Scalper bots – also known as scalping bots – use automated methods to secure goods, such as event tickets that are bought in bulk, and complete the checkout process in a fraction of the time it would take any legitimate user.
Attackers, scalpers, use automated software to ‘sit’ at the front of the queue and buy thousands of tickets from the moment they go on sale.
Scalping is a well-known technique in the ticketing industry, where the purchased tickets are resold later at a profit by the scalpers/touts. This can also lead to a type of user denial of inventory, since the goods or services become unavailable.
Scalpers purchasing limited availability goods or tickets for resale elsewhere, can result in negative public opinion becoming associated with the targeted brands.
How to Make a Scalper Bot
Scalper bots are designed to fill in information that is required for the purchase process, such as credit card details and billing address, which would take a human user significantly more time than it takes for an attacker to complete the checkout process in a fraction of the time it would take any legitimate user.
More sophisticated scalper bots are able to bypass the CAPTCHA and other security measures that are in place.
They are also programmed with software scripts to increase their chances of success while they purchase tickets from online vendors like Ticketmaster or Live Nation, using automated techniques such as scraping pages for content or following web links.
By continuously guessing until a positive response is received by the website, scalper bots often circumvent any limit on ticket purchases set by the vendor. They can fill out hundreds of credit card numbers at one time so it would be virtually impossible for any human being to do this manually and without any errors.
Is Scalping Illegal
Scalper bots are illegal in some countries because they prevent fair and equal access to goods for consumers who want to purchase them.
There is no way that a human being can compete with the speed at which scalping bots execute their transactions, meaning that it’s difficult or even impossible for people without these tools to buy tickets in bulk before attackers have already snatched up all inventory; scalpers often try to resell high-value tickets at inflated prices on secondary markets.
As of July 5th 2019, the UK has banned the use of ticket scalping bots and other scalper bots, imposing “unlimited” fines on anyone caught breaking the law.
How to Stop Scalper Bots
In order to prevent the use of scalping bots, organizations may take steps such as limiting ticket purchases to one or two per person and implementing time limits on transactions. They also might decide not to put tickets for high-demand events in automatic checkout systems that allow speedy purchasing with a credit card.
Retailers are battling scalpers with a variety of measures, including not informing customers about upcoming sales weeks in advance and blocking the checkout process with security filters.
Monitoring for bot activity is a difficult task because of how quick these programs can work and their ability to operate on different IP addresses all over the world.
However, there are certain red flags that indicate when you might be dealing with a scalping bot:
- Internet connection speed slowing down sharply after clicking buy tickets
- Not being able to use your mouse cursor during online purchases
- Long wait times between steps completing transactions – especially if it’s going through many pages
Some online shopping and auction sites have developed systems to prevent scalpers from using their scripts efficiently. For example, in order to combat scalper bots from exploiting concert tickets as unsold goods before they can be used by ticket holders, Ticketmaster developed Verified Fan technology – allowing fans who have registered and followed instructions ahead of time access to tickets first-hand when making them available online or through mobile devices.
What is the Best Way to Protect Your Business From Scalpers
The only foolproof method is using server-side bot management software.
A server-side bot management software will prevent bots from accessing your website, and will give you access to advanced analytics that you can use to see the real number of legitimate users who visit and interact with your site.
Sign up for a demo and see Netacea in action today to discover more about our pioneering approach to defeating scalper bots with bot management.