Is Your Sign-up Process More Bot-Friendly Than User-Friendly?
Your online application process will be attacked by bots. They’ll be persistent and aggressive. Those are undeniable truths that you can’t do anything to control. What you can control is how successful those bots will be.
53% of NeuroID’s analyzed customers experienced a bot attack in the past four months. The sheer volume of attacks is daunting—but when you know they’re attacking, you can adjust your response to stop the bots before they break through. When you don’t know they’re attacking . . . that’s a whole other story, and one without a happy ending. For one consumer financial manager, it led to more bots getting through their application process than genuine users.
Digest that for a moment. This consumer financial manager had specific step-ups to prevent bots. But instead of hurting bots, these step-ups hurt actual, genuine applicants. It’s a dreaded outcome for any product team.
NeuroID behavioral analytics monitor crowd-level patterns that track specific behaviors associated with bot activity, which helps our customers’ decide how to react. But the consumer financial manager mentioned above didn’t have NeuroID onboard yet—and in the span of one week they saw 99% of fraudulent bot sessions were completing the application process successfully, while only 67% of genuine users did the same. Their best efforts to stop bots were instead stopping revenue-driving customers. How did a commonplace bot attack turn into such a drastic challenge?
The Bots Advantage
Bots have become highly sophisticated in a short amount of time. And they’re not working alone. In 100% of the bot attack attempts we tracked, the points of bot entry were first tested by humans. After purposefully failing fraud checks, the human bad actors knew what step-ups would look like: they could then program tailored bot attacks to bypass specific fraud defenses, even within a multi-layered, multi-point stack. Humans are teaching bots to maneuver hyper-specific defenses.
That’s what happened to this consumer financial manager before they had NeuroID in their arsenal: they engaged in a high-stakes game of whack-a-mole, trying to stop bots invading through multiple points of entry. As soon as one gap was closed, the bots found another. These bots went in expecting to be spotted and had contingency plans for every point of friction.
When’s the last time one of your genuine applicants had that kind of determination? The friction to fight fraud didn’t matter to the bots, but it did matter to genuine, human applicants trying to get through onboarding and get on with their day. They jumped to another business, while bots jumped into another exploitable loophole.
Bad actors probed, then bots pounced.
The Genuine User Disadvantage
Bots, with their single-minded focus and programmed persistence, are adept at navigating the friction designed to deter them. Meanwhile, genuine users, with real-life distractions and a lack of patience for overly complex processes, abandoned the task.
This is something the consumer financial manager didn’t realize until bringing in NeuroID, when we could run a data analysis to detect behavioral patterns. They were blind to bots at the application stage. Now that they’ve integrated NeuroID, if our behavioral analytics say that a user is risky, that user is declined immediately: no more bot-attack-whack-a-mole. Behavioral analytics are key to understanding and tracking specific behaviors associated with bot activity, for the appropriate step-up strategy.
Looking Ahead: Bolstering Bot Barriers
Targeted bot attack strategies across multi-vector vulnerabilities is a scary trend. It speaks to how protecting revenue and preventing fraud risk is not just about detecting bots or risky users independently; it’s about connecting crowd trends to assess all factors, and predicting how one might indicate the other. The evolution, speed, and agility of bots in navigating applications are a stark reminder of the need for vigilance and solutions that cover the crowd, not single-points of access or PII-based checks.
With NeuroID’s ID Crowd Alert™, which runs on our behavioral analytics, you can detect and counter bot activities without adding additional friction to the genuine user experience.
As the line between human and bot behaviors continues to blur, businesses must ensure that their onboarding processes and defenses evolve faster than the bots (especially as things like AI come into play, speeding the bot evolution along even faster). NeuroID can help.