Seven times last month, Benjamin Karmis, a 26-year-old priest from Wheaton, Illinois, US, failed to get his hands on the latest Sony PlayStation 5 video game console from retail websites including Walmart and Facebook Marketplace. But it wasn’t because another person beat him to the purchase. Instead, Karmis and other shoppers were outgunned by so-called “scalper bot” software, that resellers use to snatch up products online and relist them moments later at significant mark-ups on eBay and Amazon Marketplace.
The coronavirus pandemic that has kept millions of shoppers at home has also emboldened such resellers, whose high-tech arbitrage – legal in most countries – is bringing grief for everyday shoppers. “There is no possible way that I could have been more prepared to get one, and I have failed every single time,” Karmis said. This year, bots have also targeted pandemic-era essential goods, including P&G’s Charmin toilet paper and Reckitt Benckiser’s Lysol.
In Britain, bots have even snatched grocery delivery slots reserved for elderly people. Retailers are trying new tactics as the pandemic has broadened bot-powered reselling to new product categories and expanded the appeal of resale at a time when many people have lost their jobs, consultants and cybersecurity experts said. Some stores have vowed to step up cybersecurity measures.
Others have spread out availability or offered products only to a handful of established customers. “Given bot scripts are constantly evolving and being re-written, we’ve built, deployed and continuously update our own bot-detection tools that allow us to successfully block the vast majority of bots,” a Walmart spokesman told Reuters. He added, “Online volume has already been high this year due to COVID, and the release of next-gen consoles is creating traffic volume and patterns that have never been seen before. “Some customers said the company’s website crashed when they tried to buy one of the new consoles.” Walmart said that despite heavy traffic, its site stayed online.
‘Not for resale’
Scalper bots first gained prominence in the concert ticketing and limited-edition sneaker markets about a decade ago, with resellers cutting to the front of the online queue. Although US law prohibits ticketing scalpers under the federal Better Online Ticket Sales (BOTS) Act of 2016, no such protections exist for retailers. “It’s kind of nefarious, but is it illegal? No,” said Edward Roberts, application security specialist at cyber security firm Imperva. Nike, a major target of resellers, has come up with creative ways to battle the bots, such as giving established members on its SNKRS app the chance to reserve shoes that they can pick up at a Nike store. In 2018, Nike went so far as to offer a pair of red Air Jordan 1 sneakers stamped with the words “NOT FOR RESALE” on the sole.
Those now go for close to $1,000 on online resale marketplace StockX. “It’s a major problem, but at the same time I think retailers are now figuring out ways to combat bots with better firewalls and by getting consumers more engaged with things like in-store raffles,” said Jay Somerville, a former apparel buyer at Nike. At Walmart, most of the “significantly higher” traffic for the new video game consoles came from bots, the company spokesman said.
On November 25, the world’s largest retailer blocked more than 20 million bot attempts within the first 30 minutes of a PS5 sales event that day, among other preventative measures.
The company also conducts after-sale audits, cancelling orders placed by bots and making those products available to regular consumers. Target and GameStop also said they have high-tech bot protection software on their websites, declining to offer more details. But as such bot usage expands across regions and product categories, their coders have remained a step ahead of corporate security officials. Most scalper bots reload web pages every few milliseconds to gain an edge in adding products to their shopping carts.
Some try to disguise themselves as hundreds of different customers from different locations. Sometimes, resellers take down a retailer’s website temporarily, distracting security programs to let scalper bots slip through the cracks, said Thomas Platt, head of ecommerce at Netacea, a bot security company. Resale bots can go for up to $5,000 apiece on online marketplaces, or through rings coordinated on social media sites.
Scalper bots have become increasingly mainstream, easily found by entering phrases like “Nike bot” or “PS5 bot” into online search engines.
People can buy limited-time access to them for as little as $10 to $20 .“There’s significant money in this, and the PS5 is a great example,” Platt said.
Netacea has identified one console re-selling ring, for instance, that made about $1 million to $1.5 million in the last two weeks of November. UK-based CrepChiefNotify, a subscription service that teaches members how to use bots and alerts them to the availability of hot items, claims its customers have purchased about 6,000 new PS5 and Xbox consoles. The company said it has doubled its membership to 4,000 since the start of the pandemic, when many of its members lost their jobs.
It says its clients have generated a profit of about GBP 400 on average per game console when reselling them. “These are businesses..people pay their mortgages doing this,” said Imperva’s Roberts. “They have a goal and it’s financially motivated, so they’re not going to go away.”
© Thomson Reuters 2020