Prevent Denial of Inventory

Denial of inventory attacks deplete goods or services stock without ever completing the purchase or committing to the transaction. A bad actor uses human or machine-based automation to load a shopping cart, placing the inventory in a holding pattern, effectively denying access by other buyers.

Denial of Inventory Attacks

When orchestrated through large scale bots, denial of inventory it leads to a condition where the online merchant has ALL of their inventory in the “hold” state, effectively blocking legitimate customers from being able to shop for these inventory items. Denial of inventory attacks commonly target high value retail items (e.g., sneakers, mobile devices, airline tickets) as well as restaurant reservations, delivery time-slots, and parking spots. The goal of a denial of inventory attack can vary from profit to competitive to disruptive where the attack is used as a denial of service attack.

Denial of Inventory Attacks

Airline Seat Spinning

Airline industry seat spinning is a widespread problem where bots traverse the flight reservation workflow up to the point of paying for the ticket, thereby holding seats on flights. Airlines typically have between 5-20 minutes of hold period for the payment step. During this period “seat spinners” try to then sell those airline tickets for a small profit. If they are not successful in booking any profit, they let the hold period expire and seats are returned back to the inventory. But due to repeated attempts of seat spinning the time window in which seats are available for legitimate customers reduces significantly and, in some extreme cases, these customers find flights completely booked. Repeated seat spinning causes airlines to run half empty flights as legitimate customers are not able to book tickets on their online platform.

Airline Seat Spinning

Bot Defense Denial of Inventory Prevention Differentiators

Denial of inventory attacks can result in loss of revenue and competitive disruption. Act quickly to discover and stop them before they damage your business.

ML-based Analytics Automatically Discovers Automated Shopping

As soon as new APIs and web shopping cart applications are deployed, Bot Defense begins detection and analysis of traffic. This enables you to monitor your ecommerce applications and prevent denial of inventory attacks before they impact your business.

Open, Extensible and Customizable Platform

Using more than 150 customizable automation indicators, CQAI determines the malicious or benign intent of each API transaction request. The REST API can be used to export CQAI findings to external systems for archiving, additional analysis or an alternative response.

Customizable Response Options

Customizable mitigation policies provide multiple response options including block, rate limit, geo fence, or deception. Using deception allows you to send a custom response to the attacker, effectively putting guardrails around their activities.

New Apps Protected Automatically, Delays Eliminated

As different teams create and deploy new products with shopping cart access, they are automatically discovered and protected from denial of inventory attacks by Bot Defense, effectively baking security into your application deployment workflow.

Consistent Protection for Web Apps and APIs

Bot Defense uses a single, consistent security policy to protect your API, web and mobile shopping cart endpoints so you can unify protection and defend against denial of inventory.

Container-Based Architecture for Greater Flexibility

A container-based software architecture allows Bot Defense to be deployed in your data center, the cloud or as a SaaS offering, so you to choose the architecture that best fits your needs.

Benefits of Denial of Inventory Attack Prevention

Check Mark

Rapid Discovery and Identification of Automated Shopping

Deep behavioral analysis of the user intent by CQAI means fraudulent API activity is detected more quickly and consistently than competitive offerings. More rapid discovery translates into reduced denial of inventory or seat spinning attack response time.

Check Mark

Enhance Security Effectiveness

Customizable automation indicators and responses enable you to fine tune and maximize attack prevention policies to eliminate business disruption caused by denial of inventory.

Check Mark

Tight Security Ecosystem Integration

With REST APIs and an open architecture, you can ensure information is shared between third party sites and other IT infrastructure like SIEMs and SOC systems.

Our Customers

Every day, Cequence Security analyzes and protects billions of application transactions for customers in the financial services, retail, and social media industries.

Narvar logo
houzz logo
MX logo
Zuliliy logo


Browse our library of datasheets, research reports, blogs, and archived webinars to learn more about our Application Security Platform.

Research Reports
Bulletproof Proxies: The Evolving Cybercriminal Infrastructure

This report maps attack patterns observed within the Cequence Security customer base to one of the leading Bulletproof Proxy providers.

View Report
Preventing Fraud Caused by Account Takeovers

Organizations are plagued by automated attacks such as account takeovers and fake account creation. Learn how these attacks work, how the attackers hide in plain sight, and innovative strategies for catching malicious bots.

View Now
Case Studies
Zoosk: Preventing ATOs and Romance Fraud

Discover how Zoosk eliminated romance fraud by preventing ATOs targeting the mobile APIs.

Read More

Bot Defense SaaS Free Trial

Start preventing fraud caused by denial of inventory attacks and other API business logic abuse now.

Bot Defense SaaS