Bot attacks Q&A with Mateusz Chrobok

In our quest to create a safer space for online transactions, we have developed the modularized and scalable Know Your Users solution to address fraud at every step of the user journey. To ensure a seamless and secure journey from sign-up to checkout and beyond, you must consider the specific challenges and solutions that come with every step. In this Q&A session we will walk you through the first step, which is user acquisition, to learn more about the typical user behaviors, fraud types - including bot attacks - that occur, and how you can safeguard your business and your customers from the moment they enter your site.

Please explain the typical consumer behavior at the user acquisition stage.

Users get in touch with the product or service by browsing the website or app, typically looking for prices, how the specific product works, available trials, or any other relevant elements before deciding to move further. The next action is usually a sign-up process, or going straight to the purchase stage, depending on the steps required or the user’s purpose.  

Whether you are a bank, a fintech, a crypto company, or an on-demand mobile app, in the account opening stage, it’s essential to know that users expect a seamless experience. In contrast, fraudsters expect to find as many loopholes as possible. 

A few relevant scenarios at this stage are:

• Applying for services: Some users may apply for new services, such as account opening, credit card, debit card, or financing
• Searching for information: Users may visit a bank's website for information on products and services, interest rates, fees, and other relevant information.
• Checking eligibility: Many users visit BNPL websites to check their financing eligibility and understand the terms and conditions.
• Researching investments: Users may browse crypto company websites to research cryptocurrencies they are interested in and to learn more about the market.

What are the fraud types that usually occur in the user acquisition process? 

This is the stage where we usually detect high levels of bot activity. For accurate detection, it’s crucial to consider the interaction channel, either through the browser or mobile, and be equally strong on both of them to understand the users’ true intentions.  With the accelerated digitalization of both goods and services, hackers have started to develop sophisticated bots that can exploit weaknesses in the system to gain access to sensitive data or money.  The situation is similar to an infestation of tiny insects that can go unnoticed until they cause damage on a large scale.  

What are the most signs that suggest bots' presence? 

Several red flags that suggest bot presence are 

• Irregular spikes in traffic;
• a number of signups from channels that are not proportional to the overall usage percentage; 
• Slow down in performance due to multiple bot activity;
• Increased activity on the service from a remote location;
• Increased activity from a single network location such as IP address, Autonomous System or VPN provider within a very short time.

Can you describe a situation less intuitive, where genuine human behavior can be confused with bot activity? 

False positives blind spots based on behavioral biometrics: 

• User is unfamiliar with an app or submission form, and the typewriting is slow, with delays between clicks, yet there are signs that is online savvy.  - could be confusing and lead to fraud when it’s actually not
• User is familiar with the website or app and navigates too quickly, and this might look suspicious because, usually, when checking a bank, crypto, or a BNPL app, there are a lot of details to pay attention to, like in the previous scenarios.  Yet it’s not a fraud. 

The idea would be to clearly describe situations where while it looks like fraud, it’s not, but in order to avoid false positives, you need deep expertise and advanced tools. 

What are typically the consequences of bot presence for an online business?

One consequence is that bots can generate false traffic, which can skew website analytics and make it difficult to measure website performance accurately. Additionally, some bots can block legitimate traffic or slow down website performance, leading to reduced conversions and dissatisfied customers. 

What are the best practices for protecting the user acquisition stage? 

To detect non-human visitors accurately and fast, you need several tools and techniques, such as AI-based fingerprinting, specific signals in place to detect abnormal behavior, and a thorough analysis of data points to make an informed decision. For example, AI-based fingerprinting can determine the type of device a user is using, including its operating system, browser, plugins, and so on, to identify any suspicious activities quickly.  This overall approach is crucial to ensure that only genuine human visitors can access a service. Furthermore, it helps to prevent malicious activities like spam and fraud. Finally, it can help enhance a website's user experience by filtering out suspicious activities.

Don’t let fraudsters fake it until they make it in your business. Contact us by clicking on 'book a call' at the top of this page to learn how you can offer visitors to your site a smooth and secure sign-up process to accelerate your user acquisition. Alternatively, you can contact Matrusz directly at mateusz.chrobok@nethone.com or via LinkedIn.

A seamless experience for a good impression. Secure experience for a good reputation! React to bot attacks before they flood you.