In an insightful conversation, we engage with Yien Wu, the Head of South and Southeast Asia (SSEA) and ANZ at CDNetworks, to dissect the growing menace of scalper bots in the live entertainment industry. Delving into the intricacies of bot infiltration and the ensuing consequences for businesses and consumers, this interview unveils the complex dynamics of this digital dilemma.
Yien Wu’s expertise offers a window into strategies for mitigating these threats and the pursuit of transparency and fairness in ticket sales.
Read on for an in-depth exploration of the evolving landscape of scalper bots and the quest for solutions.
Scalper bots have caused significant disruptions in the live entertainment industry by snatching up tickets and reselling them at inflated prices. Could you elaborate on how these bots infiltrate and attack users during the ticket-purchasing process, and what are the different types of scalper bots that are commonly encountered?
Scalper bots work through a few steps. First, an attacker creates multiple fake new accounts or takes over existing user accounts for searching for the targeted products. The bots are then programmed with scripts that will start searching from the front of the queue as soon as an online sale goes live.
Through these bots, attackers are also able to add the maximum number of products to carts, way more than any single human customer is capable of. The bots then use credit card details from previously compromised accounts to complete the checkout, ensuring that the products are not available for real users.
There are a few types of scalper bots:
- Pre-bot: This is used to set up an account before the official ticket sale date. It contains scripts that would automatically visit multiple sites at the same time. With the accounts already set up before the event, the bot will be ready with credit card information to secure tickets the moment they go on sale.
- Auto Form Fillers: This type of scalper bot crawls pages with registration forms and automatically saves the data entered by users. This could include their names, addresses and credit card numbers, and this data is saved by the bot to be used in the future for quick checkouts.
- Auto Refreshers: Auto-refreshers are bots that are scripted to automatically call and refresh a website to check if tickets have gone on sale. Once it detects that tickets are on sale, it will use credit card details obtained by the form filler bot to quickly make purchases before real users can.
- API Scrapers: These bots scrape data from APIs to automate various tasks such as sending spam, logging into accounts and purchasing items.
The increasing sophistication of scalper bots is a concerning trend. What factors are driving this heightened level of sophistication, and what security risks do these advanced bots pose to both businesses and consumers?
Bots are becoming much more sophisticated to evade detection, and their behaviour has evolved to become incredibly human-like. This is driven by the adoption of artificial intelligence and machine learning which allows bots to alter their behaviour and correct mistakes in real time. Additionally, with the advent of generative AI, malicious bot technology will only evolve at an even greater, more concerning rate.
The emergence of bots as a service (BaaS) has also lowered the barrier to entry. With BaaS, anyone can launch a bot attack. BaaS allows malicious operators to set up a botnet and dispatch bots to any website or application. Furthermore, because BaaS services are set up so that users only pay for successful attacks, BaaS platforms are incentivised to make their bots as sophisticated and as deadly as possible, meaning they will pose an even greater risk to consumers and businesses across a myriad of industries.
Certain types of businesses seem to be more vulnerable to scalping activities. From your perspective, which industries or types of events are particularly at risk of falling victim to scalper bots, and why?
The live entertainment industry is always a key target. This is especially apparent in concerts and music festivals featuring popular musicians that often experience overwhelming demand. Similarly, major sporting events such as regional or world championships also experience immense demand for tickets and are prime targets for scalping bot attacks.
Industries involving limited-release products, such as fashion and electronics also face similar challenges. Scalpers may capitalise off of the public’s fear of missing out, snatching up items quickly to be resold at much higher prices.
Another key target for scalper bots is the travel sector, where flight tickets or accommodation are being sold online. These bots would target them during promotion seasons or high-demand travel periods to snap up the best offers.
More and more sectors are now being targeted by scalper bots. Even the logistics industry is not immune. Due to excessive fraudulent registration, high-frequency queries, malicious and false container bookings during the COVID-19 pandemic, logistics service providers were forced to protect booking platforms from scalping to avoid the risk of broken stowage and revenue loss.
A common denominator is the convergence of high demand, limited availability, and emotional attachment which heighten the risk of scalper bot activities.
The consequences of ticket scalping enabled by bad bots can be detrimental for both businesses and consumers. Could you shed light on the long-term impacts that businesses and consumers may suffer as a result of such practices?
Ticket scalping reduces event promoters’ ability to estimate consumers’ demand, resulting in loss in potential revenue. With scalper bots, tickets can be sold out very quickly, which may lead to promoters thinking there is more demand for the tickets. They may then increase the ticket quantity, only to end up losing revenue as the increased quantity does not meet the actual demand.
It could also damage an event promoter’s reputation, as consumers would perceive them as being unable to provide fair and secure ticket purchasing experiences. This could make it more challenging for them to find sponsors in the future.
It also impacts the consumers by artificially driving up prices. Due to scalping, consumers may end up paying significantly higher prices for tickets, leading to financial strain and frustration among consumers who feel exploited. Scalping bots also cause ticket scarcity. Genuine fans and consumers are unable to purchase tickets at face value, as these bots would quickly snatch up tickets.
Ticket scalping can also expose consumers to higher risks of scams and fraudulent activities. For instance, 54 Singaporeans were recently scammed out of SGD45,000 while attempting to purchase scalped Taylor Swift concert tickets.
Detecting and stopping scalper bots is a complex challenge. What strategies and advanced bot management solutions are available to businesses to effectively combat these bots and protect their customers from unfair ticket purchasing practices?
There are different approaches to detecting and stopping scalper bots:
- Static: This approach involves using static analysis tools to help with bad bot detection. These tools will look for header information and web requests that are typical of bad bots.
- Behavioral: This approach distinguishes between legitimate users, good bots, and bad bots by evaluating the activity and matching it against known patterns.
- Challenge-based: This method employs challenges or tests, such as CAPTCHA verification and device fingerprinting, to prevent bot activity.
- Integrated: This bot management approach automates the above approaches, while monitoring web traffic and implementing rate-limiting to help restrict bots across a vast landscape instead of focusing on a single IP address.
Restoring consumer confidence in ticket vendors is crucial. How can more effective bot detection contribute to rebuilding trust among consumers, and what steps can businesses take to enhance transparency and fairness in ticket sales?
Bot detection contributes to the prevention of ticket scalping through blocking and eliminating of malicious bots. As such, bot detection ensures availability of tickets for genuine customers, while strengthening ticket vendors’ website security and reliability. As a result, they improve the end-user experience and help protect businesses from losses and reputation damage.
Bot detection also boosts web performance. Bot traffic can compromise or slow down websites, which can reduce trust in the ticket vendor, both from the customers’ and event promoters’ standpoints. On the other hand, businesses that adopt bot detection would save themselves from the impact of bot traffic, be able to deliver good website performance, and be better able to provide a seamless user experience.
There are some steps that businesses can take to enhance transparency and fairness:
- Communicate clearly ticket release schedules and pricing.
- Implement CAPTCHA and behavioural analysis to differentiate users from bots.
- Enforce purchase limits to prevent excessive buying by bots.
- Establish regulations for ticket resale and verified resale platforms.
- Conduct regular audits and provide transparent reports on ticket allocation.
- Educate consumers about bot prevention measures.
- Offer prompt and responsive customer support.
- Collaborate with industry partners to address challenges collectively.
CDNetworks’ Security Platform 2022 revealed that a significant portion of web application and API traffic comes from malicious bots, including scalper bots. Could you share some insights into how your platform helps identify and mitigate the risks associated with these bots?
We have a cloud-based bot detection and management solution called Bot Shield, which helps businesses distinguish between legitimate traffic and undesirable bot traffic. The platform utilises a Good Bot Library which recognises and remembers good bots to allow access, while also controlling access by multiple dimensions, such as IP, URL and HTTP header to meet various scenarios.
Additionally, the platform also utilises CAPTCHA and fingerprint challenges to detect and avoid abnormal behaviour. The solution also uses machine learning to identify the latest bot features, send notifications of malicious bots, block these bots, and customise actions to protect against various types of bot threats.
With your extensive experience in the high-tech industry across different regions, could you provide examples of successful approaches or strategies that have been employed to combat scalper bots and protect the live entertainment industry?
In addition to implementing CAPTCHA to distinguish bots from genuine concert ticket seekers, techniques that can be implemented holistically to combat scalper bots include:
- Setting limits on the number of requests and rates of incoming connections to a web server. These can be set on mobile apps, websites, and APIs.
- Using a brute force method to block hosting providers and proxies that scalpers rely on.
- Browser validation – confirming that every user browser is what it claims to be. This strategy fights bots by checking for expected JavaScript agents and validating the browser’s behaviour.
- Using a bot management solution that is capable of monitoring bot activities, blocking bad bots from accessing websites, and allowing legitimate users to continue interacting with the website/app.
We have bot shield solutions that have been proven effective in helping our customers prevent bots from hijacking their web assets. Also, Bot Shield has helped them protect against automated attacks, threats, fraud and avoid abuse of resources by eliminating malicious bots effectively, all without disrupting the overall customer experience of legitimate users.
As CDNetworks expands into high growth markets, such as Indonesia, Vietnam, and India, how do you plan to address the unique challenges these markets may face in dealing with scalper bots and ensuring fair ticket sales?
With our presence in the APAC region, we understand that each market may have its own challenges regarding scalper bots. Our dedicated local teams in these markets allow us to gain insights into the local dynamics, consumer behaviour, and even scalper behaviour, as well as potential vulnerabilities. These teams understand what our customers and their customers need, and are at the forefront of developing tailored strategies to deal with scalper bots locally.
Furthermore, the local insights from our distributed teams are combined with the customised capabilities of our bot management solution (Bot Shield), which is deployed on our over 2,800 distributed Points-of-Presence (PoPs). The solution supports custom challenge thresholds and has flexible bot protection control, which allows customers to take specific actions against any threat type.
At the same time, we know that collaboration is essential. We partner with local businesses, industry partners, and the public sector to collectively address the challenge of scalper bots, along with educating people and enterprises about the danger of bot attacks.
Taking a localised approach to sales and understanding local market needs is important. Can you share specific instances where adapting to local preferences and demands has led to improved product and service quality in the fight against scalper bots?
We have dedicated local teams who are able to offer specialised technical support in each market that can support the needs of businesses in the APAC region, both in fighting against scalper bots, as well as in offering consolidated quality services for our clients. Our global expansion strategy has encouraged us to ‘think globally and act locally’. This is done through establishing local offices in key regions like South and South East Asia (SSEA), which allows us to communicate with customers in their native languages and understand their distinct needs.
We also have customised solutions for the industries we mentioned above, such as media and live entertainment, industries involving limited-release products, such as fashion and electronics, travel and logistics, to address industry specific pain points. Together with our robust content delivery network, media processing capabilities, and supporting services, we are committed to meeting the needs of businesses through a tailored and localised approach.
You must log in to post a comment.