Console launch and Black Friday, are e-commerce sites ready? – Global Security Mag Online

There are only a few days left before Black Friday 2024, which takes place on November 29. E-commerce sites are preparing for a strong impact and an increase in demand for some products, especially with the release of the new Xbox and PS5 Pro game consoles. Cracking for these consoles also attracts fraudsters, who use malicious bots to take advantage of the scarcity of consoles and other items that are sought after online. Are e-commerce sites prepared?

Extensive use of malicious bots and creation of fake accounts

The launch of products that consumers have been waiting for for several months, such as game consoles, creates a following and makes the online sales more vulnerable. DataDome’s analysis highlights the growing threat posed by bots, indicating that e-tailers are unprepared for these types of attacks. In fact, bot operators and resellers have refined their methods, for example exploiting the creation of fake accounts as a key tool to bypass purchase limits. Another view is that cyber attackers use bots on a large scale and quickly create multiple accounts to take over inventory, which prevents real customers from getting these high-demand products. These accounts can then buy consoles in bulk and resell them at inflated prices on secondary markets. Here are 3 key figures published by DataDome controls:

• 1) 100% of verified sites allow the creation of fake accounts – used by fraudsters to bypass purchase limits:

o Nearly a third (⅓) of sites tested allowed bots to create an account without advanced techniques.

o Almost three-quarters (¾) of these e-tailers allowed bots to create an account using advanced techniques such as CAPTCHA resolution or multi-factor authentication (MFA) management.

• 2) Most e-commerce sites surveyed lack basic security measures:

o 57.2% of websites have not used a CAPTCHA challenge to protect the registration process.

o 64% of websites did not verify the email addresses provided, which allowed accounts to be created using disposable email addresses, alias tricks or even hacking techniques. These flaws are easily exploited by bots to create multiple accounts.

• 3) Verification practices are still too weak

o Half of the websites allow a bot to log into an account without advanced techniques.

o 35.7% of websites allowed a bot to log into an account with advanced methods such as solving CAPTCHA or handling multi-factor authentication.

o It is possible to bypass sites that have implemented multi-factor authentication using common tactics such as phone number leasing or SMTP access.

“There are only a few days left until the long-awaited moment for video game enthusiasts around the world. But, like so many other major events, bots could ruin the fun for thousands of people. In fact, today with AI, it is increasingly simple to create a bot capable of creating multiple fake accounts to steal the most prestigious items online, or simply buy a bot online for a paltry sum.

To avoid situations like the one experienced with the PS5 Pro’s external disc drive, being ripped off by resellers and sold at exorbitant prices on resale sites, e-retailers must put proactive protection against bots now to ensure that video game enthusiasts can access consoles on Black Friday . » explains Gilles Walbrou, CTO at DataDome

Without adequate protection against bots, e-commerce platforms are exposed to several risks: loss of inventory control, but also revenue, loss of consumer trust and damage to brand image. For e-retailers, it is essential to implement proactive protection against bots, to reduce risks and improve their cybersecurity by focusing in particular on improving authentication, email verification and advanced protection against bots.