By Andy Still, Chief Product Officer at Netacea
Much to the frustration of shoppers, bots are snatching up exclusive items like sneakers and concert tickets instantly. But while some are fighting back against bots, others are taking advantage of them to access ultra-hyped items the second they drop.
Scalper bots circumvent traditional detection methods and controls to buy any in-demand item imaginable, faster than any could, to be resold at a profit. According to a report published by bot management specialists Netacea, almost half of Americans believe that they have been unable to buy what they wanted because of suspected scalper bot activity.
By far the largest number of respondents affected were those accessing tickets for events, 58% of whom said bots are beating them to the punch.
This came to a head in November 2022, when Taylor Swift’s Eras tour caused pandemonium amongst fans as they fought against the scalper bots that were waiting to buy tickets and resell them for more than 4000% of their recommended retail price (RRP). Taylor Swift’s intervention and the collective voice of her devoted fans resulted in a judiciary hearing that put the threats bots pose to consumers on the global stage.
While the hearing didn’t result in the prosecution of any bot actors, it highlighted that there is growing frustration surrounding the use of scalper bots.
But there’s another side of the coin; those driving the bot economy.
Why Are People Turning to BOTs?
It’s a familiar concept. Criminals utilize the resources and tools available to make a quick buck. Whether that’s buying and selling stolen goods for a vast markup, laundering dirty money, or hacking accounts for their valuable personal information. But the line blurs when it comes to scalping, and more of us are being drawn into this seemingly harmless activity.
The Better Online Ticket Sales (BOTS) Act outlaws the resale of tickets purchased using bots, with fines of up to US$16,000. That’s a clear line in the sand from lawmakers, stating that those caught buying and selling tickets using bots will be fined. The same has not been applied to other high-demand items. Yet.
Netacea’s research discovered that 26% of 18 – 35-year-olds admit they have resorted to using a bot in the last year, with a total of 1 in 6 Americans stating that they have used a bot. Amongst this age group there is a growing ‘can’t beat them, join them’ mentality, born of frustration as they struggle to access items at a fair price – or all – without a bot, and awareness that there is a lot of money to be made on the resale market.
Bec McKeown, Cyber Psychologist and Founder of Mind Science said: “A lot of decision-making factors are at play as people convince themselves to undertake a known risky action such as buying from scalpers. The desire to be part of the crowd supersedes normal behaviors, while factors such as price, which would historically have stood in the way of you accessing your desired good are removed, providing a big psychological driver to go and get those tickets. At this point, the chemicals produced in your brain are dictating.”
A combination of blurred legal lines, access to desirable items, and the lure of fast cash appear worth the risk and even a fine if the return is high enough, especially when social norms come into play and we’re driven by the need to be part of the crowd – whether that’s acquiring a ticket to that must-see concert, or getting your hands on (and feet into) the latest pair of Air Jordans.
One could speculate the role social media has played in creating this environment, given Millennials are the demographic most inclined to utilize bots. We live in a world of instant gratification, where consumerism is in hyper-drive, and being seen at an event while wearing the right clothes is perceived to be as essential as oxygen.
Are Everyday Consumers Driving the BOT Economy?
And what’s the harm in using a bot, sourced via a friend or a quick search on social media to access the bot that means you get to see your favorite artist live? It’s very easy to become detached from the bigger picture when sitting behind the safety of a screen.
The advent of readily accessible automated tooling has made it easy for anyone to find and use a bot. Netacea’s research revealed that people are predominantly seeking bots for hire on social media, with nearly 70% finding them on these platforms and 41% being connected to a bot operator by a friend.
A tiny 2% of Americans said they would never use a bot while 17% said they would, despite the risk of a $16,000 fine from the Federal Trade Commission if caught using bots to buy and sell tickets. This is indicative of the vast sums of money available in the scalper bot economy, where profitability trumps the risk.
“Scalper bots are regularly acknowledged as a money-maker,” said McKeown. “This creates the underlying conditions for confirmation bias in scalpers – a psychological phenomenon where new evidence only ever confirms existing theories. In essence, the bot users only ever see an upside for their actions.”
From High Demand to High-crime
Let’s consider the criminal aspect again. There is, after all, a reason that using scalper bots to buy and sell tickets is illegal.
On the surface scalper bot activity is fraudulent, with bot users skipping the online queue to make a purchase faster than any human can. However, the potential for crime runs deeper than merely queue jumping and profiteering. There is scope to use this thriving economy with its vast networks and deep pockets to fuel crime of a far grimier nature.
There are two scenarios at play here:
- Those using bots for personal use, get their hands on high-demand items that they feel otherwise unable to obtain.
These bot users, while at a glance causing little to no harm, are exacerbating the ‘have bots’ and ‘have-not-bots’ culture that will only worsen as bots become more accessible. And let’s not forget that the bot will need to be purchased from someone, typically via social media, which means putting money into the hands of a bad actor.
- Those using bots with the intent to resell the in-demand item for a profit.
While this may be an individual operating alone, for their gain, it could also be a larger operation created to prey on those driven to extreme lengths to access the item they want. The goal of such operations will vary from simple profiteering to money laundering for a criminal organization or harvesting personal data.
The result is the same. More money is poured into the bot economy, fueling further illegal activity and enabling the innovation of greater, sophisticated tooling that can circumvent existing defenses and perpetuate the challenge faced by customers and businesses alike.
Cyril Noel-Tagoe, Principal Security Researcher at Netacea, said: “Ticket and non-ticket scalping communities used to be reasonably disparate since using bots to bulk buy tickets for resale is illegal in most western jurisdictions. But even these lines are blurring. Many sneaker and consumer goods scalping communities are increasingly supporting ticket scalping, as potential profit seems to outweigh prosecution risk. They might not advertise it in public, but behind closed doors, they are facilitating illegal ticket scalping. Those tempted to do so often don’t even need to obtain additional tools. Many “sneaker” bots now include ticket scalping modules.”
Who is Responsible for Driving Change?
Extrapolated across the US eCommerce market, worth an estimated $277bn per quarter, an incalculable number of people are exposed to financial and ethical harm because of scalper bot activity. Desperate consumers are driven to unofficial secondary marketplaces to buy the desired ticket, clothes or consoles for a sum that vastly exceeds RRP, despite 91% of people fearing that their payment details may be stolen when doing so.
People are gradually waking up to the scale of the scalper bot problem and there is an appetite for accountability. 88% of Americans said that retailers should have technology in place to stop scalper bots, and 82% believe that Government regulation should clamp down on the use of scalper bots.
While we have seen celebrities such as Taylor Swift and Ed Sheeran take a stand against scalper bot activity, legislative change is slow and there is a need for businesses to act now. This starts with overcoming the technical issues.
Detecting and mitigating against bot attacks requires visibility of huge volumes of traffic, across websites, mobile apps, and APIs. This becomes difficult for large online brands that are targeted by sophisticated bots using an array of deceptions to bypass legacy bot detection technology.
Addressing the bot problem requires both legislative change and innovative technology capable of intelligently detecting bots amidst vast datasets.
Would the 18 – 35-year-old demographic be enticed by scalper bots if there was a clamp down on activity and a focus on creating a fair economy? Is the solution as simple as taking away the need to use scalper bots?
Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
