Taylor Swift and her “Swiftie” fans recently struck a blow in the battle to raise awareness of one of e-commerce’s biggest blights, especially during the holidays: Grinch bots.
Also known as sneaker bots, these pesky software programs are designed to swoop in and instantaneously execute mass purchases of items and events that are in hot demand. That way, the recipient of these ill-gotten goods can resell them for a higher price.
Grinch bots often come out of the woodwork when a popular new sneaker line launches or a hot new gaming system hits the market, and they can be a major hassle during the gift-giving season when they scoop up items that are heavily in demand. While the store might still get the sale, bot attacks can lead to significant customer dissatisfaction, ultimately hurting one’s business and reputation in the long run.
Bots are also employed when hot-ticket events like a concert or sports game go on sale. These programs are designed to mimic the behavior of genuine shoppers, but at an exponentially faster rate than a human consumer can execute. And they can appear in overwhelming numbers, as they did during Ticketmaster’s November presale of Swift’s “Eras” concert tour, causing an uproar among the Swiftie fan base.
“Historically, we’ve been able to manage huge volume coming into the site to shop for tickets,” said a statement from Ticketmaster, which is owned by Live Nation. “However, this time the staggering number of bot attacks as well as fans who didn’t have [verification] codes drove unprecedented traffic on our site, resulting in 3.5 billion total system requests – 4x our previous peak.”
The Better Online Ticket Sales Act (BOTS), passed in 2016, makes it illegal to automate the purchasing of event tickets. Enforcement of this law appears to be somewhat limited, but in 2021, the FTC did pursue legal action against three ticket brokers for violating this act.
In response to the Swift fiasco, Pennsylvania legislators have proposed that a similar law be enforced on the state level. Separately, the Tennessee and North Carolina AG’s offices respectively announced they would investigate concert ticket seller Ticketmaster and Live Nation for potential antitrust violations, alleging that the company may not have been incentivized to adequately protect consumers against bots due to a lack of competition.
Since the Swift ticket incident has actually spurred on legislators and regulators to further crack down on bots, it will be interesting to see if these efforts could extend to the purchase of not just tickets, but also retail goods. Proposed federal legislation intended to prohibit the use of bots to purchase merchandise has been floated through the halls of Congress in recent years.
Certainly, bot mitigation is a worthwhile objective, considering that automated bots can serve other nefarious purposes as well, such as launching crippling DDoS attacks and committing account fraud through synthetic identities or stolen credentials.
Fortunately, e-retailers can employ various solutions to tamp down on bot activity. Some companies use detection solutions to look for unusual mouse movements or anomalous keyboard velocity to catch offenders.
Others employ virtual queues prior to big sales, or institute verification solutions that require consumers to undergo a CAPTCHA-like process to prove they are actual human shoppers. Still, Ticketmaster reported its Verified Fan service was overwhelmed during the Swift sale – so the best approach is likely to implement multiple layers of solutions and processes. That way, if a bot attack does occur, you just might be able to, in the words of Swift, shake it off.