Why the battle against digital payment fraud demands unified anti-bot and anti-fraud protection

Amit Siva Levi
Published in
4 min readJun 14, 2022


“The research identified that merchants need to do more to implement fraud prevention strategies across all of their eCommerce channels, or they will continue to experience large losses.”
(Juniper Research)

Photo by Towfiqu barbhuiya on Unsplash

Websites are under attack, with the rate of digital payment fraud higher than ever at over 200,000 cyberattacks every month around the world. And the damages are also getting higher all the time, with losses expected to exceed $25 billion in 2024.

Don’t blame it on the bots only

So, who’s to blame?

Yes, there are armies of bots out there, with 25.6% of web traffic being bad bots in 2020. But it’s not only them.

We can’t afford to overlook the human fraudsters who are also operating directly, and who are making it extraordinarily challenging to protect digital properties.

These cybercriminals along with their tools and methodologies are continually becoming more sophisticated, making it very difficult for an organization’s web security and fraud teams to detect fraud signatures and stop the perpetrators before the damage is done.

No more defense silos

One of the major obstacles to effective website protection is that organizations today are forced to turn to tools and solutions that are siloed, and which are designed to detect and stop human fraudsters or bots, but not both.

The problematic nature of this is even highlighted in a recent report by the Association of Certified Fraud Examiners, in which it is noted that 58% of anti-fraud professionals admit to having “inadequate levels of resources to fight fraud.”

Bottom line, we really can’t properly and fully defend our websites if we’re not unifying anti-bot and anti-human fraudster protection.

The whole of insights is greater than the sum of the parts

By unifying defenses, we can leverage insights gathered from the fight against each type of attacker to enrich the data and machine learning models we’re using to overcome them both.

The unified approach also enables us to access insights into the full journey of both fraudsters and bots, including which attack vectors they’re using, how they’re getting into the website, what they’re after, and how they’re getting funds out.

The clear lines that are used today to demarcate the domains of bad bots and of human fraudsters need to be eliminated. It’s time to break down the defense silos, because theirs is a holistic journey that is comprised of the activities of both.

To illustrate, account takeover (ATO) attempts by bots are not necessarily launched to commit the actual fraud. Rather, the goal of bot driven ATO is to test credentials so they can be sold off to human fraudsters, who then go ahead and use them to execute an attack.

Without a unified approach, organizations will always be left unable to fully and reliably differentiate between legitimate, paying customers and potential bad actors, and to stop the latter before they wreak havoc.

The value of unifying protection

Unifying anti-fraud and anti-bot protection brings website defense that is profoundly more robust and effective. By leveraging insights from the battle against both bots and human fraudsters the full scope of threats can be uncovered with unprecedented accuracy and efficacy.

This includes what tools the fraudsters are using, which attack vectors they’re exploiting, and more.

It is only through this powerful combination of insights — which can only be garnered from a unified approach — that the bad actors can be stopped, and the root cause of attacks can be uncovered.

As a result of unifying protection organizations can:

  • Gain previously unattainable visibility into which attacks can be credited to bots vs. human fraudsters and how to optimize threat mitigation strategies.
  • Eliminate website vulnerabilities that leave them exposed to sophisticated fraud and bots.
  • Stop sophisticated fraud attempts before transactions are completed.
  • Prevent revenue loss due to fraudulent web activities.

How Immue can help

Immue brings one holistic solution that delivers the most complete defense. With multi-layer and deep browser analytics the solution detects both bots and human fraudsters. It also stops today’s threats and preempt tomorrow’s, uncovering their full scope, including what tools are being used, the attack vectors being exploited, and what is happening at every layer of the attack.

This way, organizations are empowered to uncover the root cause of attacks and to detect, stop, and prevent the most dangerous threats to their online real estate.

To get a free, real-time analysis of how vulnerable your website really is to bot and fraud attacks, click here.