Bots – The Good, The Bad, and The Malicious
When Google CEO Sundar Pichai demonstrated the company’s AI-powered Google Assistant’s capabilities earlier this year, we all watched in awe as a highly sophisticated bot made a hair salon reservation navigating through the nuances of a normal conversation, making it indistinguishable from a human.
Bots have, indeed, come a long way. And if you live and breathe e-commerce every day like we do, you might be encountering them much more than you might realize. In fact, up to half of your online storefront’s traffic can be bots. Yep, up to 50%!
Not all bots are the same though. You have good ones, bad ones, and really bad ones! It’s essential to learn how to identify and classify bots, so as to manage them effectively, and improve your online storefront’s security, performance, infrastructure efficiency, SEO, and analytics.
Good bots can be found everywhere. Search engine crawlers (from Google, Bing, Baidu, and others) constantly crawl the web looking for new pages to determine how they should be indexed. This is critical for search engines, without it they are unable to rank pages (based on keywords and intent).
Bots can be very useful. There are those that scan different websites for the best deals for a product, that give you the latest weather or news, or even ones that continuously monitor sites for performance and downtime.
Then you have bots that facilitate conversational commerce – commonly known as chatbots. Chatbots can help you navigate an e-commerce site more effectively. They can also answer questions you may have about product features or aesthetics (for example, the color of a particular product, or whether it’s available in a particular size). This helps deliver personalization for your users, as well as significantly improved engagement, ultimately resulting in increased stickiness, higher conversion rates, and reduced support costs.
Content and price scrapers can sneak into your site either unannounced or under the guise of being humans or good bots. These bots work mostly for your competitors or people that want to analyze your product listings, inventory, and price points. While their impact is not directly visible on your infrastructure, this behavior allows them to gain an unfair competitive advantage, diminishing your hard-earned market differentiation.
Scrapers can also be “employed” by people that want to replicate your website in a different domain, passing themselves off as you. This results in traffic getting diverted from your site and causes significant damage to your revenue and reputation – the latter of which has longer-term consequences and is much harder to recover from.
Malicious bots are the really bad ones. Their intent is to cause severe harm, directly or indirectly affecting revenue. These bots are employed by mostly cyber-criminals or hackers to attack your site or application, either gradually or through the use of brute force. These bots are capable of causing serious damage to your online business via a variety of attacks, including the following:
- Account Takeovers: This is when bots try getting access to customer account credentials (usernames and passwords), resulting in a severe data breach. Account takeovers can be aimed at stealing customers’ identity or credit card information, inevitably leading to a loss of customer loyalty and brand reputation.
- Payment and Credit Card Frauds: After stealing confidential credit card information, cybercriminals and bots can buy products online and have them shipped worldwide. They can also run hundreds of small purchases using stolen credit card numbers and resell the “successful” cards to organized crime rings.
- Checkout Abuse and Inventory Buyout: Bots can deplete available inventory levels of popular products (such as toys or consumer gadgets) without executing purchase transactions, or buy them out with the intention of selling them on another site at higher price points.
- DDoS Attacks: DDoS attacks can degrade the performance of your site – or worse still, cause downtime. These attacks are most often executed via a flood of traffic to the server from networks of bots (called botnets), making them extremely difficult to contain by blocking a single source.
Bad and malicious bots need to be blocked at all costs. This can be hard though, as they often masquerade as humans or other good bots. The most sophisticated bots are designed to mimic humans and bypass standard bot detection tests (Turing would have been oddly proud!). The trick really then is to have a comprehensive strategy to instantly identify and classify bots, defend your storefront from malicious automated threats, and at the same time, make management and infrastructure more efficient for good bots and humans.
Giving our customers control over their storefronts, which includes the ability to identify, classify, and manage bot traffic is an important part of what we do here at Webscale, and it’s what makes us the E-Commerce Cloud Company, and not just another hosting provider.