Not your breach? Still your problem, protect your business from data breaches.

hacked device- data breach

It can happen to you. Don’t wait until it does to consider protecting your business. Thomas Platt, Head of eCommerce at Netacea explains why.

According to researchers at RiskBased Security, around 16 billion records have been exposed so far this year. However, there’s still a common misconception that as long as your company hasn’t fallen victim to a breach, there’s no need to worry. This couldn’t be further from the truth. Data breaches are every retailers’ problem. And as the summer sales ramp up, they are set to become an even bigger problem.

Once a data breach has happened, and confidential information can be accessed, hackers collect and sell these breached credentials on the dark web. Now, manually inserting different usernames and passwords won’t yield results. But a bot is capable of checking 1000s of username and password combinations each minute. After the bots have discovered a successful match, hackers are able to purchase what they wish, leaving the unknowing consumer to foot the bill – a technique known as credential stuffing.

But this is not the only way hackers use breached data. If credit card information is leaked, many hackers use card cracking bots to create fake profiles and buy goods with these stolen credit card details; the idea is to go through a list of stolen credit cards and find those that are still valid. Again, doing this manually is impossible, but bots not only make this process simple, but hugely profitable.

If consumers have a problem, so do retailers


Many might still be thinking well, this sounds like a consumer problem, how does breached data affect retailers? Well, compromised usernames and passwords quickly become retailers’ problem when their customers feel the effects.

Firstly, if breached customer details are used on a retailer’s website it will impact user trust. Regardless of how the breach came about, every customer affected is likely to lose trust in that company and think twice about purchasing from them again. They may even actively deter friends and family from ordering. For retailers, many of whom depend on loyal customers and are competing in crowded marketplaces, a loss of trust can lead to a significant revenue loss.

Secondly, reputational damage tends to occur as customers believe it is in fact the retailer’s fault for not blocking the fraudulent transaction. Nowadays, consumers expect retailers to have sophisticated cybersecurity defenses in place. When breached data is used in transactions, it makes consumers question just how important they, and their data, are to a brand. 

As we move further into the summer sales season, and more customers are opting to buy online, retailers must be wary of fraudsters taking advantage of increased sales and high levels of online activity. Fraudsters will be hoping that the increase in sales will defer attention away from their credential stuffing and card cracking bots. However, if these bots are not stopped, it’s retailers who will feel the backlash.

What’s the answer?


So, how can retailers prevent hackers from using bots to launch credential stuffing and card cracking attacks? The initial step is to look at the fundamental flaw with traditional methods of bot detection and mitigation. By only focusing on making humans prove they are not bots through techniques like CAPTCHA, where a human has to perform a task such as selecting the right photos, there’s not only a risk of blocking good bots, such as search engine bots, but are also missing the sophisticated attacks that might appear human-like in behaviour.

The answer is to ask a different question. Rather than asking “is this a human or a bot?” retailers need to focus on intent and ask “what is this visitor doing?” They must analyse what an average user journey looks like, and then consider what an unusual journey or behaviour could look like. Customers are likely to forget their password and username combination a couple of times—but not ten thousand times. Focusing on the intent of their website traffic by looking at user journeys, is key. And in times of peak traffic, retailers must be analysing their customers journeys in more detail than before.

Web logs facilitate this analysis, allowing retailers to build a profile of the way users interact with their online account to determine their intent. While attackers can mask their behaviour to appear human-like, they cannot easily disguise their intention.

When reframing the question to focus on intent, retailers no longer need to invade a user’s privacy by introducing additional intrusive code to a website. This means they can be more accurate in stopping highly sophisticated attacks and ensure that another business’s data breach does not become their problem, whilst also giving their customers a better experience.


Thomas Platt

Head of eCommerce at Netacea. I work with leading retailers to identify, understand and manage sophisticated and targeted Bot Attacks.

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...