This festive season, 'Grinch bots’ could be on the loose again, wreaking havoc in online sales, and with supply chain issues already causing shortages of many sought-after consumer goods, there’s a renewed push to try and shut them down.

Grinch bots are retail-scraping bots that buy up huge swathes of things in sales – everything from concert tickets and sneakers to gaming consoles – as soon as they drop.

Legitimate customers miss out and it sends the cost of sought-after items skyrocketing as they are flipped and put on sale on marketplace sites.

Now a proposed new law in the US is designed to put a stop to them.

When the Grinch bot strikes

Late last year, when the new PlayStation 5 console was launched, the bots struck, scooping up vast quantities and reselling on sites such as StockX and eBay at inflated prices, which also pushed up the prices of the older version 4.

And this practice is on the rise.

Bad bots (which includes Grinch bots) accounted for a staggering 25% of all website traffic in 2020, according to cybersecurity firm Imperva, a jump of 6% from the previous year.

A new Democrat-backed bill in the US, neatly named the ‘Stopping Grinch Bots Act', is aimed at outlawing the predatory practice.

It’s not the first time the US Congress has tried to stymie these malicious practices.

A previous bill was put forward in 2019, but it went to a committee where it stalled.

This latest attempt to outlaw automated tools that intentionally circumvent online security measures builds on the 2016 Better Online Ticket Sales (BOTS) Act, enacted to prevent concert tickets from being bought en masse and resold at hugely inflated prices.

The US is not the only country trying to take action.

Earlier this year, the UK government considered a similar law, with the proposed Gaming Hardware (Automated Purchase and Resale) Bill 2019-21 to criminalise online scalping after a surge in bot-driven buying and reselling of PS5 and Xbox consoles.

Can tech fix a tech problem?

As governments try to grapple with the problem of predatory bots, they face a myriad of challenges in stamping out the practice, even with new laws and penalties at their disposal.

At the outset, retail bots are not unlawful in many parts of the world and there’s little legal precedent to draw from in drafting laws that address the technical levers to stamp out the practice.

Grinch bots may operate across many jurisdictions, although, according to the Imperva data, bad bots often originate from the country they’re targeting, so country-specific laws may have some power.

The US Federal Trade Commission (FTC), responsible for handling the 2016 BOTS ticket sales law, has had some success in this area.

It handed down fines worth more than $43 million (US$31 million) and civil penalties at the start of the year against three US-based ticket brokers.

Sales of graphics processing units (GPUs), video cards, high-end sneakers – they’ve all been hit by Grinch bots and resold via online marketplaces like eBay and Amazon, but these are hard to rein in as their price gouging provisions are limited and they don’t necessarily have policies relating to reselling from automated Grinch bots

On the retail side, online stores may have policies about bots, but they’re unlikely to be keen on adding a layer of technology to block bot traffic that may also restrict legitimate sales.

Using CAPTCHAs and other anti-bot mechanisms on retail sites that need high volumes of traffic and frictionless transaction is also unlikely to be appealing.

Stock shortages are expected to last into next year as supply chain issues continue.

Here’s hoping the Grinch bots won’t make things worse at sales time.