Bots vs. The Finance & Fraud Teams
Bad bots can directly impact an organization’s core business via fraudulent transactions or abusing valid end-user accounts. This can lead to direct financial losses, increased processing fees, and can directly impact an organization’s relationship with its customers. As a result, these attacks typically have considerable financial implications as well as long-lasting effects on a company’s reputation. Examples include:
- Carding and Chargebacks - Carding attacks are used by criminals to verify if a stolen credit card is still valid and working. Attackers program bots to use the stolen credit card information, typically to make small purchases. This allows attackers to quickly establish how many cards are valid for resale on the black market. However, the site that is used in the carding exercise will typically experience a large number of chargebacks from their credit card processor. This can cause the organization to lose revenue that initially appeared to be valid and also damage the business’s reputation with its card processors.
- Account Take-over and Fraud - Bots are heavily used both to break into user accounts and subsequently use the compromised accounts to commit various types of fraud. Bots can try to brute force passwords for user accounts or use a database of known compromised logins in what is known as “credential stuffing” attacks. Once inside the account, the attackers can abuse any privileges available to the user. This could include making fraudulent purchases, transferring money, or posing as the victimized end-user. Organizations will often need to spend considerable effort to verify the fraud and may need to cover a variety of costs to ensure that the customer is not financially impacted.