Ex Sneaker Botter Now Cybersecurity Expert Protecting E-Tailers

The term sneaker botter originated with the practice of using sophisticated software to help quickly purchase limited-edition inventories of major brands like Nike and Adidas online for resale at a higher price. The term followed expanded bot attacks that progressed into snatching up concert tickets and other high-priority products sold on e-commerce platforms.

Mitch Davie is now a renowned global leader in bot management and account security. A friend invited him to the programming opportunity about eight years ago. That group was among the first in Australia to employ code automation techniques on e-commerce sites.

He has never fraudulently used stolen credentials to make purchases. If the bot user commits no fraud, using bots is not illegal, he says.

A few years ago, Davie decided to use his programming skills to improve cybersecurity outcomes and protect e-commerce platforms. That came as he changed his focus to raising a family and working in a career that helped many more people.

The concept of automating online purchases has not gone away, according to Ashish Jain, CPO/CTO at Arkose Labs. Although automating bulk purchases using bots is not illegal [in certain jurisdictions], some attackers use them to obtain consumers’ credentials to carry out fraudulent purchases.

Bot attackers can also take over consumer accounts on e-commerce sites and create false accounts to send purchases to their own addresses. Jain is familiar with such practices from his time working at eBay validating user identity and handling risk and trust assessments for that commerce platform.

This proportion of the bot traffic depends on the specific vertical, and the use cases differ in e-commerce versus banking versus the tech industry.

If the terms of the service agreement states that scraping user information is not allowed, if you have a bot and scrape it, it is considered illegal.

Other situations exist that rely on bot automation to abuse the e-commerce system. One is making returns for profit.

If you buy an item intending to keep it, a return is legitimate. If you do that repeatedly, make it a practice, it becomes an abuse. Your intent essentially is to be able to defraud the company.

Another form of illegal bot use involves payment fraud. Attackers might use bots to get a list of credit cards or stolen financials. Then, they use that scraped information to buy and ship an item purchased for that purpose. That’s certainly illegal.

The key difference in determining bot usage lies in whether the activity constitutes fraudulent behavior or legitimate stockpiling. It’s crucial to assess whether the bot is simply automating tasks or being used for fraud. Additionally, an agreement between the entity using the bot and the website owner from which the data is being gathered is a significant factor in this evaluation.

According to Davie, cybersecurity firms like Arkose Labs specialize in advanced defensive measures to protect e-commerce sites from bot activity. They use constantly updated highly advanced detection technology.

Bot attacks are an ever-emerging process that spans many different industries. When Arkose mitigates an attack scenario in one sector, attackers will hop to a different industry or platform, ecommercetimes.com reports.