Bot Protection

Q&A: The (Semi) Secret World of Scalping

by
The (Semi) Secret World of Scalping

Historically, scalping has been considered an underground movement, perpetrated by cybercriminals aiming to make a quick buck. It used to be a fringe activity. But with the popularization of bots, the rise of sneaker culture and item scarcity becoming more common, scalping has gone mainstream and can apply to all kinds of products. The effects of scalping and denial of inventory attacks can now negatively impact e-commerce businesses of any shape and size. Preventing scalping attacks means preserving your customer experience and minimizing brand damage.

It’s easy to underestimate how far scalpers have come. To address this, we’ve prepared a short Q&A.

How much has scalping grown?

According to the Automated Fraud Benchmark Report, scalping attacks peaked at nearly half of total shopping cart requests between March 3, 2020 and January 2, 2021. During some of the latest releases of PS5 stock, PerimeterX processed 1.5 million requests per second, a derivative of the amount of available items, with only a portion of these representing legitimate users. COVID-19 has spurred on the at-home entrepreneur, with many users making a portion of income from the multi-billion dollar reseller market.

Scalpers can choose from a variety of bots, many of which have better customer support than other consumer products and services. The more one spends on a bot, the more likely it is they’ll get the product they want. Sometimes scalpers use proxy servers to speed up their bot’s reaction time to purchase. Some bots are so sought-after that one needs a bot to buy a bot. There’s a resale market for the bots themselves, with prices ranging from the hundreds to thousands for the most effective bots. Companies offering scalping bots are bigger than ever — some could easily be five-figure businesses.

And scalpers aren’t just reselling their items on eBay. There are other markets where in-demand items are treated like stocks. Participants track trending price information, bids, offers and spreads. Scalped items can serve as financial assets.

What kinds of items are now being targeted by scalpers?

Online scalping trends began with concert tickets and sneakers, expanding into electronics and video game consoles like the PlayStation 5. But the collectibles industry has seen massive growth in bot traffic in the past two or so years, most notably Funko Pop! figures and Pokémon cards. Targeted items now include NFTs and other blockchain-based items. Anything that has resale value is fair game, whether that value is a few dollars or thousands of dollars. Communities of YouTubers, trackers, bots, proxies and dedicated servers have all sprouted around these coveted items.

Everyday companies are being arbitraged, especially during COVID. Restaurant reservation bots are being engineered. Automation is being scaled for everything, and it’s not always malicious.

Why is scalping bad?

Bots don’t just buy out large quantities of inventory — they hurt your company infrastructure and take up your web resources. They can also scrape inventory off of inventory management systems before they’re even listed on the website. There is an arms race among bot developers for tracking this. Many of these bots go beyond abusing business logic.

Businesses cannot afford to ignore or downplay this problem. Bots are now easier to acquire than ever. There are hundreds of avenues to acquire a bot nowadays, ranging from buying to renting, to paying a bot holder to court coveted items.

And it’s not in businesses’ best interest to broadly block all purchasers. Nowadays, legitimate customers have to buy bots just to get past the malicious bots. Often, those using bots are the best brand advocates and loyal customers. They want to make sure they can get access to the items they crave. Therefore, a blanket solution won’t apply. It requires a measured response to accurately tackle those that are gaming the system on a grander scale.

Isn’t scalping illegal?

It is technically not illegal to buy out or resell inventory with bots. US Congress passed the BOTS Act of 2016 to address concert and event ticket scalping, but coverage has not been extended to other products.

Grinch bots are a type of scalping bot that target their attacks over the holiday e-commerce season. Over the years, government officials have proposed legislation to curb or even eliminate these types of bots, but it has failed to pass. In short, legislation has not proven effective to combat bots and protect online inventory.

How can I mitigate scalping bots?

Website owners, especially retailers, need a solution that recognizes the behavioral patterns of scalping bots and stops them before they can do damage to their business. And most importantly, bot management tools have become able to preserve user experience. Less effective solutions have resorted to blanket blocking users, which leads to frustrated legitimate customers and ultimately brand damage.

Pokeman centerFigure 1: A legitimate user is blocked from the Pokémon Center, forbidding them from accessing in-demand items during a traffic surge.

Effective bot detection is key to achieving success as a digital storefront today. Being able to differentiate good bots from bad is critical. The best solutions can distinguish between human and bot interactions online using environmental data, traffic volume and device fingerprinting. These are the hallmarks of highly proficient bot mitigation.

For information on how to protect your business, check out the PerimeterX Bot Defender page.

PerimeterX is Named as a Leader in Bot Manangement by Forrester

Download Report
© PerimeterX, Inc. All rights reserved.