Everything you need to know about preventing sneaker bots
Sneaker bots plague releases. But what can retailers do? How did we get here? Will legislation fix things? How do sneaker raffles remove bots from the equation? Are there other options? These are the questions we’ll deal with in this blog.
If you’re a sneaker retailer, you know bots are a huge problem in the $42 billion sneaker business.
According to Imperva’s 2020 Bad Bot report over 18% of traffic to ecommerce sites comes from bad bots.
But sneakerheads know that in their world, bots dominate the game. On hyped releases, close to 100% of traffic comes from bots, according to Akamai’s director of threat research.
Limited-edition releases and high-profile collaborations generate so much demand that an entire resale industry has emerged.
Sneakers become assets, just like stocks or artwork. If you visited StockX—what the New York Times called “A Nasdaq for Sneakerheads”—you’d be forgiven for thinking you were looking at shares of Nike stock, not a resale site for Nike sneakers.
Where the money and hype are, bots follow.
Bad bots are bad for business. They erode the trust sneakerheads have in your brand. They sever the connection with genuine customers who could return to buy and evangelize your brand. And they create overwhelming traffic that can crash your site, losing sales on products across the board.
But what can retailers do? How did we get here? Will legislation fix things? How do sneaker raffles remove bots from the equation? Are there other options? These are the questions we’ll deal with in this blog.
How have sneaker bots evolved?
Sneaker bots seriously kicked off in 2012 with the release of the Air Jordan Doernbecher 9.
Nike chose to release the shoe via Twitter. Shoppers could reserve the shoe by being first to direct message (DM) the company.
Quickly, people created bots to scour Twitter’s API and DM Nike after any tweets with terms like “reserve now” or “Doernbecher”. With these bots “you could send hundreds of DMs in a tenth of a second,” says one botmaker.
Humans didn’t stand a chance.
At the same time, ecommerce platforms like Shopify appeared, making it easier to sell products online without technical expertise. With the Nike Twitter releases and increased online sneaker sales, botmakers began developing more advanced bots.
Originally, botmakers would sell their sneaker bots to shoppers who paid a premium to improve their chances of snagging sneakers. Whole sub-Reddit threads like /sneakerbots and /shoebots are dedicated to sharing knowledge on how to use bots to score a pair of kicks.
But then the botmakers realized: why sell a one-time product if they can charge a fee for every sneaker release and run the bots themselves?
And so the Add to Cart services were born. Sneakerheads go to a botmaker’s website, enter their order and payment information, and wait for the bot to do its dirty work. If successful, the sneakerhead pays a fee to the Add to Cart service for the bot-purchased sneakers.
Between the Add to Cart Services and individually run bots, the sneaker industry is currently at the point where close to 100% of traffic during sneaker drops comes from bots.
How do sneaker bots affect your business?
Using bots to buy and resell sneakers is a perfect example of rent-seeking behavior. That’s economist talk for profit-seeking without social value—in a word, leeching.
But sneaker bots are more than just a nuisance. When you sell a £140 pair of Travis Scott Air Jordans that middlemen then resell for 10-20 times retail price, your business loses out in several ways.
Missed connection with true customers
Many sneakerheads don’t have access to shoes at those price points. When they’re forced to buy on a secondary marketplace, your brand misses a crucial opportunity to connect with a real human customer and establish a strong, ongoing relationship. Bots don’t take part in upselling. They don’t return later to buy products from a brand they love. And they don’t evangelize your brand to friends and family.
Lost business intelligence
When fans use middlemen like Add to Cart services, it prevents you from interacting directly with the customer. You lose out on invaluable purchase activity that’s vital to business intelligence.
Flawed data for decision-making.
Sneaker bots skew the analytics you need to make informed business decisions. Fake accounts give a false impression of your customer base. And sneaker bots that hold product without buying ruin your cart abandonment metrics.
Damaged brand reputation
Then there’s just the fundamental unfairness of it all. Without using bots, people buying sneakers to actually wear them stand little to no chance of doing so. When customers feel this way, it hurts brand reputation.
As Yoav Cohen, senior VP of Product Development at Imperva, says, “Retailers aren’t technically losing profits by unintentionally selling products to malicious bots, but they are losing consumer trust.”
Just look at how Shopify is belittled as “Botify” on social media channels.
Website crashes & slowdowns
Bots and the increased traffic they generate can bring down websites all together, making it impossible for you to sell your products.
For an example of scope, realize that a Supreme launch saw 986,335,133 pageviews and 1,935,195,305 purchase attempts to their server in ONE DAY alone.
Queue-it customer SNIPES frequently attracts 100,000 sneakerheads on release days. When your website goes down, it means lost sales from other products on the website, too.
Bot activity was behind website issues that led Strangelove Skateboards and Nike to cancel their recent Valentine’s Day collaboration.
On the day of the launch, the company said via Instagram that “raging botbarians at the gate broke in the back door and created a monumental mess for us this evening”. “Circumstances spun way, way out of control in the span of just two short minutes,” they wrote.
Bots crashed the site, forcing the sneaker drop offline.
Are sneaker bots illegal?
At least in the U.S., the answer is no. While using automated bots to buy goods online often violates the retailer’s terms and conditions, there are no laws against it at the current time for sneakers.
The U.S. BOTS Act of 2016 made it illegal to buy tickets with bots by evading security measures and breaking purchasing rules set up by the ticket issuer. U.S. politicians introduced the Stopping Grinch Bots Act of 2018, which would broaden the scope to all products or services sold on the internet, shoes included. But the bill died in Congress.
And even if passed, the BOTS Act has highlighted the difference between legislation and enforcement. Just because a law is on the books doesn’t mean it’s followed. Strong enforcement is necessary to curb illegal behavior. The Federal Trade Commission—the agency tasked with enforcing the law—couldn’t comment on any instances of enforcement in the year after the BOTS Act’s passage.
Sneaker retailers could sue botmakers for damages for violating their terms of service. But a 2017 Wired article claimed that, until that point, no sneaker or clothing company had done so.
Given the game of whack-a-mole that would likely ensue when going after shady, often international, bot companies, you can’t really blame retailers.
Are sneaker raffles the solution to sneaker bots?
Faced with hordes of raging botbarians, several sneaker retailers decided to take the process offline by holding sneaker raffles.
What is a sneaker raffle?
In a sneaker raffle, shoppers enter a contest to win the right to buy a pair of sneakers. Sneaker raffles operate differently from a fundraising raffle, where people pay to enter the contest and, if someone’s entry is chosen, he or she wins the prize for free.
To run a sneaker raffle, a retailer collects all entries, either in-person or electronically. Then they choose one or several entries at random to decide who gets to buy the sneakers within a timeframe.
Most raffles require pickup at an in-person location, though some will ship the winners their shoes without in-person verification.
What are the benefits of a sneaker raffle?
Bots only operate online, so taking the raffle offline is effective in removing them from the sneaker equation.
Sneaker raffles are primarily effective because they tie the purchase to something in the physical world. The raffle winners need to show up in person and show a form of ID, like a credit card or driver’s license. This erects a huge barrier for resellers who operate on getting as much inventory as possible.
Finally, sneaker raffles helped avoid the heated tensions that came with the long store lines. There are many documented cases of releases turning violent and requiring police intervention, which a raffle can help prevent.
What are the drawbacks of a sneaker raffle?
Sneaker raffles take the process fully or partially offline in an attempt to beat sneaker bots, but not without consequences.
Eliminates first-come, first-served process
First-come, first-served is the gold standard for a fair purchase process.
For the sneakerhead community, where being on top of the latest trends, drops, and collaborations is a point of pride, it can be immensely frustrating to feel everything is left up to chance.
Sneakerheads have no control over whether they get the shoe. And the amount of L’s (coming up empty-handed) among raffle entrants can be staggering.
Also, raffles can still benefit resellers who aren’t interested in wearing the shoes themselves. They can easily enter every raffle possible, stacking the odds in their favor and letting them continue to flip kicks for a profit.
Open to multiple entries
Raffles are also prone to allowing multiple entries, decreasing their fairness. For in-person raffles, sneakerheads often bring several friends or family members to enter the drawing, increasing their chances. For online raffles, YouTube videos show how bots let shoppers create multiple accounts across many countries to improve their odds.
Removes marketing hype
Because raffles involve a delay between entering and winning (or more likely losing), they end up deflating the hype that a popular online launch can generate.
Is not transparent
How raffle winners are selected is not at all transparent. It conjures up images of store managers picking the names of their friends out of a hat, or shoppers bribing store managers to pick their name.
Customers don’t have insight into what’s going on, or how the raffle is run. Because raffles lack transparency, they score low on perceived fairness.
Limits to physical locations
Bringing the sneaker retail online equalized access to the market.
The hottest releases were no longer limited to sneakerheads living in metropolitan areas like New York or Los Angeles. A kid in rural Nebraska had the same chance to buy a pair of limited-edition kicks as someone in Manhattan.
With raffles that require in-store pickup, however, many sneakerheads in rural and suburban areas are unfairly left out.
If done well, you can run transparent, first-come-first-served sneaker releases that let you serve a wide audience of sneakerheads and harness the marketing hype.
But beating sneaker bots isn’t easy.
There’s plenty of money to be made in sneaker resale. So botmakers and operators will keep plowing money into the arms race against retailers.
You need to change the economics of bot attacks. That means targeting each attack vector and increasing bot operators’ costs to beat your protections.
An especially effective strategy involves tying the online purchase to something in the physical world, like a driver’s license or membership ID.
Here’s what you should investigate if you’re serious about preventing sneaker bots:
Monitoring is key because behavior will let you tell real sneakerheads from bad bots.
For example, if there’s a high concentration of visitors using the same IP address, it’s a red flag that bots are at play.
At Queue-it, we’ve found over 50% of the bots blocked by our virtual waiting room’s abuse and bot protection emanate from the same IP address. The bots are trying to simulate real users on a massive scale. But getting unique IP addresses is an additional step that not all bot operators take.
Preventing account creation & takeover
When bot operators try to buy many pairs of sneakers, they need several accounts for the purchases.
On account creation, bot mitigation tools like Akamai, Imperva, and PerimeterX validate biometric data like mouse movements, mobile swipe, and accelerometer data to distinguish bots from real users, and then feed that data into machine learning algorithms. You can also block or enforce Google’s reCAPTCHA on traffic from known bot hosting providers and outdated browsers typically used to run bots.
Managing traffic during the sale
Bots enjoy a speed and volume advantage. They use their speed advantage to blow by human users and their volume advantage to circumvent per-customer purchase limits. When the sneakers drop, you need to target the speed and volume advantages simultaneously.
A tool like a virtual waiting room can help neutralize both. Bots that arrive before the sale starts are placed in a pre-queue together with legitimate users. When the event launches, everyone in the pre-queue is randomized. This eliminates any advantage in arriving early or hitting the web page milliseconds after the start of the sale.
Retailers can require visitors to enter known data, such as a membership number, email address, or driver’s license ID to enter the virtual waiting room. Combining known data makes impersonating real users exceptionally expensive and complex. This makes it a powerful tool to combat bots’ volume advantage.
Virtual waiting rooms create a highly transparent online experience by giving detailed information on place in line and estimated waiting time.
And a virtual waiting room has the added benefit of giving you full control over traffic inflow so demand doesn’t crash your site. This can happen from human shoppers alone, but bot traffic only makes it worse. Placing visitors in a first-in, first-out online queue off your infrastructure keeps your website performing its best when you need it most.
Stop the sneaker bots & bring back fairness to sneaker drops
Many sneakerheads relate to the below Twitter user when he wrote:
Sneakerheads feel like they need a bot to have any shot at copping sneakers on the primary market.
And they’re not wrong.
Bots provide the fuel for the secondary market and their sky-high prices. All this has understandably strained retailers’ and brands' relationships with their real customers.
At Queue-it, we believe it’s possible to keep sneaker releases in the 21st century while ensuring shoes get in the hands of true sneakerheads.
Online sneaker sales have many advantages compared with in-store or raffle sales—but only if bots are under control.
Unfortunately, legislation isn’t likely to help any time soon.
So to keep the bots truly at bay, you need a best-in-breed, combined bot mitigation solution. Crafting a tailored strategy to mitigate unique attack vectors before, during, and after the sneaker drops gives you the best chance of achieving successful, bot-free sneaker sales.