Denial of inventory

Inventory denial occurs when automated bots fill shopping carts without completing the transaction. Items appear as out of stock, legitimate customers are unable to purchase, and the business loses sales, conversions, and reputation.

This is what happened to an athletic footwear e-commerce site, where products disappeared in a matter of seconds without generating any real revenue. Transparent Edge was brought in to regain control and protect the digital channel against future threats.

Use case

The vulnerability:

The bots were massively adding products to the shopping cart, but sales didn’t match the supposed demand.

The impact was significant for the business:

products that seemed out of stock,
frustrated customers
and a sharp drop in the conversion rate

How the attack was detected:

At first, the IT team thought it was a one-time spike in demand. However, the numbers didn’t add up: traffic skyrocketed, shopping carts filled in seconds, but sales weren’t growing at the same rate.

A detailed analysis revealed that these weren’t real users, but automated processes that a basic WAF couldn’t stop. The diagnosis was clear: it was a denial-of-service attack.

Transparent Edge’s response:

When Transparent Edge stepped in, it deployed a layered defense strategy that mitigated the problem and laid the groundwork to prevent future incidents.

Immediate actions

Restriction of origin: the CDN was placed in front of the origin server, handling requests on the platform and not directly on the website.
DDoS Protection: Anti-DDoS was activated for layers 3, 4 and 7 with a maximum request rate-limit that, when exceeded, automatically blocks malicious traffic.
Bot Mitigation: Bot Mitigation functionality added, with blocking mode settings, to stop all requests from unwanted bots.
Differentiation between humans and bots: the WAF was configured with JavaScript challenges, preventing automated processes from moving forward and ensuring that only real users access the website.

Deployment of protection strategy

IP scoring: thresholds were established to block addresses with a bad reputation or from networks with a history of abuse.
Anomaly detection: monitoring tools were incorporated to identify suspicious behavior patterns and track shopping bots.
Granular settings: a set of parameters was designed that can respond to the demands of specific marketing campaign moments that anticipate increased traffic.

What to keep in mind in e-commerce

Denial of inventory attacks are not a theoretical risk but a common threat to industries with scarce goods, high demand, or competitive markets.

Key aspects to monitor:

Increase in abandoned carts.
Declining conversion rates despite high traffic.

Botnets and AI agents

Inventory denial attempts can come from sophisticated bots, distributed botnets, and now also artificial intelligence (AI) agents that more accurately mimic a human shopper. This scenario requires solutions that evolve at the same pace as threats.

Talk to an expert

How Bot Mitigation works

Three complementary approaches:

• Fingerprinting: devices, browsers, IP addresses, and other identifiers are analyzed to recognize anomalous patterns.

• Challenges: interstitial tests are applied that a human user easily passes, but that block bots.

• Behavior: user movements, interaction speed, and navigation routes are evaluated in real time to unmask automatic processes.

Prevention and mitigation:

This is in addition to preventing less sophisticated bots by blocking IP ranges with low scores and issuing CAPTCHA challenges to data centers and proxies frequently used in attacks.

Our actions produce results

The implementation of Perimetrical allowed the company to regain control over its inventory. Conversion rates returned to normal levels, customer churn to competitors’ sites decreased, and the business gained confidence in its ability to withstand similar attacks in the future.