Does Bot Management Strengthen Customer Loyalty and Engagement?
- Alex McConnell, Cybersecurity Content Specialist
5 minutes read
Organizations can create a level of greater trust between digital businesses and their customers by using sophisticated bot management solutions, as we understand from a recent Gartner ® report.
‘Don’t Treat Your Customer Like a Criminal’, by Gartner analysts Tricia Phillips, Jonathan Care and Akif Khan, is available for a complimentary download from the Netacea website until 31st July 2022. We believe the report explores how the risk of costly attacks on customer accounts affects the trust between customers and businesses.
Netacea believes organizations must protect user accounts from attackers by enforcing stronger identity verification measures, but without eroding trust with their customers by over-burdening them with these processes – or else they risk pushing customers away to competitors.
Fighting back against account takeover
“New-account fraud and account takeover are the largest areas of liability for many organizations across such diverse industry sectors as government, insurance, banking and retail”, according to the Gartner ® report.
The Gartner analysts go on to say that “while bad bots have long been recognized as problematic if left unrestrained, recent evidence has shown that they are well organized and are largely driven by the goal of monetary gain.”
Our own threat research confirms that automated bots take advantage of widespread poor password hygiene and persistent data leaks to launch account takeover attacks with increasing velocity and sophistication.
For accounts of significant value, organizations can’t trust usernames and passwords as sufficient forms of authentication because they’re easily stolen and validated by armies of credential stuffing bots.
If passwords are dead, what will replace them?
Businesses have battled against these threats by trying to lock attackers out with elaborate methods of validating user identity. Here are examples and how they stack up against username and password for strength and convenience.
Username and password
Millions of passwords are leaked online every year (and you can check if yours are compromised on haveibeenpwned.com).
“Numerous reports indicate that 60% to 70% of users use the same username and password to access more than one online account.” This statistic, along with the widespread availability of simple-to-use credential stuffing tools, makes such attacks easy and common.
Everyone is used to relying on passwords. Although we have a lot of passwords to remember, most browsers automatically save passwords and enter them for us. Password managers can also help remove friction from using passwords.
Knowledge-based authentication (KBA) relies on what only the individual user knows, for example static information (mother’s maiden name) or dynamic information (the last thing you bought with your credit card). However, these answers are susceptible to social engineering and phishing attacks through spoofed communications, or brute force cracking by guessing common answers using automation.
Answers to knowledge-based verification are easier to remember than passwords, but recalling specific answers can still cause frustration.
One-time passwords (OTPs) might seem more secure due to their temporary nature, yet they can be exposed to attackers via phishing emails, or man-in-the-middle attacks where users are tricked into entering them on fake websites.
Having nothing to remember does add a degree of convenience to OTP authentication, but it also adds another step to the login process that could frustrate.
It’s clear all these methods have drawbacks in either strength or convenience, which is why in ‘Don’t Treat Your Customer Like a Criminal’, the Gartner analysts suggest the future of identity and access management (IAM) is the use of passive behavioral biometrics – “Focus on building an understanding of the individual and peer group behavior of legitimate customers.”
Bot management as part of behavioral biometrics
Netacea uses an innovative machine learning method called Intent Clustering to group together users based on behavior. These clusters are created, grow, shrink, change, and even disappear dynamically. Netacea’s expert bot team examines these clusters to determine which are malicious, and block users exhibiting this behavior in the background.
Bot management technology discreetly filters out fraudsters before they can access compromised accounts. This frees customers from the burden of proving their identity, making their lives easier.
Early intervention and behavior-based threat detection can also prevent the costliest attacks. For example, according to the BLADE framework the first stage of any account takeover attack is to test stolen or cracked credentials on the target website. This requires specific automated behaviors, allowing bot management solutions to stop bot attacks early, before they become a bigger problem.
Gartner, Don’t Treat Your Customer Like a Criminal, By Tricia Phillips, Jonathan Care, Akif Khan, 1 July 2021
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Schedule Your Demo
Tired of your website being exploited by malicious malware and bots?We can help
Subscribe and stay updated
Insightful articles, data-driven research, and more cyber security focussed content to your inbox every week.