Although there used to be a good mix of people shopping both in-store and online, the pandemic accelerated the rate at which shoppers flocked to online retailers. Because of this shift, customer experience (CX) is more important than ever for keeping customers happy, including mobile applications and APIs. Without an easy-to-use website or mobile app, users won’t stick with your business when other options are available. And the key to a good user experience is mitigating bot traffic.

DataDome recently commissioned a survey with Forrester, which showed that while 84% of businesses prioritize customer and app experience, bots persist. A powerful, flexible bot management solution and complete endpoint protection are necessary to protect the user experience (UX) and maximize business outcomes.

Types of Online Fraud

Bots perpetuate several types of online fraud, including inventory fraud, card fraud, and account fraud. Businesses often face inventory fraud when dealing with high-value item releases, like gaming consoles or limited shoe releases. Bots hoard these items because they can grab them faster than actual humans, and then the people behind the bots sell the items for higher retail prices. This frustrates actual users because they can’t get the items, they want without going through a third party.

Bots use credit card skimmers on payment pages to gather stolen card numbers and use them for fraudulent purchases. If these purchases make it past the business’s anti-fraud protocols, they risk chargebacks and customer ire. With chargebacks, not only do businesses lose the money paid for their product, but they can’t even recuperate the product. And, once an user has their information stolen, they’re unlikely to trust that business again, likely warning their friends and family away as well.

Account fraud, also sometimes called account takeover (ATO), is similar to credit card fraud, but bots add malicious keylogging code to the login page to gather user credentials instead of payment details. Then, they can use that login information to gain personally identifiable information (PII) about the business’s users or make fraudulent purchases. A login from a new location or device type is often a good indicator of account fraud.

Internal and External Effects of Bot Traffic

Malicious bot traffic causes problems for organizations both internally and externally. For one, most IT departments are already overburdened; responding to automated threats only adds to their plates. This may lead to burnout in IT employees, causing them to seek new roles or become less effective. Bot attacks can also increase a company’s operating costs. Replacing burnt-out IT professionals is expensive and difficult, and 45% of respondents in the commissioned Forrester survey listed the cost of hours spent mitigating bot attacks as the top impact of these threats.

Externally, bot attacks can cause users to lose trust in the business. The users no longer feel that their data is safe, and they’ll likely look to have their needs met elsewhere. Bot attacks may also cause user frustration thanks to a poor user experience. They slow the website down, cause glitches, and prevent real customers from getting the items they want. Between lower user satisfaction and the loss of trust, bot attacks can cost online businesses a major chunk of revenue.

Obstacles to Effective Bot Mitigation

Some 24% of businesses surveyed said their IT department is unable to keep up with the number of attacks, likely because many IT teams are understaffed. As companies employ more technology, they need more IT professionals to run it. However, there aren’t currently enough trained IT professionals to fill all of the open roles, leading to understaffed departments and overwhelmed teams.

Consequently, organizations rely on bot mitigation solutions to alert them to attacks and automate remediation. Unfortunately, many of these solutions don’t provide real-time information about attacks, or they produce false positives, leading to alert fatigue. As such, a majority (76%) of businesses say identifying false positives in real-time is a priority for the coming year. Otherwise, security administrators can’t respond fast enough to actual attacks because they have to investigate every alert.

Many bot mitigation solutions also suffer from a lack of integrations and flexibility, making it difficult for organizations to use them effectively. If vendors have to constantly update their tools to account for new attacks, they aren’t allowing their clients to actually use the platform to protect their business. Instead, bot management software should include features that address a variety of attack types, including distributed denial of service (DDoS), information skimming and inventory hoarding.

How Bot Management Improves User Experience

A flexible bot management solution is critical for improving the user experience. By blocking bots, both your site and mobile app can load faster, and you’ll suffer less downtime due to bot attacks. And performance isn’t the only benefit you’ll see.

Users are more likely to score high-value items when they aren’t hoarded by bots, leading to higher satisfaction ratings and products going into the hands of actual fans instead of resellers. According to the survey, 7 out of 10 bot attacks target high-profile events, making it even more essential for businesses to protect themselves against card, account, and inventory fraud. When fraud isn’t an option on your site, users can trust you to keep their data safe.

Connecting the Dots Between Bad Bots & Online Fraud

Bot attacks have lasting and far-reaching impacts on businesses both internally and externally. User experiences are directly related to growth, higher cross-sell and upsell opportunities, and increased customer retention. Bots put the user experience at risk. To fully protect your organization, you need a complete bot management solution that includes coverage for mobile apps and APIs, not just your website. Look for responsiveness, expertise and flexibility in bot management vendors to block bots and reduce online fraud in your system.