Whether you’re looking for this year’s must-have gaming system or the designer sneakers your kid begged Santa for, it’s been tough this holiday season to find the hottest toys—at least at their regular retail price.

Lots of people are trying to buy those items, but it’s not the only thing driving demand. Shoppers are also competing against an army of bots.

Bots, short for software robots, are applications that run automated tasks over the internet. They have legitimate uses. But for years, scalpers have been employing them to gobble up event tickets. Not long ago, New York’s attorney general revealed that one such broker had purchased 1,012 tickets to a U2 show at Madison Square Garden in a single minute.

MORE ON HOLIDAY SHOPPING

Today, the same shady techniques are used to buy and sell such items as toys, high-end collectible sneakers in Adidas’ Yeezy line, and gaming equipment.

Want a Nintendo SNES Classic Edition? The popular throwback gaming system retails for $80 but was listed on eBay Monday for upward of $200.

And that has politicians and consumer advocates seeing red.

“Grinch bots cannot be allowed to steal Christmas, or dollars, from the wallets of New Yorkers,” Sen. Chuck Schumer of New York told reporters on Sunday.

Schumer called on retail trade groups to investigate the prevalence of bots on their member retailers’ websites, and then restore fairness to the system by finding ways to block the bots.

Chuck Bell, programs director for Consumers Union, the policy and mobilization division of Consumer Reports, appeared with Schumer at Sunday’s press conference and echoed his sentiments.

Retailers and policymakers need to “work together to develop solutions, so that consumers will be able to shop for toys and other gifts on a level playing field,” Bell said.

How Bots Work

Bot creators study the web addresses, or URLs, for a given retail site and then use data-scraping techniques to guess the ID for an unreleased product and locate the product page, explains Omri Iluz, a co-founder and CEO of PerimeterX, a Silicon Valley-based startup that designs anti-bot technology.

“They’re very sophisticated tools,” Iluz says.

Because merchants typically launch these pages hours before the product goes on sale, bots get a jump on consumers before the page goes live, he says. They get another jump by subscribing to Twitter APIs to learn about a manufacturer’s sale milliseconds before everyone else.

“There is simply no competition between a bot and even the most organized human,” Iluz says, adding that bots poll sites hundreds of times per second, tirelessly waiting for sales to start.

And then they complete the purchase, picking sizes and entering payment details in a fraction of a second, often using servers located less than a millisecond from the merchant’s. This allows a bot to finish the deal before the product page even loads for most shoppers.  

According to New York’s attorney general, some bot operators use 10,000 IP addresses and 500 credit card numbers to bypass retailer purchase limits. In some cases, their software is also trained to read and respond to the bot-fighting CAPTCHA phrases on the checkout page. In other instances, foreign workers are hired on the cheap to type the required info into the security box.


Go to 
Consumer Reports' 2017 Holiday Gift Guide for updates on deals, expert product reviews, insider tips on shopping, and much more. And be sure to check our Daily Gift Guide.

How to Fight Them

Congress tried to curtail this sort of scalping by passing the Better Online Ticket Sales Act of 2016, but the law applies only to event tickets. 

Meanwhile, manufacturers and retailers are playing catch-up as the problem grows, says Lance Cottrell, chief scientist at the cybersecurity firm Ntrepid. “This is a serious PR problem,” he adds. “It makes the toys or tickets unavailable to anyone without the financial means to pay the scalper or secondary-market prices.”

And consumers are growing frustrated. Joseph Smith of Chesapeake, Va., went online to buy Nintendo’s new SNES Classic Edition right after the console went on sale this past August. Like other consumers, he tried Walmart, Target, and GameStop without luck.

“Walmart was like a 40-second blur of availability,” Smith said via email. “As I added the preorder to my cart and went to log in, the site was bogged down. I hit refresh and it was gone—just that quick.” He eventually snagged a preorder from Walmart. But some of the $80 consoles were being offered on eBay at that time for $200 and up.

And that’s just the beginning of this year’s woes. Also in the bot operators’ crosshairs: The Nintendo Switch gaming system, which has been in short supply this fall, and the iPhone X. 

Some manufacturers are trying to address the problem. For instance, Adidas has launched an app, called Confirmed, that lets shoppers reserve sneakers online and pick them up in person.

In general, however, the bot problem seems to be growing, leaving consumers left to cope as well as they can.

Whatever you’re shopping for online, Laurie Schacht, chief toy officer of The Toy Insider, has some advice. For one thing, find out the suggested retail price to avoid being gouged by a scalper.

Also, try to shop early. Demand for hot toys builds as Christmas approaches, attracting more bots. Avoid procrastinating, Schacht says, and “you are much more likely to pay a fair price and avoid lots of headaches.”

Editor's Note: An earlier version of the article appeared in the December 2017 issue of Consumer Reports magazine.