Oct 07 2019

How to Protect Inventory from Malicious Bots

Retailers must derail bots before they steal products and services from paying customers.

Anyone who’s tried to buy concert tickets the second they go on sale only to find the show already sold out was probably not thwarted by fellow metalheads or pop fans — the bots got there first. 

Most retailers, ticket sellers being the best known, have to grapple with bots that buy up popular items before regular customers can. Not only do bots eat into margins and create unhappy customers, they can give hackers a path to possibly intercept customer information

Blocking bots entirely isn’t an option; many are used for legitimate reasons, such as by hospitality agencies checking venue maps for premium seats. But retailers have started to fight back against bad bots through a mix of governance, analytics and distribution practices that bump bots out of line. 

MORE FROM BIZTECH: Learn how bots are used to hack into retailers’ networks.

Retail Bots Attack, Distract and Disrupt Businesses

According to Distil Research Lab, nearly 40 percent of traffic on ticketing websites is made up of bad bots leveraged by unethical or criminal operators who use them to execute a number of attacks. 

Distil noted that scammers sent bots to ticketing websites not only to hoard tickets but also to steal customer usernames and passwords. The attackers used credentials obtained in previous breaches to steal tickets while grabbing new payment information during these interactions. 

A February 2019 report from Akamai, “Retail Attacks and API Traffic,” notes that 10 billion credential stuffing attempts in the retail industry were detected on the company’s network in just the last eight months of 2018. 

“The reason for these attempts isn’t complex,” the report states. “The malicious actors responsible for them are looking for data — such as personal information, account balances, and assets — or they’re looking for opportunities to cash in on the online retail market that’s expected to hit $4.88 trillion by 2021.”

Finally, some bots are simply buying up popular items for resale on the gray market. The industry is rife with stories from retailers whose much-hyped products sold out immediately after launch, resulting in frustrated customers and missed opportunities for stores to upsell and cross-sell. 

“Consumers that cannot rely on a retailer to get products at market price are more likely to look to competitors,” writes Yoav Cohen for Total Retail. “When malicious hackers get their hands on in-demand goods, they often resell the products on e-commerce sites like Amazon.com and eBay at an incredible markup” — which, he notes, consumers will often pay.

New Laws May Make Retail Bots’ Jobs More Difficult

Last year, Democratic members of Congress introduced the Stopping Grinch Bots Act of 2018, hoping to make it illegal to use bots to shop online and to resell items bought by bots. That bill would toughen the Better Online Ticket Sales (BOTS) Act of 2016, which made it illegal to purchase tickets to events in bulk. 

In the meantime, ticket sellers and artists are working to protect their segment of the online retail market. Ticketmaster, for instance, launched a Smart Queue, which the company says “powers the latest way to shop for tickets to popular events while keeping bots out.” 

The program allows customers to go into a virtual “waiting room” at least 10 minutes prior to the time tickets go on sale, and then gives customers a “place in line” to buy tickets. 

“Previously, everyone entered the shopping experience at once,” Ticketmaster notes. “Since automated bots are faster than a real, human fan, they can scoop up tickets before fans are able to shop and checkout. This results in tickets being sold out in a matter of minutes. With Smart Queue, we manage the flow of traffic into the shopping experience while simultaneously detecting bots and reducing their access.” 

In a March 2019 report, Forrester advises retailers to take a number of steps to protect themselves from the gray market:

  • Retailers should take charge of governance, applying specific rules to sellers and marketplaces around pricing and distribution — or even prohibiting sales on specific online sites.
  • Retailers should protect their distribution by implementing policies such as minimum advertised price and IP protection policies, helping them to more effectively monitor unauthorized sellers.
  • Finally, retailers should use their websites as educational tools to explain the benefits of purchasing legitimate products and the risks of buying unauthorized merchandise. 

“With more direct-to-consumer sales and stricter pricing enforcement, brands will realize that they in fact have the upper hand,” writes Forrester analyst Sucharita Kodali, the report’s lead author. “I foresee brands increasingly working only with select, cooperative retail partners.”

nanoqfu/Getty Images

aaa 1