Bot attacks on e-commerce and e-gifting services in India and worldwide are a clarion call for tighter cyber-vigilance and data security.

Ji Hyun, Co-founder and Chief Operating Officer, Giftiicon

Recent statistics are pointing to a surge in India’s e-commerce sector, and one area that has been booming since March 2020 (the start of the COVID-19 pandemic) is e-gifting. This sector is projected to grow from an estimated US$119m in 2019 to US$159 million by 2025.

In many ways, compared to traditional gifting, e-gifting is now considered a better and safer option in a country ravaged by the pandemic.

According to a social gifting platform that has a presence in the country, the concept behind e-gifting platform is to simplify the gifting process. Ji Hyun, co-founder and Chief Operating Officer of Giftiicon from South Korea, also noted that: “Online gifting brands are grappling with a fundamental shift, as consumers become more environmentally and socially aware, and digital channels become more important as sources of inspiration and sales.”

People are moving from traditional gifting options towards practical options such as stored-value cash cards, or at the other end of the spectrum, unique and unconventional customized gifting ideas. The latter type of e-gifts are more personal and can leave a lasting impression. “We wanted to offer a simple way to send a gift by only knowing the recipient’s mobile number – through SMS or WhatsApp within 30 seconds,” Ji Hyun said.

E-gifts can harbor e-threats

While the benefits and advantages of e-gifts and stored-value cards are obvious, there are also the heightened threats to factor in.

Countless bot attacks have been reported on online gift cards across geographies, including the United States, during the holiday season, in particular.  

Around the same time last year, in the lead-up to the American Independence Day, online miscreants misappropriated gift balances from e-cards purchased by thousands of Americans. This attack was timed like the ransomware attack on the famous Indian sweets maker, Haldiram’s, during last Deepavali. Some experts have even labeled every major holiday as a hunting ground to gift-card hackers and scammers.

The reason is that e-gifting requires the disclosure of personal data, including credit card information, e-mail addresses, phone numbers and social media accounts. As for the choice of e-gifts to steal, stored-value gift cards are preferred by hackers because gift card security is weaker compared to that of debit or credit cards. On top of that, security protocols on unactivated gift cards are less rigid, and gift card PINs are far easier to crack.

Beat the hackers

E-commerce platforms and e-gifting platforms in India are no doubt taking steps to reduce the risks for consumers. According to one US-based application security solutions provider, PerimeterX, safety measures can include:

  • Randomly generating e-gift card numbers to protect against emulation and guesswork. Simple combinations of numbers and digits are easy to guess. Hackers now have tools that can do this quickly.
  • Closely monitoring application traffic patterns to e-gift card related pages. Even small increases in traffic above seasonal trends many indicate an attack is under way.
  • Adopting newer types of challenges to replace CAPTCHAs, so that the code is harder for automated attack bots to solve. These challenges are actually simpler for humans and less likely to block conversions. An example is asking a web user to roll a ball with an image inside of it so that the image faces up.
  • Implement machine learning systems that can identify granular behavior patterns and more accurately distinguish bots from real human visitors. The machine learning should be an out-of-band service that is easy to deploy (via JavaScript) but does not impact the user experience.

Happy e-gifting!