Distinguish Bot Activity from Legitimate Human Behavior

The rapidly escalating problem of bot attacks is costing ecommerce organizations worldwide an estimated $48 billion a year in fraud losses. The true extent of the damage is difficult to quantify, as bots also have a significant impact on the consumer experience and on retail companies’ ability to upsell products and services. Additionally, manually protecting an organization from bot activity is a resource-heavy activity that is estimated to take around 10,000 hours on average annually.

Good and bad, sophisticated and unsophisticated

Bot activity might be widespread across digital channels – but not all bots are malicious. A bot is a piece of software that is designed to perform a specific action. The internet landscape is rich with ‘good’ bots that perform tasks such as enhancing search engine rankings and improving consumer service. Fraud risk, however, comes from ‘bad’ bots that are used by fraudsters for a range of purposes from credential stuffing to consumer impersonation – and ecommerce is one of the sectors that sees the highest incidence of malicious bot traffic.

Malicious bots fall into two broad categories: sophisticated and unsophisticated. The more sophisticated a bot script, the more closely it mimics genuine human behavior – and the more difficult it is to detect.

Stopping the bots

While bot attacks have become a major problem for ecommerce in a very short space of time, the good news is that advancements in technology and data analytics are giving companies valuable ammunition to fight back against fraudsters. A robust fraud prevention strategy for ecommerce businesses requires linking a multitude of data elements to draw insights that can help distinguish a bot from genuine consumer behavior.

Personally identifiable information (PII)

A common weakness of bot scripts is that they rely on randomized and therefore often unrealistic patterns – in other words, they do not take account of patterns such as the normal age demographic of consumers. LexisNexis® ThreatMetrix® helps protect against bots by analyzing PII for unusual and suspicious patterns. Take this real-life example of a selection of account opening requests (below), where analysis showed that over a third of events were associated with ‘consumers’ who were aged 81 or more. This is a classic case of an unsophisticated bot – the fraudster was either unaware of the normal age demographic for this event or did not take it into account.

Geolocation and IP address

The IP address of a bot’s origins provides important clues. Less sophisticated bots tend to run on IPs that originate from well-known internet or data hosting services. In some cases, proxy IPs are used to mimic the natural distribution of internet traffic – this is typical behavior in a distributed bot attack. Capabilities from LexisNexis® Risk Solutions enable organizations to see through proxy IPs and in one case, helped to identify four ‘true’ IP addresses that were accounting for 88% out of thousands of proxy IPs used in a coordinated attack.

Organizations leveraging capabilities from LexisNexis Risk Solutions can conduct geolocation comparisons between the IP address and the street address to understand the proximity of the two as a risk indicator. The IP geolocation can also be compared to where the inquiry is coming from (i.e. the inquiry is coming from the U.S., but the IP geolocation is in another country) which is another risk indicator leveraging IP address and geolocation.

Consumer behavior

Human behavior is inherently difficult to mimic, particularly for sophisticated bots operating in e-commerce environments. Recognizing this challenge, our advanced LexisNexis® BehavioSec® solution employs behavioral intelligence to differentiate between genuine human interactions and automated bot activity. BehavioSec® robustly analyzes behavioral patterns, including memory anomalies, time-in-field, paste events, unusual keystroke, or mouse events, among other features. All behavioral insights can be used in sophisticated machine learning modeling such as custom Population Profiling models. Through this meticulous approach, BehavioSec effectively helps safeguard ecommerce platforms against malicious bots and other fraudulent activities, enabling a secure and reliable user experience.

Email intelligence

The common use of email addresses as an identifier means that bots are frequently used by fraudsters to try to guess or confirm valid users of an online service by passing multiple email addresses through an API and checking the response. But this is not a reason to avoid using email addresses as an identifier – valid email addresses in fact have a rich history (91% of email users have had the same address for more than three years¹), which is invaluable in helping to spot unusual activity.

Our email intelligence solution LexisNexis® Emailage® checks email addresses for bot activity in a variety of ways, including:

• Using the position of characters on the most-used keyboards (Qwerty and Dvorak) to assess whether an email handle was created by a human or a bot
• Using enumeration techniques that are supported by the largest email providers to help understand when an email has been enumerated (for example, john.doe@gmail.com is the same as johndoe@gmail.com which is the same as j.doe@gmail.com, etc)
• Identifying ‘tumbled’ email addresses (eg, johndoe1@gmail.com, johndoe2@gmail.com, johndoe3@gmail.com, etc)
• Checking for newly-created or non-existent email addresses – through the email catalogue within Emailage®, organizations can leverage one of the world’s largest repositories of email data, including the age, velocity, behavior, and history associated with email addresses. This helps confirm if an email address is legitimate or a bot
• Matching the name behind an email address across a range of sources, including the transaction, and the owner of the email address, phone number, and social media accounts. Emailage uses double-metaphone practices (which match similar-sounding words) to maximize the match rate
• Creating a digital risk and confidence score, based on the history of all variables related to the email address, to support a risk-based assessment.

Using capabilities from each solution helps bring together physical, digital, including email, and behavioral intelligence and dynamic fraud signals to create a robust view of who is really interacting with an ecommerce merchant.

Robust, flexible and global solutions

Malicious bots will continue to be a popular tool for fraudsters, and the prevalence of AI means that building bot scripts will become easier and more accessible – so organizations should expect to see a further increase in the sophistication of bot activity in the future. But advances in technology are helping organizations fight back.

LexisNexis Risk Solutions helps organizations tackle malicious bot activity at each stage of the consumer journey with multi-dimensional intelligence and robust, flexible, and scalable solutions. Leveraging these capabilities, ecommerce companies can protect their consumers from the growing threat of fraud and safeguard their business and the wider ecommerce sector from the blight of bots.