Having a good Christmas is critical for many businesses. Transactions and revenue spike skyward, as do customer expectations and emotions, while there’s a lot of ‘end-of-a-long-year’ distractions internally too.
This is the first of four festive posts to help your business and keep Christmas merry. Over the next 2 weeks we’ll also cover customer experience, competitor scraping and how to deal with the issues today, not in 2020.
But let’s start at the beginning; how will you know if your website is being targeted by fraudsters?
Whilst the signals of a traditional attack are usually obvious (large spikes in request volumes or malicious payloads), fraud attacks are significantly harder to detect.
Unfortunately, many web security and analytics tools provide limited visibility of fraudulent activity. These attacks fall into a ‘grey area’ and too often businesses rely on backend retrospective metrics to report on attempted fraudulent activity.
During November’s Click Frenzy sales event, Kasada detected an advanced fraud-bot targeting one of the large e-commerce platforms. We detected a covert operation in which the bot combined normal human activity with malicious payment/card fraud requests. This bot is targeting a range of customers on the same platform with a similar modus operandi.
Fraudsters need to buy their loved ones Christmas presents as well and the online sales events, such as Click Frenzy or Black Friday, provide the perfect cover for them to generate extra income. These sales events radically change the traffic profile of your website. All the established baseline metrics can no longer be used to detect anomalies. This creates a low risk opportunity for the fraudsters to increase their activity without being detected.
Monitoring request volumes for customer X during Click-Frenzy:
It also changes the request patterns across the site, making it significantly harder to detect malicious activity.

