Quick facts

Attackers aggressively target in-demand items and services to make a profit.

Sneaker bots are some of the most sophisticated in the industry, notorious for retooling.

83% of companies say bots are becoming more sophisticated and difficult for their security tools to detect.

Bots can account for up to 99% of traffic on e-commerce sites during hype or flash sales.

What is checkout fraud, and how does it work?

From the tickets and events industry to shoe retailers and businesses in between, the e-commerce boom has coincided with a rash of checkout fraud. Everything from Playstation 5 and Xbox One consoles to hand sanitizer — fraudsters nab things fast, get in line first, and check out quickly.

Adversaries abuse the checkout process in multiple ways, such as:

  • Hoarding inventory
  • Testing stolen credit cards
  • Abuse coupons and promotions

Armed with these checkout fraud techniques, attackers acquire all sorts of goods, sometimes keeping them for themselves, sometimes reselling them for steep profits. They use bots with similar functions that go by various names:

  • Shopping bots
  • Scalper bots or “Grinch bots”
  • Sneaker bots

These bots do the most damage when they target in-demand goods and limited-availability items.

Take shoes, for example. Sometimes bots will snag a huge amount of sneakers to resell for a tidy profit. Other times they’ll simply hold all of the inventory in the checkout cart, without ever purchasing it — this is a denial of inventory attack, and it gives the appearance that the retailer is out of the shoe, forcing would-be buyers to try their luck with resellers.

Regardless of its end result, checkout fraud is a violation of fairness, convenience, and trust that frustrates customers and erodes brand equity.

What’s the impact of checkout fraud on your business?

From your revenue to your customer experience to your very brand itself, checkout fraud has a range of harmful effects, including:

  • Poor UX, CX, and site performance
  • Unfair shopping experiences
  • Compromised high traffic events (e.g., hype, flash, or ticket sales)
  • Excessive and unpredictable infrastructure costs
  • Loss of customers
  • Damage to your reputation and brand equity

When a brand drops a new hot item, bot traffic can spike 100x and account for up to 99% of the web traffic on its site — that’s serious interest from a serious threat.

 99%

When a brand drops a new hot item, bots can account for up to 99% of the web traffic on its site — that’s serious interest from a serious threat.

Why is Kasada effective for stopping checkout fraud?

A key piece of e-commerce success is more traffic — but the right kind of traffic. Recent studies show that, on average, bots make up roughly 50% of traffic. But that number can spike dramatically when there’s a big product reveal, hype sale, or when a new in-demand item drops.

Sneaker bots are some of the most sophisticated in the industry. Kasada’s layered defenses make it difficult and time-consuming for adversaries to impersonate human users and retool. The architecture is able to scale-up instantly to meet the flash traffic demands associated with hype sales. Combine that with analytics that provide insight into your site performance and traffic and you’ve got a powerful one-two punch to preventing checkout fraud. The results? Better quality traffic. More conversions. Infrastructure savings. And on and on. Take a look at a case study of Kasada in action:

A global footwear manufacturer’s flash sales were continuously compromised by denial of inventory attacks. Kasada stepped in and stopped the attacks, and increased the brand’s legitimate web traffic by 100-fold.

 

Want to learn more?

Automated Threats From Login to Checkout

Adversaries attack retailers throughout every stage in a customer's purchase journey.
Read More

Kasada and Signifyd Partner to Fight eCommerce Fraud

Announcing a strategic partnership with Signifyd, a specialist in eCommerce fraud and consumer abuse protection.
Read More

Beat the bots without bothering your customers — see how.