Safeguard the Retail Customer Experience on Google Cloud

Beth McElroy

E-commerce fraud is on the rise, according to 52% of respondents in a National Retail Federation survey.¹ Verizon Data Breach Investigations Report findings agree, with reported retail security incidents increasing from 404 in 2022 to 725 in 2023, while confirmed breaches rose from 191 to 369.²

Retailers need more sophisticated security solutions to prevent fraud and safeguard the customer experience.

Bad bots plague e-commerce

The top concerns of retailers surveyed were account takeover and credential stuffing attacks,³ primarily driven by malicious bots. With help from generative AI, bots can begin using reconnaissance to guess passwords in addition to simple password spraying to take over a customer account and make fraudulent purchases.

But that’s not the only type of bad bot. These malicious programs are also troublesome for e-commerce:

• Scraping bots that continuously crawl websites to extract competitive data such as pricing, often causing site outages and degrading user experience.
• Reseller bots that buy up products en masse to resell at higher prices, leading to stock shortages and lost sales for genuine customers.
• Fake review bots that distort product perception by posting fabricated reviews, which impact customer purchasing decisions.

While widely used, traditional defenses such as CAPTCHAs are no longer sufficient as bots have evolved to bypass these measures with ease. Researchers found that bots solved distorted-text CAPTCHA tests correctly nearly every time, whereas human accuracy ranged from 50% to 84%. Humans were slower than bots, needing up to 15 seconds to master the challenges compared to less than a second for bots.⁴

Not only are many CAPTCHAs ineffective, but they also add friction for customers, risking frustration and abandonment.

Combat bot-driven fraud

Protection must be able to keep up with bots that rapidly retool to avoid detection.

F5 Distributed Cloud Bot Defense employs advanced machine learning and human experts to detect and mitigate malicious bot activities in real time, offering the following:

• Credential stuffing prevention to stop bots from testing stolen credentials, thereby preventing account takeovers.
• Inventory hoarding mitigation to block bots from tying up inventory, making certain that products remain available to legitimate customers.
• Scraping protection to prevent data harvesting, assuring top website performance and user experience.

By collecting signals on the client-side, in web and mobile apps, and analyzing those signals through machine learning, F5 Distributed Cloud Bot Defense detects bots with high accuracy and near-zero false positives.

Together, these solutions provide frictionless bot protection to secure customer accounts and protect the retail experience.

Secure customer data

Bots aren’t the only perpetrators of e-commerce fraud. Client-side attacks, such as Magecart or formjacking, execute in the customer’s browser to steal sensitive information, including payment data. These attacks are difficult to detect using traditional application security, such as a web application firewall.

F5 Distributed Cloud Client-Side Defense addresses this gap by providing continuous monitoring and real-time threat detection using machine learning to block malicious JavaScript that could steal credit card details and other personal information​​. It also helps ensure compliance with PCI DSS v4.0.

E-commerce defense from F5 and Google Cloud

Google Cloud delivers omnichannel, frictionless customer experiences with retail solutions that are easy to deploy. Protect them with F5 Distributed Cloud Services.

The F5 Distributed Cloud Console provides unified management for Distributed Cloud Bot Defense, Distributed Cloud Client-Side Defense, and other solutions for app security, delivery, and performance to simplify IT and security operations.

F5 Distributed Cloud Services provide a consistent experience across cloud, on-premises, and edge environments to secure your apps and APIs everywhere they live.

Check out the many F5 solutions available in the Google Cloud Marketplace.

Learn more about F5 and Google Cloud at f5.com/gcp.

Sources

_{1. National Retail Federation, National Retail Security Survey 2023, Sep. 2023}

_{2. Verizon, 2024 Data Breach Investigations Report, May 2024}

_{3. National Retail Federation, National Retail Security Survey 2023, Sep. 2023}

_{4. Andrew Searles, et al., An Empirical Study & Evaluation of Modern CAPTCHAs, UC Irvine, Jul. 2023}

_{5. Forrester Consulting, F5 Helps Retailers Provide Omnichannel Customer Experiences While Minimizing Bot Attacks, Feb. 2022}

About the Author

Beth McElroy

More blogs by Beth McElroy