Denial of Inventory
Attackers limit the availability of competitive goods or services to cheat customers
Automation lets attackers take ecommerce items out of circulation by constantly ‘reserving’ them in online carts. Subsequently, attackers never checkout and continue to accumulate items in their cart for the purpose of making them unavailable for purchase by others. Denial of Inventory can be discerned from Ticket Scalping in that the goods, or services, are never actually purchased by the attacker.
Denial of Inventory is also known as Blocking Transactions, Hoarding, Hold-All Attack, Inventory Depletion, Inventory Exhaustion, and Stock Blocking.
Arkose Labs prevent automation from distorting supply and demand in ecommerce
Attackers reserve items in their online shopping carts at a volume and velocity that would otherwise be unachievable by legitimate sources. Arkose Labs intercept Denial of Inventory with Enforcement, a challenge–response mechanism that precludes automation by forcing the attacker to verify they are completing tasks under authentic conditions. This proprietary defense keeps goods and services in circulation, and protects dynamic pricing models in aggregators and metasearch engines.
Denial of Inventory is used to conceal cheap airfares, hotel rooms, and restaurant reservations
Attackers exploit major airlines and trick unsuspecting travelers into booking more expensive airfares. Firing thousands of automated requests per second, attackers repeatedly reserve the most affordable seats on popular flights. This temporarily exhausts the allocated airfare inventory and gives the impression it is out of stock, which forces legitimate customers to purchase their ticket at a premium from a competing merchant.
Attackers also exhaust availability in other types of web applications, including restaurant reservations, hotel bookings, availability slots, budget apportionments, product rations, service allocations, and queue positions.