Blog, Events & News

Sneaker Bots Part Three: How to Stop Sneaker Bots

By Netacea / 01st Jul 2019

In part three of our sneaker bot series, we take on the big question. What can your business do to stamp out the threat in one sneaker-clad stomp?

Is legacy security still effective?

eCommerce security teams often rely on traditional, static rule-based methods of bot detection and prevention such as Web Application Firewalls (WAFs) to protect their sites, and it’s simply not enough.

While WAFs are incredibly efficient in inspecting and identifying individual and malicious requests, they fall short at keeping pace with sneaker bots carrying out completely ordinary requests. After all, as an eCommerce site owner, you want to see customers checking stock and adding it to their cart. This isn’t activity that you want to block.

Advanced WAFs employing IP rate limiting are easily circumvented. The sneaker bots simply reduce the number of requests and spread the requests across thousands of proxy IPs.

Even ReCAPTCHA – although it can be an effective safety blanket – is certainly not fool proof. ReCAPTCHA can be circumvented by CAPTCHA farm integrations and machine learning that can solve challenges faster and more accurately than a human.

What about JavaScript and SDKs? Bot operators are savvy, they’re building bots to run on the devices of real customers, which puts these defences as stand-alone tactics firmly in the partially effective camp.

Sneaker bots - How to stop sneaker bots

What can retailers do to stop sneaker bots?

Retailers are taking on a range of strategies to tackle the sneaker bot problem, including:

1. Lotteries/raffles

To bypass any opportunity for sneaker bots to sweep in and take the stock, leading retailers have begun to raffle off limited edition sneakers via social media and authenticated portals. While this is proving successful for some, bot operators continue to find work arounds, creating account bots that can enter details multiple times and increase their chances of winning.

2. Offline only

Bots can wriggle their way into any nook and cranny of your online portfolio, so where can’t they go? Ah yes, your brick and mortar store.

Retailers are increasingly restricting the purchase of their limited-edition merchandise to in-store only, with one retailer requiring that customers wear one sneaker for a day before they can return to the store and complete the set; preventing the opportunity for resale.

3. Honey pots

Retailers are also adding “honey pot” pages to their sites to catch sneaker bots red-handed. The bots are drawn in and at the last minute, the URL is switched to prevent the bots finding their sought-after sneakers. One unfortunate bot operator had an expensive surprise when they were diverted to a landing page with an inflated sneaker price of $10,000 and their bot automatically checked out.

Yet despite the various clever strategies to out-wit sneaker bot operators, the sneaker bots continue to win the war and are driving an industry that is now valued at over $5bn.

A hard-wearing solution to sneaker bot attacks

Sneaker bots are clever enough to take on enterprise-grade retailers and your business needs a powerful method of defence in its arsenal to fight back.

At Netacea, we have developed an Intent Analytics engine powered by machine learning, to look at every request a visitor makes to your site. That means we focus on the intent of the activity, not just the behaviour itself, so we can quickly and accurately identify humans vs. bots.

Once identified, we can stop the bot in its tracks, diverting the activity to an alternative landing page that tells the bot the product is sold out.

To find out more about how we can help your eCommerce business beat the bots, contact our team of data scientists today for a consultation.

Access the series:

Sneaker Bots Part One: What Are Sneaker Bots?

Sneaker Bots Part Two: Know Your Enemy

Sneaker Bots Part Four: A Case Study