In a recent Statistica study, worldwide eCommerce sales hit $3.46 trillion in 2016, up from $1.5 trillion as recently as 2015. Looking forward, eCommerce sales are forecasted to be $6.54 trillion in 2020 according to the same report. According to Statistica the top 3 online stores’ revenue amounted to almost $100 billion in 2017. Online shopping is one of the most popular online activities worldwide but the usage varies by region – in 2016, an estimated 19 percent of all retail sales in China occurred via eCommerce but in Japan the share was only 6.7 percent. Desktop PCs are still the most popular device for placing online shopping orders but mobile devices, especially smartphones, are catching up rapidly.

With this growth and visibility the eCommerce community has become a target for malicious hackers led by a host of spambots. A standard mode of attack is to bombard the contact, lead-generation, comment or product review forms of a site with an avalanche of commercial, political or other unwanted messages which prove to be a constant nuisance for true buyers and site administrators. This creates an environment where real human customers find it too unwieldy to sort through a massive stream of spam to read real buyer reviews and comments. Additionally, merchant employees need to allocate time daily removing unwanted form entries, a laborious and time consuming task.

Before a number of technological solutions came along that can protect a site from these spambot attacks, many eCommerce merchants simply disabled all forms on their site. While ending the frustration for shoppers and eliminating the employee tasks involved with removal, this proved to be a counter productive solution by eliminating the ability of shoppers to read reviews from prior purchasers. In effect this destroys the lifeblood of a successful eCommerce business, namely, soliciting user input through buyer product reviews, endorsements and product usage comments. A Power Reviews study of Amazon online sales states that even a single review (as opposed to none) can increase sales of an item by 65%. Additionally, 20% of overall sales are driven by reviews, and at least one-third of customers report that they won’t buy a product listed with no customer reviews.

Form spam encompasses the range of activities involved with the automated filling out and submission of website forms often with irrelevant, dangerous or false information. These submissions include links to questionable sites, malware sites, phishing sites, links hoping to direct visitors to the spammers revenue per click site and a wide variety of other scams. Other spam attacks are simply site scraping bots that are gathering content to include on their sites, the most common attacks in this are can be found in listing sites (autos, real estate, etc.), recruiting agencies (resumes), travel sites, price comparison sites, scraping for sales leads and in eCommerce, product data is lifted to be immediately re-listed with another vendor.

Bots are readily available for purchase on the internet which has created an invisible army of clandestine spammers infecting sites with their content hoping to get one or two visitors to take their bait.

The hard costs to the website owner are manifold. First of all, true human site visitors must sift through a number of spam submissions to actually find the true content that they are looking for while hopefully not clicking on a spam submission laden with malware. Repeated user experiences like this lower user engagement which greatly impacts sales and conversions and ultimately lowers repeat visits to the site.

Beyond these quantifiable hard costs there are a number of soft costs of form spam to website owners, and they are equally as painful. These soft costs include increased lag time on the site in general as well as in intra-site applications. Slow site response times lead to a frustrating experience for users and lower search engine rankings (loading times are a key measurement for determining search ranking). As bot traffic gains a foothold on a particular site, the volume of spammers will generally increase which could drive additional costs in site operation and ultimately infrastructure modifications. Conversely, being able to block spam bots can allow sites to operate efficiently with existing infrastructure.

The most common current solutions are predominantly in the Turing Test category and require a human interaction and response which are in themselves annoying to site visitors who simply came to an
eCommerce site for information and to buy a product. CAPTCHA is the most popular Turing Test and the one which most eCommerce site owners are familiar with. Research has shown however that a large percentage of prospective buyers depart a site immediately upon being presented with a CAPTCHA and as many as 40% fail on the first attempt decreasing customer experience and stopping prospective customers before they can complete a transaction. This has led to the advent of form spam prevention solutions that require no interaction with the site visitor and therefore eliminating the loss of buyers due to Turing Test related issues.

Beyond form spam, there are new bot attacks emerging daily, a rapidly evolving area of attack falls under the overall term of “sneaker bots” which are highly sophisticated bots that search the web for a specific make and model of a newly released sneaker, primarily for resale by the bot owner. When a new model of sneaker is released and it is generally in limited quantity, the sneaker bots can find the item anywhere in the world and fully execute thousands of transactions in a matter of minutes. These days “sneaker bot” is a bit of a misnomer as these bots now search for any limited inventory product including all lines of streetwear, collectibles, limited production jewelry and more.

The leading eCommerce platform, Shopify, offers a number of security related apps through their app development partners, the number one rated Shopify app in this category is Shop Protector. According to a recent study which reviewed Shopify apps in this category, their ranking shows the best Shopify security apps available today. The bot attacks are real and there are many current technological solutions available to eCommerce merchants, but you do need to protect your store and your investment.

Bill West is the Founder and CEO of Ellipsis Technologies. Ellipsis has developed an eCommerce security technology which allows a website owner to invisibly detect human traffic while quarantining all suspicious visitors. The Ellipsis technology utilizes user timing and movement data coupled with a historical human behavior database and proprietary machine learning algorithms to allow human site visitors to avoid CAPTCHA or other turing tests with a focus. Ellipsis also protects against form spam by identifying and blocking all spam bot attacks. Available on the Shopify app store (Shop Protector), as a Drupal module and a WordPress plug-in (Human Presence), it is also integrated into the Convesio WordPress hosting platform. Mr. West was previously COO of Carolina Phone, COO of Dial Page and President of USTelecenters.