From Taylor Swift Tickets to Black Friday Sales: How Scalper Bots are Winning the Online Shopping Wars
Daniel Avital
|Cyber Risks & Threats | November 30, 2022
Your favorite band is coming to town, you’ve been counting down nervously for the ticket sales to open. It’s the ‘morning of’, and you go online at 9am sharp – surely, you’ll be first in line – and then, shock, dismay, frustration – “No ticket’s available” – reads the pop-up. You start scanning insanely through the different seating sections, maybe you missed something. Then suddenly, eureka! Two free tickets in section 17B. You click to purchase, excited, on-edge, but then, denied – “sorry, these tickets are no longer available”. And then deep down, you come to the depressing yet obvious conclusion – You never stood a chance.
Hot-ticket items have always been a challenge to purchase online, but over the past few years, it’s gone from bad to worse, namely due to the rise of one extremely annoying, not to say a harmful form of technology – scalper bots.
What is a ‘scalper bot’? Think of a line of code, designed to perform human-like actions online, but at the speed and scale of a computer. Well, that definition is true of all bots and automation tools, but what’s unique about scalper bots, is the way they’re used – primarily (as the name suggests) – to purchase high-demand items, and then resell them at a ridiculous margin. And unfortunately, we’ve seen a massive uptick in the deployment of these bots, often at the expense of consumers.
Sneakers, concert tickets, and even government appointments – scalper bots want it all.
Just a couple of weeks ago, we witnessed the result of scalper bots raiding Taylor Swift concert tickets on Ticketmaster. Frustrated ‘Swifties’ were outraged as tickets to their favorite pop stars’ upcoming tour became impossible to purchase, only to show up later on the resale market at outrageous, unaffordable prices. This incident has now sparked a DOJ antitrust investigation, which may end up impacting the way sites like Ticketmaster operates their Go-to-Market Security.
But the problem far outweighs this one story. CHEQ’s Black Friday bot report showed that in 2021, one in three online shoppers was a bot – costing advertisers and retailers tens of millions in damages, and hurting the consumer’s ability to get the best deals. Hot items like PS5 have long been the target of scalper bots, causing major supply shortages. Websites like NikeShoeBot are openly offering scalping services for Nike shoe buyers, offering the chance to “make a profit through resale”. Nike itself is taking the matter extremely seriously, making moves to fight back against ‘sneaker bots’. Another area that could be impacted is restaurant reservations. Recent reports have suggested high-end restaurant reservations are being nabbed by bots, as some new services are now offering customers the ability to purchase reservations at a high cost, creating what could potentially be a bot-driven resale market. Even the public sector has been impacted, as reports in Israel suggest that hard-to-come-by government appointments are now being snatched up by bots. It seems today, wherever we look, the human consumer is losing out to an army of bot-driven scalpers, hoarders, and price-gougers.
Why is this happening? Like every successful crime – motive, means, and opportunity.
It’s not a coincidence that we’re now seeing this staggering rise in bot-related purchasing activity, as motive, means and opportunity have all perfectly aligned for bad actors in the space. In terms of motive – there’s never been more money in online purchasing than there is today. US eCommerce sales have gone from just $169 billion in 2010, to over $1 trillion in 2022. US Mobile payments have grown 20x over the same period, from $16 billion to $320 billion. This amount of spending naturally attracts fraudsters, scalpers and other bad actors who typically tend to ‘follow the money’. But it doesn’t just boil down to motive. Today, the means of creating a network of sophisticated bots are extremely accessible, as bots now reportedly make up close to half of the internet. We’re at a point where a15 year old with basic hacking skills and internet access can run a pretty elaborate botnet at almost no cost. And of course, we can’t ignore the opportunity – as there is much money to be made in online fraud and very little risk. To illustrate that point, consider that in 2016, there were only 6 convictions for internet-related fraud in the US. One could argue that the risk-reward factor here is extremely favorable for the perpetrator.
Is the problem going away, or do we need to learn to ‘coexist’ with the scalper bots?
While the situation is extremely frustrating, don’t despair. Awareness of scalpers and shopping bots is increasing dramatically, and retailers are taking action. Amazon recently started to report on invalid traffic on its platform. The FTC is now considering moves to enforce laws that would prohibit scalper bot activity. But policy and reporting alone aren’t enough. In order to truly protect consumers from having to compete with hordes of bots, retailers must adopt cyber and Go-to-Market Security technologies to keep their sites and shopping carts bot-free. The silver lining is, that with all these high-profile incidents receiving widespread attention, retailers are starting to realize that keeping the bots at bay is mission-critical for their future.