The 2020 Black Friday scrum will be online—and some of it automated

online Christmas shopping

Andy Still, CTO at Netacea, looks at the issues online retailers may face this Black Friday.

2020’s Black Friday events are, like everything else in 2020, going to be different. Social distancing means that the usual viral media videos of unpleasant scrums as people fight for bargains won’t be available. We’re in for a more genteel start of the holiday season than in recent years.

But the bargain hunters will still be around. In fact, with straitened financial circumstances common, and retailers looking to make up for the rest of the year, we can expect the same scrum happening. Just not instore, but online.

Whether retailers launch their big push on Black Friday, Cyber Monday, or another day entirely, they will need to ensure that they stay online and available to make the most out of those visiting their sites—downtime will be a disaster. But it’s not just the traffic from real people they will need to look out for, but automated bot traffic too.

In 2019, 38.6% of Black Friday traffic to retail sites consisted of bad bots. More than a third of visitors are not only not looking to buy anything, but they are looking to commit fraud and subvert businesses in other ways.

How bots will take advantage of Black Friday

Retailers will likely be familiar with the methods used by automated bots to take over their customers’ accounts and commit fraud using stolen credit card details. But on busy days like Black Friday, there are other attacks that become more profitable than at other times.

Scraping

Scraping of prices by competitors, comparison websites and bad actors is common at any time, but on Black Friday what was a daily occurrence can happen multiple times an hour. What was once an annoyance but acceptable can quickly become a load capable of taking a site offline.

Inventory hoarding

When someone clicks on an item it ends up in their basket, ready for checkout and unavailable to anyone else. This is sensible as it means that no one can buy the same item twice. Unfortunately, it also means that any items in baskets can’t be bought. If this is done en masse by an army of bots, either by competitors looking to steal sales or just by mischief makers, then this can kill sales.

Brute force attacks

What better day to hide your attack on a site than on the busiest day of the year? Just like pickpockets and other criminals who will use the crowd to hide their activities, many bot users will wait until sites are extremely busy to launch their account takeover or similar method of brute force attack.

If sites are going to be busier this year than any previous year, then we can guarantee bot creators and users will be just as busy, looking to take advantage of the best time to hide their activities.

The need for speed

Black Friday has been notorious in the past for online retailers suffering issues. H&M was a victim of its own success last year, and NatWest had problems completing transactions, leaving both retailers and consumers frustrated. But it’s not all about uptime—speed is important too, and too many bots can mean a sluggish experience that can kill sales. Costco experienced this last year with so many advance orders leading to problems, and a banner had to be added on its website homepage informing customers that the website was “experiencing slow response times.”

Retailers may test their infrastructure for capacity and buy in extra capacity to deal with the problem, but many will only reckon with the real customers they expect, and not the bots that descend upon them. Bots can be more unpredictable, as only a few attackers can create a lot of traffic. If a site is inundated with bots, it can mean real customers end up with slow loading sites, errors, and an overall frustrating experience. And they won’t just look elsewhere on Black Friday. They’ll look elsewhere whenever they shop online.

The annual retail scrum that accompanies Black Friday may not happen this year, but a far less welcome influx will happen on websites unless retailers take steps to make sure bad bots don’t wreak havoc.


Black Friday, Business, The 2020 Black Friday scrum will be online—and some of it automated

Andy Still

Andy is a pioneer of digital performance for online systems. As Chief Technology Officer, he leads the technical direction for Netacea’s products, as well as providing consultancy and thought leadership to clients. Andy has authored several books on computing and web performance, application development and non-human web traffic.

The vital role business plays in the business intelligence equation

Phillip Smith • 03rd December 2021

As organizations continue turning their attention to technology advancements, to maintain some form of ‘business as usual’, there has never been a greater need for companies to truly understand the data they hold, and how to interpret it. Phillip Smith, the chief architect at workplace data analytics firm Tiger, explains more.

2,500 years of threat intelligence and its value continues to...

Anthony Perridge • 01st December 2021

Anthony Perridge, VP International at ThreatQuotient discusses how threat intelligence has evolved to form an essential aspect of modern-day cybersecurity. By harking back to the practices of our ancestors, today’s threat hunters can take inspiration about evaluating threat data to maximize the best possible decisions.

The gaming industry’s latest challenge: DDoS protection

Babur Khan • 30th November 2021

As the industry faces a rise in DDoS threats, it is time that gaming companies truly prioritise cybersecurity and business resiliency. In his latest article, Babur Khan,Technical Marketing Engineer at A10 Networks, lays out a framework for the industry to do just this, securing their customers and their own success against the tide of cyberattacks.

The Best Ten Rated Cloud Security Management Options For Business

Erin Laurenson • 24th November 2021

Cloud Security programs that can carry out safety procedures and address or flag potential high-risk elements are now critical, allowing businesses to function normally without fearing a potential breach. To help you find the best Cloud management and security system for your business, we’ve done the research and found the top systems presently available on...