apps (up from 46% and 23% in 2021 respectively).
  • Attacks from each of the main types of bots—sniper, account checker, scalper, and scraper—have all increased by between 7-9 percentage points from 2021. 53% of businesses are now detecting attacks from account checker bots.
  • Almost all businesses, around 97%, report that customer satisfaction has been affected by bot attacks.
  • The revenue impact of skewed web analytics, caused by bots being treated as genuine visitors, has increased from 4% to 5%, though fewer businesses report a substantial impact from this particular effect of bot attacks.

Previous Article

June 13, 2022

BankProv provides Banking-as-a-Service support for Etana Custody

Read More
Next Article

June 13, 2022

Trulioo accelerates product innovation to safeguard global businesses

Read More






IBSi FinTech Journal

  • Most trusted FinTech journal since 1991
  • Digital monthly issue
  • 60+ pages of research, analysis, interviews, opinions, and rankings
  • Global coverage
Subscribe Now

Other Related News

January 17, 2025

Nearly half of UK banks will miss DORA deadline, risking hefty fines

Read More

January 17, 2025

The Weekly Wrap: all you need to know by Friday COB | January 17th

Read More

January 16, 2025

How Cards-as-a-Service is reshaping the future of digital payments

Read More

Related Reports

Sales League Table Report 2024
Know More
Global Digital Banking Vendor & Landscape Report Q4 2024
Know More
NextGen WealthTech: The Trends To Shape The Future Q4 2023
Know More
IBSi Spectrum Report: Supply Chain Finance Platforms Q4 2023
Know More
Treasury & Capital Markets Systems Report Q4 2024
Know More