What are Bots Costing the Financial Services Industry?

Netacea recently conducted a wide-ranging survey to uncover how much bots are really costing businesses. We compiled responses from 440 enterprise businesses spread across the US and UK, and have summed up our findings in an exclusive report, as well as an upcoming live webinar.

Of all the sectors we surveyed, financial services was the industry most affected by API attacks, with 97% of businesses stating an API had been attacked by bots in 2020.

Financial information is widely accessed by various systems and agencies via APIs, giving bad actors the opportunity to mask their activity and circumvent traditional, client-side security defenses.

As well as API attacks, a quarter of financial services organizations reported bot attacks targeting their websites.

Credential stuffing and account checker bots in financial services

The most prevalent bot attack type seen by financial services organizations, with 71% of business reporting attacks, was account checker bots (also known as credential stuffing bots). These take lists of leaked username and password pairs, or credentials stolen from data dumps and sold on the dark web, and test them against a website to establish which accounts can be compromised later.

Detecting such attacks quickly is an issue that commonly and heavily affects businesses, as 52% of those surveyed said it took them two to three months to identify that a credential stuffing attack had occurred.

Financial services at risk of account takeover

Credential stuffing attacks expose customers to potential account takeover, which if successful can lead to financial fraud and identity theft. Banks have a responsibility to repatriate stolen accounts, and 81% of businesses in this sector agreed that such attacks had damaged their customer satisfaction in 2020. In addition to this, 42% of businesses stated that they lost between 5-10% of their business to competitors because of these types of attacks.

That’s not the only detrimental effect of such threats. The high-volume, aggressive nature of credential stuffing and account checker attacks creates expensive infrastructure overheads.

In all, 69% of the surveyed financial services organizations acknowledged account checker bots had a known financial impact on their business in 2020.

Bots of all kinds are a big concern to financial services

While account checker bots caused the most damage to financial services businesses in 2020, they were not the only type of bot attack causing concern. Businesses are also highly concerned about scalper bots, sniper bots, scraper bots and others, even more so now than they were in 2020.

This is unsurprising given most businesses reported an increase in all the above attack types throughout 2020.

Learn more about the financial impact of bots on businesses in our full report.

What can financial services businesses do to prevent harm from bot attacks?

With so much at stake, financial services organizations need advanced protection against malicious bot attacks like credential stuffing and account takeover.

Bots are highly sophisticated and can disguise as humans using advanced defense bypass techniques such as mouse movement emulation, the use of residential IP addresses, or by distributing request origins across data centers and even different countries.

Netacea’s unique agentless bot detection solution assesses every request at the server level, not just on websites but also from APIs and mobile applications. Using machine learning, Netacea’s Intent Analytics™ engine examines the intent of each visit and categorizes these into allowed, suspicious or malicious, feeding this information back to the client in real time for mitigation of such threats.