{"id":997121,"date":"2022-09-23T17:34:00","date_gmt":"2022-09-23T09:34:00","guid":{"rendered":"https:\/\/geetests.com\/article\/inventory-bots-and-denial-of-inventory-attacks"},"modified":"2025-09-12T18:42:59","modified_gmt":"2025-09-12T10:42:59","slug":"inventory-bots-and-denial-of-inventory-attacks","status":"publish","type":"post","link":"\/en\/article\/inventory-bots-and-denial-of-inventory-attacks","title":{"rendered":"Inventory Bots Explained: How to Stop Denial of Inventory Attack?"},"content":{"rendered":"<div class=\"vgblk-rw-wrapper limit-wrapper\">\n<h2><span style=\"background-color: transparent; color: #678eff;\">What is the denial of inventory attack?<\/span><\/h2>\n<p><span style=\"background-color: transparent; color: #000000;\">The common thought of denial of inventory refers to making products or services out of stock by adding them to online shopping carts but never proceeding to checkout.<\/span><\/p>\n<p><span style=\"background-color: transparent; color: #000000;\">Denial of inventory sometimes also known as inventory hoarding or inventory exhaustion is a prevalent security threat that people usually see <\/span><a style=\"background-color: transparent; color: #1155cc;\" href=\"https:\/\/blog.geetest.com\/en\/article\/online-fraud-prevention-for-holiday-shopping-season\" target=\"_blank\" rel=\"noopener noreferrer\">in the e-commerce industry<\/a><span style=\"background-color: transparent; color: #000000;\">. It&#8217;s a type of automated attack that is more subtle and sophisticated than others, but it can significantly cramp online retailing businesses by preventing customers from placing orders which not only stains the business reputation but also impacts their revenue stream.<\/span><\/p>\n<h2><span style=\"background-color: transparent; color: #678eff;\">Who is the target of the denial of inventory attack?<\/span><\/h2>\n<p><span style=\"background-color: transparent; color: #000000;\">With web-based technology and internet communication continuing apace, digital transaction has come to our rescue. Various enterprises turned to the internet to boost business revenue, and companies from certain industries such as e-commerce almost completely rely on it, which makes them extremely vulnerable than others when it comes to automated bot attacks, like denial of inventory, <\/span><a style=\"background-color: transparent; color: #1155cc;\" href=\"https:\/\/blog.geetest.com\/en\/article\/what-is-ticket-scalping-why-prevent-ticket-scalping\" target=\"_blank\" rel=\"noopener noreferrer\">scalping<\/a><span style=\"background-color: transparent; color: #000000;\">, <\/span><a style=\"background-color: transparent; color: #1155cc;\" href=\"https:\/\/blog.geetest.com\/en\/article\/carding-damages-your-business-and-cardholders\" target=\"_blank\" rel=\"noopener noreferrer\">carding<\/a><span style=\"background-color: transparent; color: #000000;\">, etc.<\/span><\/p>\n<h3><span style=\"background-color: transparent; color: #434343;\">Targeted sectors:<\/span><\/h3>\n<p><span style=\"background-color: transparent; color: #000000;\">Industries that constantly suffer from denial of inventory attacks are likely to be those have time-sensitive items involved, such as tickets, limited edition products, fresh produce, etc.\u00a0<\/span><\/p>\n<p><span style=\"background-color: transparent; color: #000000;\">Listed below are the top targeted sectors (as stated by<\/span><a style=\"background-color: transparent; color: #1155cc;\" href=\"https:\/\/owasp.org\/www-pdf-archive\/Automated-threat-handbook.pdf?rel=nofollow\" target=\"_blank\" rel=\"noopener noreferrer\"> OWASP<\/a><span style=\"background-color: transparent; color: #000000;\">).<\/span><\/p>\n<ul>\n<li><span style=\"background-color: transparent;\">E-commerce<\/span><\/li>\n<\/ul>\n<p><span style=\"background-color: transparent; color: #000000;\">E-commerce companies face an increased risk of denial of inventory attacks, especially during the holiday season when bad bots await to make their move. These bots automate nefarious attacks on retailers&#8217; inventory by holding products in their carts so no one else can access them.<\/span><\/p>\n<ul>\n<li><span style=\"background-color: transparent;\">Travel<\/span><\/li>\n<\/ul>\n<p><span style=\"background-color: transparent; color: #000000;\">Companies in the travel industry, like airlines and hotels, usually have a real-time searching system for booking flights and choosing seats. Once the automated bots continually make reservations without purchasing tickets, the real users cannot make successful purchases, which brings immediate financial impact on their business.<\/span><\/p>\n<ul>\n<li><span style=\"background-color: transparent;\">Healthcare<\/span><\/li>\n<\/ul>\n<p><span style=\"background-color: transparent; color: #000000;\">Denial of inventory attacks aimed at the healthcare industry constantly happens when there is a huge demand for medical resources. Healthcare entities, like hospitals and health care organizations, currently are relying on online platforms for <\/span><a style=\"background-color: transparent; color: #1155cc;\" href=\"https:\/\/blog.geetest.com\/en\/article\/malaysia%E2%80%99s-vaccine-registration-blind-spot\" target=\"_blank\" rel=\"noopener noreferrer\">vaccine appointments<\/a><span style=\"background-color: transparent; color: #000000;\">, which has already led to a sharp rise in bot traffic. It would be no surprise if fraudsters take advantage of this situation to infect healthcare response to the pandemic.<\/span><\/p>\n<p><span style=\"background-color: transparent; color: #000000;\">Some sectors also witness a rising risk of denial of inventory attacks:<\/span><\/p>\n<ul>\n<li><a style=\"background-color: transparent; color: #1155cc;\" href=\"https:\/\/blog.geetest.com\/en\/article\/stop-bad-bots-funneling-blockchain-games-with-captcha\" target=\"_blank\" rel=\"noopener noreferrer\">Blockchain\/crypto games<\/a><\/li>\n<li><span style=\"background-color: transparent;\">Government<\/span><\/li>\n<li><span style=\"background-color: transparent;\">Financial<\/span><\/li>\n<li><span style=\"background-color: transparent;\">Technology<\/span><\/li>\n<\/ul>\n<h3><span style=\"background-color: transparent; color: #434343;\">Damages caused by denial of inventory attacks<\/span><\/h3>\n<p><span style=\"background-color: transparent; color: #000000;\">Businesses that are highly dependent on their web assets are very sensitive to any type of service interruptions like denial of inventory, account takeover, credential stuffing, ad fraud, etc. As soon as bot herders successfully make the items unavailable to real users, what comes after is not just financial loss.\u00a0<\/span><\/p>\n<p><span style=\"background-color: transparent; color: #000000;\">The results are a series of damages:<\/span><\/p>\n<ul>\n<li><strong style=\"background-color: transparent;\">Immediate financial impact<\/strong><span style=\"background-color: transparent;\">: It is quite apparent that as long as the products are taken out of circulation, the sellers are unable to sell to make money.<\/span><\/li>\n<li><strong style=\"background-color: transparent;\">Increased infrastructure cost<\/strong><span style=\"background-color: transparent;\">: When attackers release their bots to the targeted website, the traffic of the site suddenly spikes, so the site owners have to pay higher-than-normal infrastructure fees to maintain the operation of their websites.<\/span><\/li>\n<li><strong style=\"background-color: transparent;\">Stained business reputation<\/strong><span style=\"background-color: transparent;\">: Bad bots will ruin real customers&#8217; shopping experiences by preventing them from purchasing items and accordingly decrease the business reputation.<\/span><\/li>\n<\/ul>\n<h2><span style=\"background-color: transparent; color: #678eff;\">Motivations for denial of inventory<\/span><\/h2>\n<p><span style=\"background-color: transparent; color: #000000;\">Most attackers do it for competitive reasons.<\/span><\/p>\n<p><span style=\"background-color: transparent; color: #000000;\">The bad actors have various motivations for denial of inventory attacks but most of them are not aiming for direct financial profit (unlike <\/span><a style=\"background-color: transparent; color: #1155cc;\" href=\"https:\/\/blog.geetest.com\/en\/article\/bot-management-solution-for-crypro-companies\" target=\"_blank\" rel=\"noopener noreferrer\">scalping<\/a><span style=\"background-color: transparent; color: #000000;\"> where the goods or services are acquired by fraudsters and resold at higher prices somewhere else).<\/span><\/p>\n<ul>\n<li><strong style=\"background-color: transparent;\">To sabotage the sale of its competitors<\/strong><span style=\"background-color: transparent;\"> by preventing customers from placing orders at a certain time (e.g. new product release)<\/span><\/li>\n<li><strong style=\"background-color: transparent;\">To figure out the inventory level<\/strong><span style=\"background-color: transparent;\"> of the targeted store by adding limited items to the shopping cart<\/span><\/li>\n<\/ul>\n<h2><span style=\"background-color: transparent; color: #678eff;\">How does denial of inventory work?<\/span><\/h2>\n<p><span style=\"background-color: transparent; color: #000000;\">Attackers take advantage of the inventory tracking system of online stores which takes an item out of inventory once it is added to the shopping cart.<\/span><\/p>\n<p><span style=\"background-color: transparent; color: #000000;\">Real customers may do this from time to time when they want to shop around and get the best price, but attackers would use automated bots to relentlessly select and add targeted items to the shopping cart by using the time-to-checkout policies (website owners usually set 15 minutes or so for customers to complete the purchase; the time setting varies from sector to sector).<\/span><\/p>\n<p><span style=\"background-color: transparent; color: #000000;\">Automated bots can be customized to attack specific items in a targeted website. For example, bots would automatically repeat the purchase flow thousands of times until the item becomes unavailable.<\/span><\/p>\n<h2><span style=\"background-color: transparent; color: #678eff;\">How to detect denial of inventory attacks?<\/span><\/h2>\n<p><span style=\"background-color: transparent; color: #000000;\">Here are some symptoms you should pay attention to. Once it happens to your website, there might be a possibility that you are under a denial of inventory attack.<\/span><\/p>\n<ul>\n<li><span style=\"background-color: transparent;\">Inventory balances reduce quickly<\/span><\/li>\n<li><span style=\"background-color: transparent;\">Increased stock held in baskets or reservations<\/span><\/li>\n<li><span style=\"background-color: transparent;\">Elevated basket abandonment<\/span><\/li>\n<li><span style=\"background-color: transparent;\">Reduced use of payment step<\/span><\/li>\n<li><span style=\"background-color: transparent;\">Increasing complaints from users being unable to obtain goods\/services\u00a0<\/span><\/li>\n<\/ul>\n<h2><span style=\"background-color: transparent; color: #678eff;\">Use CAPTCHA to stop denial of inventory attacks<\/span><\/h2>\n<p><span style=\"background-color: transparent; color: #000000;\">CAPTCHA is one of the most commonly used tools in the fight against the denial of inventory attacks and other automated bot attacks, like <\/span><a style=\"background-color: transparent; color: #1155cc;\" href=\"https:\/\/blog.geetest.com\/en\/article\/prevent-account-takeover-from-damagin-your-business\" target=\"_blank\" rel=\"noopener noreferrer\">account takeover<\/a><span style=\"background-color: transparent; color: #000000;\"> and <\/span><a style=\"background-color: transparent; color: #1155cc;\" href=\"https:\/\/blog.geetest.com\/en\/article\/evrything-you-need-to-know-about-credential-stuffing\" target=\"_blank\" rel=\"noopener noreferrer\">credential stuffing<\/a><span style=\"background-color: transparent; color: #000000;\">. It is designed to detect and stop high-risk and repetitive requests to a website (and apps in the age of screens). There is an undeniable need for all online platforms with critical operations such as login, registration, submission, etc., to defend against automated bot attacks.<\/span><\/p>\n<p><span style=\"background-color: transparent; color: #000000;\">CAPTCHA can help:<\/span><\/p>\n<ul>\n<li><span style=\"background-color: transparent;\">Prevent comment spam<\/span><\/li>\n<li><span style=\"background-color: transparent;\">Stop fake registration<\/span><\/li>\n<li><span style=\"background-color: transparent;\">Protect online polls<\/span><\/li>\n<li><span style=\"background-color: transparent;\">Defend against ATO &amp; credential stuffing attacks<\/span><\/li>\n<li><span style=\"background-color: transparent;\">Secure bonuses, giveaways, and ticket purchases<\/span><\/li>\n<li><span style=\"background-color: transparent;\">Safeguard e-commerce operations<\/span><\/li>\n<\/ul>\n<p><a style=\"background-color: transparent; color: #1155cc;\" href=\"https:\/\/www.geetest.com\/en\/Register_en?utm_source=blog\" target=\"_blank\" rel=\"noopener noreferrer\">Register for a 30-day free trial<\/a><span style=\"background-color: transparent; color: #000000;\"> of GeeTest Adaptive CAPTCHA now!<\/span><\/p>\n<h2 class=\"ql-align-center\"><\/h2>\n<\/div>\n<p><!-- .vgblk-rw-wrapper --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>denial of inventory is an automated bot attack that depletes goods or services stock without ever completing the purchase or committing to the transaction.<\/p>\n","protected":false},"author":8,"featured_media":996302,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[94],"tags":[],"class_list":["post-997121","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-botpedia"],"_links":{"self":[{"href":"\/en\/wp-json\/wp\/v2\/posts\/997121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"\/en\/wp-json\/wp\/v2\/comments?post=997121"}],"version-history":[{"count":1,"href":"\/en\/wp-json\/wp\/v2\/posts\/997121\/revisions"}],"predecessor-version":[{"id":997541,"href":"\/en\/wp-json\/wp\/v2\/posts\/997121\/revisions\/997541"}],"wp:featuredmedia":[{"embeddable":true,"href":"\/en\/wp-json\/wp\/v2\/media\/996302"}],"wp:attachment":[{"href":"\/en\/wp-json\/wp\/v2\/media?parent=997121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"\/en\/wp-json\/wp\/v2\/categories?post=997121"},{"taxonomy":"post_tag","embeddable":true,"href":"\/en\/wp-json\/wp\/v2\/tags?post=997121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}