Stop The Bots So I Can Buy My Hardware - It's Not That Simple.

TLDR: "Just make bot protection work" is impossible

For large companies it takes a large sum of money, decisions from numerous teams, and proper implementation in order to do it in a way that does not compromise customer trust.

In security, almost everything flows through three terms. Threat, Risk, and Vulnerability.

  • Threat: Anything that can exploit vulnerabilities.
  • Risk: Potential damage and loss.
  • Vulnerability: Weakness being exploited.

In the case of botting:

  • Threat: Automated scripts taking stock before people that do not use these scripts are able to.
  • Risk: You lose brand trust if you do not remediate this issue.
  • Vulnerability: A hole in CloudFlare that lets 1 of 100 bots through, or no bot mitigation at all.

So a company has two choices. Eat the risk and brand trust loss, or do something about it. If the cost of brand degradation is perceived to be less than the cost to mitigate this risk, it will continue.

Next, if the company chooses to mitigate the risk, they need to decide how to. Since no platform will mitigate 100% of the risk, it is important to ensure that whatever you choose to do maintains:

  1. Your customer experience is still top notch (accessibility)
  2. Your customer data is secure and safe (confidentiality)
  3. Your customer is who they say they are (has integrity)

Every platform you can choose has positives and negatives. For example, if you introduce captcha, you reduce customer satisfaction and potential sell through. If you don't, you will have one less way that bots are being stopped. Putting captcha in is also not a "bolt on" experience. Like Nvidia seems to have found out, it takes planning, testing, and correct implementation. A poorly implemented captcha can bring more harm to your brand trust than another launch mostly taken by bots.

Introducing a queue system with validation like Best Buy's creates an interesting dynamic.

  1. You defeat bots by introducing a completely different system that they have to account for.
  2. You help to allow more opportunities for real people to get your product.
  3. You introduce potential errors and confusion.

With the new validation and queue system, you reduce accessibility while improving integrity. It is harder to get through the steps, but it helps to ensure the people that are who they say they are will have the opportunity to buy a product.

Hopefully, this can help as an explainer as to why it's not as cut and dry as "just slap a captcha on!"

Refresh is community-supported. When you buy through our links, we may earn an affiliate commission.