In 2022, data from CDNetworks’ Security Platform revealed that 40% of web application and API traffic originates from bots. This influx of automated activity has significant implications, especially for those seeking to purchase tickets for concerts and events online, as it often results in scarcity of tickets.
Scalper bots, as their name suggests, engage in scalping, much like their real-world counterparts who purchase tickets in bulk to resell at inflated prices. This not only inconveniences consumers but also harms economic growth by diverting profits from legitimate sellers and promoters.
Scalper bots are specialized software that scans product or service availability and swiftly completes the checkout process, a task that could take a human several minutes.
Beware of the bots — tackling the issue of ad fraud
Bot attacks soar in first half of 2021 — Barracuda
“Scalper bots pose a significant challenge by driving up prices for high-demand events and products,” Yien Wu, head of South and Southeast Asia (SSEA) and ANZ, CDNetworks, told Back End News in an email interview. “This not only artificially restricts accessibility for consumers but also unfairly siphons profits away from businesses and artists, with the bulk of fees flowing to the creators of these scalper bots.”
Scalping is a global issue, especially as in-person events have rebounded post-2020 pandemic. The digital transition during this period has made online transactions more appealing than queuing up in person to buy tickets.
Malicious bots are on the rise, further exacerbating the problem. CDNetworks’ security platform has recorded an average of about 5,175 bot attacks per second in 2022, nearly five times higher than in 2020.
It doesn’t help that artificial intelligence (AI) is now being used to power these scalper bots. Automation enables these bots to accelerate the transaction, further preventing legitimate buyers to score tickets.
“This necessitates the implementation of proactive measures to combat them effectively,” Wu said.
The harm inflicted by scalper bots extends beyond impeding purchases; they can cause website disruptions due to unexpected traffic that is often blamed on the company’s unpreparedness. Little did consumers know that the traffic could have been caused by scalper bots.
“These disruptions can make sites more susceptible to Distributed Denial of Service (DDoS) attacks and potentially pave the way for larger-scale cyber threats like phishing, data breaches, and ransomware attacks,” Wu explained. “It is crucial that we take action to rectify this issue, ensuring equitable access and fostering a more robust economic landscape.”
Scalping, in general, can affect any industry or business. But the most affected, perhaps, is the ticketing industry as it has the most demand for purchases. Revenge travel paired with the surge in concerts, film and music festivals, as well as fan meets means that scalper bots are on all-out business.
The same can be said for items that can go on sale. Imagine the release of new smartphones or anything in the retail sector that are of high value.
“More and more sectors are now being targeted by scalper bots,” Wu noted. “Even the logistics industry is not immune. Due to a global shortage of empty containers caused by a domino effect from the lockdown, logistics service providers are now forced to protect booking platforms from scalping to avoid the risk of broken stowage and revenue loss.”
When scalper bots are activated, it meant that goods are inaccessible to legitimate customers. When the supply is low but the demand is high, the effect is increase in prices and this affects consumers and businesses.
As mentioned earlier, websites crashing because of the high traffic discourages consumers, which leads to blaming the brand or company.
“Unpleasant encounters with scalper bots can leave a lasting negative impression on consumers, reducing their likelihood of engaging with a business in the future,” Wu said. “There are heightened security concerns as businesses must grapple with the threats posed by these bots, which can lead to data breaches or phishing attacks, impacting both the business and its users.”
Countering scalper bots
Wu advises businesses to implement these measures to prevent scalper bots from invading their websites:
1. Implement CAPTCHA tests to distinguish bots from humans.
2. Set request limits to thwart automated processes.
3. Block hosting providers.
4. Utilize browser validation to detect bots attempting to mimic human behavior.
However, much bigger organizations that would require huge traffic from time to time may need a bot management solution that can safeguard web assets, like web server resources.
“By proactively countering automated threats, fraudulent activities, and resource abuse by eliminating malicious bots, this approach creates robust security while preserving the overall user experience,” Wu said.
These solutions are equipped with features including a real-time dashboard, reporting, analytics, and alerts.
“CDNetworks’ Bot Shield continually offers insights into web activities, bolstering web application’s security without compromising performance,” Wu explained. “Its versatility extends across various industries, providing protection against diverse threats, from ticket scalping to content scraping, inventory depletion, brute force attacks, fraudulent registrations, vulnerability scanning, carding, and more.”
Bot management solutions are effective in detecting and protecting platforms from these bots. However, ensuring the effectiveness of bot management requires having sufficient website bandwidth to handle high data traffic and potential cyberattacks like DDoS attacks. Increasing the number of servers to reduce latency and improve content delivery, whether locally or globally, is essential.
“To address the challenges posed by scalper bots, a collaborative effort between the private and public sectors is crucial,” Wu said. “Comprehensive legislation, combined with cutting-edge technology, can provide robust protection for consumers, businesses, and the overall economy from the adverse effects of scalper bots, ensuring a fair and secure ticketing ecosystem for all stakeholders.”