Catawiki Tackles E-commerce Security Threats, Malicious Bots
More than half of cyberattacks on e-commerce websites in 2021 were carried out by bots, according to a report by security firm Imperva. Many of the bots displayed a high level of sophistication, effectively mimicking human behavior to evade detection methods.
While e-commerce security threats are a problem for a wide variety of online retailers, the most vulnerable among them are online auction sites — especially those that deal in high-end goods and services. Auction sites must continually evolve their security capabilities or else potentially fall victim to credential stuffing, data scraping, shill bidding and account takeovers.
Catawiki, a curated marketplace in Europe for luxury goods and specialty items, considers itself an attractive target for attackers because of its growth. The site has more than 10 million unique monthly visitors and more than 12,000 objects submitted to the site daily.
“We often have threat actors looking to take over valid user accounts so they can use them to buy things with the card on file or with a stolen card,” said Paul Moreno, CTO at Catawiki. “It’s something everybody in our business has to deal with.”
E-commerce security threats had previously overwhelmed Catawiki’s capabilities. The company’s security posture had declined over time due to a combination of technical debt and lack of vision. The result was an increase in brute force attacks and stolen credentials.
And then there was the potential damage to customer and employee confidence, which is priceless. “We want to maintain the image of a trusted platform, so it was extremely important to us to stop these attacks from happening,” Moreno said.
