By Alon Dayan, Chief Technical Officer, Unbotify, An Adjust Company
When is the last time you set foot in a store? The answer may vary depending on whether you’re the “shop every two weeks and wear your mask”-type or the “have everything you need to be delivered to your doorstep”-type. Whichever group you fall into, it’s likely you’re shopping online now more than ever. In May, total online spending hit a staggering $82.5 billion, up 77.0% year-on-year, according to Adobe. And much of that money was spent on mobile.
Back in 2019, more than 50% of U.S. respondents said they used an app to make a retail purchase in the past month — meaning mobile retail is growing even faster than online shopping as a whole. After an initial downturn in the first quarter — according to Adjust’s App Trends 2020 report e-commerce installs were down 12% week-on-week — retailers like Best Buy, Home Depot, and even Abercrombie & Fitch reported that their app downloads doubled in the second quarter of 2020.
There’s no sign that mobile shopping is going to slow down as the holiday season approaches. Over a third of U.S. shoppers who normally shop in-store for Black Friday say they won’t this year, according to Google. With the mobile retail trend on the fast-track — some estimates say COVID-19 accelerated e-commerce growth by four to six years — apps are a prime target for fraudsters.
The bot-threat to mobile retailers
Some may think about in-app bot fraud primarily as a problem for gaming apps, but that’s a misconception. Bots can be just as effective — and disruptive — in e-commerce as they are in the gaming world. Programmed to act like a human and carry out specific tasks within a retailer’s mobile app — such as buying up all of a limited-edition item — bots undermine the experience of legitimate shoppers.
Imagine you’re a shopper who’s been waiting in line all night to buy the newest Air Jordan’s — and just as the doors open a bot cuts in line, marches through the doors, and buys every shoe on the shelf. You would be angry — and you might even take it out on the store owner, who left the door wide open to the bot.
However, the impacts of in-app bot fraud on retailers can go well beyond compromised user experience. Bots can also stuff stolen log-in credentials to take over accounts and make purchases with the saved account information. A breach like this can destroy user trust for years to come.
Furthermore, bots can dramatically skew your data — leading to misinformed business and marketing decisions. Inaccurate analytics results in difficulties A/B testing, scaling or appropriating resources, erroneous KPI tracking, and poor conversion rates.
Bots are big business
COVID-19 has a knack for exposing weaknesses, and that’s true even of mobile app security. As the demand to create apps quickly rose, developers often rush to market, leaving security as an afterthought. This simply won’t do. E-commerce bots are becoming big business, backed by an increasingly professional group of fraudsters.
Just like legitimate tech disruptors, bot fraudsters aim to provide bots-as-a-service for unscrupulous customers. Take scalping bots as an example. A quick search on the web will arm you with links to bot operators. From there, all you need is a credit card to get started.
Unfortunately, many bots go undetected as companies still don’t fully understand the threats they pose. Predictably, market leaders often know about the problem because their audiences are prime targets. But even for companies operating at a massive scale, bot fraud is a difficult problem to solve.
How e-commerce apps can fight back against fraud
When it comes to bot fraud, companies can’t usually go it alone. Because bots are designed to simulate human behavior, using machine learning to register legitimate human behavior is the best way to stay one step ahead of fraudsters. Luckily, there are anti-bot solutions that can protect your app.
Human behavioral patterns when using mobile devices are complex – a factor that can be leveraged to distinguish bots from humans. For example, real users will scroll and tap their device in irregular, unpredictable patterns that are extremely difficult to simulate. The next time you’re scrolling through an app, try to pay attention to how many times you accidentally scroll to the wrong area, or suddenly leave the app when you get a text. This is the kind of behavior machines have trouble reproducing.
Users also perform in-app actions in several locations throughout the day and will not always hold their devices in the same way. They might start searching for a product while at work but not complete the purchase until they get home, or switch to view a product horizontally when zooming in on product details. Machine learning can be used to compare these real behavioral patterns with a bot’s behavior. It leverages anonymized sensor data — including accelerometer, light sensor, touch events, and battery status — to identify bots from legitimate users (while also remaining fully compliant with all data privacy regulations).