Data. We create a lot of it. At the end of 2020, the digital universe was compromised of 44 zettabytes of data and forecasted to grow to over 200 zettabytes by 2025. I have no idea how much a zettabyte is; I lost track counting the zeros. But it is a bunch.
Guess what? The data fraudsters have is also growing at incredible rates. Data such as usernames, passwords, email addresses, mobile phone numbers, and other personal information. Fraudsters are turning to a combination of automated tools and human fraud farms to mine that data for financial gain. A common type of automated tool is a bot used in new account creation and account takeover fraud. For example, a bot can test millions of compromised usernames and passwords to identify which pairs are valid. And since passwords are commonly reused, there is a good chance a valid username/password pair will work on other websites.
Another problem with bots is that the cost of the technology is relatively inexpensive. Because of this, they can be used for other forms of malicious purposes such as gaining unfair advantages in online auctions, inventory hoarding (think concert tickets, new sneaker releases), promotion abuse, and web scraping (competitor pricing of similar offerings). These uses of bots cause customer dissatisfaction, damage the reputation of the targeted merchant, and lead to indirect losses.
Stopping bots from gaining access to your systems is not sufficient. Repeated attacks are a resource and cost drain for banks and merchants consuming server processing, database storage, application availability, and other costs. A better approach is to make the bots go away. In an odd, twisted sort of way you need to hit the fraudsters where it hurts – their wallet. Fraudsters are operating businesses with revenue goals and cost models. If the cost of the attack is higher than the financial gain to be had, they are going to move on to softer targets.
So give fraudsters a dose of their own medicine. Increase their costs till it hurts. You can extract some sweet revenge in the process.