Inventory manipulation is a growing issue in e-commerce, as bad actors use malicious bots to buy out (and resell) high-demand products. Inventory manipulation is especially prevalent in industries where items like next-generation consoles or limited-edition sneakers are in short supply.
“Sneaker bots are a big deal,” says Sven Hindman, Product Manager at Kount. “People want to know when there’s a drop, so they use bots to constantly go out there and check when they are available. And it makes it really difficult to get that inventory if you’re a normal human.”
Because bots can complete a high volume of interactions in seconds, your customers won’t be able to get the goods they want. Instead, they’ll have a negative experience with your business and seek out another business to meet their needs.
What’s more, if bad actors use stolen credit cards to make purchases, you could also face fraudulent claims and chargebacks. Read on to learn more about how inventory loss and manipulation can impact your business and how to prevent it.
What is inventory manipulation?
Inventory manipulation and inventory loss happen when bad actors use bots or other means to deplete inventory or purchase items in large quantities to resell at higher prices. These actions prevent legitimate customers from getting the goods they want.
Three common types of inventory manipulation include retail arbitrage, inventory depletion, and denial of inventory.
1. Retail arbitrage
Retail arbitrage happens when a bad actor uses malicious bots to purchase large quantities of discounted items. Once they purchase items, they can resell them on a different marketplace for a profit. This practice is similar to reselling but more dangerous because sophisticated technology automates the entire process to achieve scale and speed.
Retail arbitrage can quickly undercut revenues and profits, draining inventory and stealing discount-conscious customers away. In addition, the price differences and poor customer experiences delivered by some resellers can reflect negatively on the brand.
2. Inventory depletion
Inventory depletion happens when a single buyer, typically aided by bots, purchases a large quantity of inventory intended for many consumers.
Inventory depletion can wreak havoc on a business’s logistical capabilities and prevent them from serving its intended markets. It can also put businesses in violation of promotional agreements with suppliers. The lack of product availability can push customers to other vendors and damage their impression of the brand.
3. Denial of inventory
Denial of inventory happens when bad actors use bots to fill many carts with hard-to-get items, reducing inventory and preventing legitimate purchases. Once carts are full, bots can execute coordinated cart abandonment attacks so that bad actors can purchase the freed inventory.
Similar to inventory depletion, denial of inventory can create logistical problems, frustrate customers, and increase the shipping and delivery dates and costs.
Lawmakers re-introduce bill to stop inventory manipulation
Politicians are aware of the issues bad actors cause for businesses and customers when they buy up and resell high-demand inventory. So U.S. lawmakers announced a bill to stop bad actors from using bots to buy up the inventory of high-demand items.
Lawmakers from New York, Connecticut, and New Mexico proposed the Stopping Grinch Bots Act to help give legitimate customers a fighting chance against purchasing bots.
“These third-party sellers use bots to bypass security measures and manipulate online sales systems to buy toys,” explained a lawmaker’s press release, “leading to some toys being almost impossible to buy online or in stores at retail prices, exacerbating shortages caused by stressed supply chains.”
The Grinch bots act comes hot off the heels of the Better Online Ticket Sales (BOTS) Act, signed into law in 2016. The BOTS Act prohibits automated bots from acquiring tickets for public events and outlaws the resale of those tickets.
Inventory manipulation costs more than lost merchandise
According to Kount’s Bot Landscape and Impact report, 58% of businesses encountered more than 50 bot attacks in 12 months. And for 25% of those businesses, a single bot attack cost their organization over $500,000.
The costs are high because businesses are responsible for addressing the problems that malicious bots create. For example, suppose a bad actor uses bots to make a large purchase online.
And let’s say the bad actor also pays for the merchandise with stolen credit cards. Not only does the bad actor freeze inventory for legitimate customers, but the increased bot activity also crashes the merchant’s website.
Businesses can experience significant losses from this single incident. The business loses valuable inventory and any revenue from legitimate purchases of that inventory. The business also suffers financial losses from disputes and chargebacks.
Plus, the business loses productivity and increases labor costs to fix the crashed website, improve security, and answer customer queries. And finally, the business risks customer loyalty and a diminished brand reputation.
“There are a bunch of hidden costs that people don’t think about until they start doing the numbers on how big these attacks can be,” says Hindman.
Kount’s solution goes beyond website perimeter protection
Preventing inventory manipulation and loss becomes more difficult as bad actors program more sophisticated bots.
Depending on the software they use, businesses can prevent inventory manipulation by using device or IP recognition to limit the number of items that customers can purchase.
Most businesses use web access firewalls (WAFs), content delivery networks (CDNs), or dedicated bot management systems to address bot problems. But these approaches alone might not be enough to prevent an attack.
“If somebody is pretty motivated to buy up that inventory, they’re going to end up creating new accounts, and they’re going to use proxies to look like they’re coming from different IP addresses,” says Hindman. “Depending on how motivated the person is, the business will probably fall short.”
WAFs and CDNs can block bots at the front gate, but they can’t provide the data businesses need to determine if an interaction is from a legitimate customer or a malicious bot. But Kount’s bot detection solution augments these approaches. It examines network, device, identity analysis, and behavioral data to flag and challenge potentially malicious activity.
“We look at more of the persona,” says Hindman. “We look at high-risk IP addresses, IP anomalies, device attributes, velocities, and behavioral data to identify high risk.”
In looking at this type of data, patterns of behavior outside of regular website traffic can indicate a bot attack that can lead to inventory manipulation and loss. Kount’s solution can detect this behavior in real time and flag anomalies so that businesses can respond accordingly. They can block or challenge suspicious activity without adding friction to the customer experience.
Kount can also prevent inventory manipulation and loss with AI-driven digital fraud prevention. For example, if a bad actor attempts to purchase high-value items with stolen credit cards, the solution can automatically decline the transaction. As a result, the solution reduces criminal fraud and chargebacks.
Bots aren’t going anywhere. Bad actors are constantly programming more efficient, complex bots to manipulate inventories and commit fraud.
“And these are not easy to get rid of because the types of bots that are being created are more sophisticated and are created by world-class developers,” says Hindman.
Essentially, businesses need a solution that does more than detect bots at the perimeter. The right solution can help them keep up with the growing number of bot-related threats and prevent inventory manipulation and loss.