WP Scalpers, and their bot armies, swing in to net web-based Spiderman tickets | Imperva

Scalpers, and their bot armies, swing in to net web-based Spiderman tickets

Scalpers, and their bot armies, swing in to net web-based Spiderman tickets

29 November 2021 was “Spider Monday” and tickets for Marvel’s film Spider-Man: No Way Home went on sale with the sort of marketing fervor for which Disney and the Marvel Cinematic Universe (MCU) are famous. As tickets to one of the most eagerly anticipated Christmas films featuring one of the most popular assets of the MCU franchise went on sale, all did not go quite according to plan. Cinemas were unprepared for the volume of tickets that were quickly and unfairly grabbed by resellers and scalpers. Not only does this prevent the real fans from having a positive experience, but it can also reflect poorly on the cinema chains and movie theatres; possibly on the films and production companies themselves given that they are an integral part of such a highly promoted event.

Spider Monday Image

Some ticket listings on auction sites have already sold at $100 per ticket, which is quite a mark-up on the usual $20/seat face-value admission price. Scalpers often take advantage of scarcity, buying up items with limited availability. Opening day ticket sales at theatres are just the latest items people are hoarding and putting up for sale at heavy markups alongside tricky-to-find (due to the current chip-shortage) consoles like the Xbox Series X and PS5, with both Sony and Microsoft’s machines going out of stock the moment they go on sale. For more on this, watch Imperva CEO Pam Murphy discuss the role of bots in manipulating the market for popular holiday gift items.

Other popular items range from sports and concert tickets to training shoes, and any online retail items that they can resell for a profit elsewhere. Store exclusives and limited releases, even niche products such as the B&M/Character Options Doctor Who action figure range that have an infinite shelf life and no cut-off date, are a prime target for opportunists looking to make a few dollars for buying in bulk then sitting on a product until demand outgrows the price they are asking.

Profits can be small, maybe just a few extra dollars, or (for rarer and more exclusive items of high demand) in the hundreds of dollars and very profitable. People are free to buy something and resell it at whatever price they want – that’s their right once they own a piece of property – but that does that really make it fair? While scalping isn’t technically illegal, and neither is buying from scalpers, it is an ethical grey area that can reflect poorly on eCommerce retailers and can slow down websites and cause a reduced customer experience – damaging goodwill and pushing genuine visitors to the competition in frustration, damaging sales and PR. This is further exacerbated by sales events where traffic is already high, like Black Friday or promotions like “Spider Monday”. No one wants the headline to be “Customers can’t get tickets” on the day of your big promotion when you’ve spent hundreds of thousands of dollars, worldwide, on your most publicized single day of sales.

Spider Monday Image 2

Low-tech scalping is a simple matter of repeatedly refreshing an eCommerce website while attempting to purchase an item as soon as it’s available, or through leveraging connections and insider information to purchase items before they’re released. Most scalpers, however, are far more organized. Nowadays, with surprisingly little technical knowledge, it’s possible to easily buy items using scalping bots. Imperva’s report “State of Security Within eCommerce 2021” recently revealed that over half (57%) of all attacks recorded on retail websites were carried out by bots in 2021. These bots use targeted attacks to stop regular customers from buying items and buy up large quantities of tickets and items as soon as they drop. Some of these bots even list things automatically on a third-party website, such as CraigsList or eBay, in order to turn a faster profit.

Opportunistic resellers can deploy thousands of bots from untraceable IP addresses in brute force attacks as soon as a venue or seller first makes tickets, especially opening night tickets, available for sale. In 2017, one of the largest specialist online ticket sellers in the US filed a lawsuit against a ticket reseller for their continued use of scalper bots. The company claimed that by using this method, the reseller had locked over 40% of the available tickets for performances of hit Broadway musicals and Las Vegas boxing matches. In an effort to put a stop to behavior like this, US Congress passed the Better Online Tickets Sales Act of 2016, more commonly referred to as the BOTS Act. While scalping isn’t technically illegal, using bots to do so in the US is illegal. The BOTS Act enforces several fines and penalties for people found guilty of using bots (or any other technology) for the purpose of undermining eCommerce ticket seller systems with the aim of reselling them on the secondary ticket market. This has not stopped this practice from growing considerably in recent years, however, both within the US and further afield.

Fortunately, many companies have begun to implement anti-scalping systems behind their storefronts. These solutions can range from better control of bad bots to managing the flow of visitor numbers at peak times and during promotions or releases using specialist queuing systems.

Modern bots now easily bypass CAPTCHA systems and more basic security measures, but at Imperva we offer a total solution for mitigating scalping bots and opportunistic and unfair low-tech trading practices. We have created a total (and automated) solution to maintain site speed, protect the customer experience, prevent denial-of-inventory, and preserve a positive public opinion of our eCommerce customers by their online shoppers. Contact one of our Imperva representatives for a no-obligation chat to find out how we can help.