Friend or Foe? What Every Merchant Needs to Know About Bots in Online Commerce

For consumers, automation in online commerce is no longer a luxury, it’s a necessity. Whether it’s receiving personalized shopping recommendations or enjoying one-click checkouts, people increasingly rely on automated technologies to enhance convenience and save time. At the center of these shopping advancements are bots.

As bots become more prevalent in online shopping, businesses and payment providers face a big challenge: how can they support helpful bots that make shopping easier for consumers, while blocking harmful bots that put security at risk? Finding this balance is about more than just technology; it’s about making sure online shopping stays safe, easy, and reliable for everyone involved.

What Are Bots?

Let’s back up a bit first and start by getting a better understanding of what bots really are. Bots are automated software agents that streamline consumer experiences, anticipate needs, and deliver tailored solutions at unprecedented speed and scale. In e-commerce, there are two main types of bots:

• Helpful Bots: There are a few types of helpful bots including chat bots, price comparison bots and agentic commerce bots. Chat bots are rules-based bots that follow a predetermined logic path when consumers interact. Agentic commerce bots act as 24/7 digital personal shoppers. They not only search for products and compare prices, they also complete purchases for customers. They are intended to save time and make shopping easier for consumers.
• Malicious Bots: These bots are designed to cheat the system. They steal customer data, test stolen credit cards, hoard inventory, and scrape pricing information. They create fraud and can ruin the shopping experience for both merchants and consumers, leading to potential financial losses for businesses and frustration for shoppers.

Real-World Examples of Bots You’ve Probably Seen

Bots have become a part of everyday online shopping. Here are examples you might recognize:

• Price Comparison Bots: Bots monitor prices on goods or services such as airfare, and book automatically when prices drop. Typical price comparison bots monitor prices and send you a notification when the prices drop below a certain threshold. With agentic commerce price comparison bots, they have the ability to take the extra step and make the purchase for you at the time of the price drop – without any manual payment entry.
  • For example: You say, “Book trip from NYC to LA on December 20th if the price drops below $500.” The agentic commerce bot watches prices 24/7 and can secure the deal and book the flight, even while you sleep.
• Voice Assistants: When you ask a voice assistant to order an item for you, you’re using a bot that connects to e-commerce platforms to complete purchases without you having to manually enter any payment data.
  • For example: Amazon’s Alexa+ is a voice assistant that is powered by agentic AI. You can simply say “Alexa, order more cat litter on the 15th of each month” and it completes the transaction and ships the item each month without you having to take any action.
• AI Shopping Integrations: Bots have the ability to evaluate product options, compare prices, and make purchasing decisions based on questions and prompts you provide.
  • For example: You type into ChatGPT, “Find me the best women’s winter boots under $150 in a size 9.” The agentic commerce bot within ChatGPT then searches multiple sites, filters based on your provided criteria and presents curated options right within the chat window. You can then buy the item without leaving the ChatGPT window.

Examples of Malicious Bots

• Scalper Bots: These bots buy up limited-edition items before real customers can.
  • For example: You are prepared and waiting online to purchase concert tickets that go on sale at 10:00 AM and within the first 30 seconds, scalper bots have grabbed hundreds of tickets in seconds, leaving the event sold out within the first few minutes. Those tickets are later resold on other websites for double or triple the original cost – leaving legitimate consumers frustrated.
• Credential Stuffing Bots: Bots that use stolen usernames and passwords to break into accounts and make fraudulent purchases.
  • For example: Bots infiltrated the food delivery app, Deliveroo, and accessed user accounts using leaked credentials, placing fraudulent orders worldwide.
• Inventory Hoarding Bots: Bots that fill carts with popular items during big sales (like Black Friday) to create artificial scarcity, leaving real customers frustrated. Attackers use this tactic to manipulate prices, resell items at inflated rates, or harm competitors.
  • For example: During a restock of the PlayStation 5, malicious bots flooded retailer sites, adding thousands of consoles to carts and preventing legitimate buyers from purchasing them.

Positive Impacts of Agentic Commerce Bots for Merchants

Agentic commerce bots can positively impact your business in several ways:

• New Sales Channels: Bots integrated into platforms like ChatGPT or Google AI Shopping allow customers to buy directly from merchants without visiting their website. This gives you products and services more visibility and increases brand awareness.
• Higher Conversions: Bots can reduce friction for customers by making the checkout process faster and easier. Studies show that utilizing agentic commerce bots can increase conversion rates by 25% due to a frictionless shopping experience.
• Repeat Business: Bots can automate reorders for everyday items, increasing customer loyalty and recurring sales.

Negative Impacts of Agentic Commerce for Merchants

While agentic commerce bots offer convenience and automation, they can also introduce challenges for merchants that could impact revenue and customer engagement:

• Potentially Fewer Upselling and Cross-Selling Opportunities: Bots prioritize efficiency over exploration. As such, it is plausible that a bot would not be exposed to personalized recommendations or bundled offers that normal online shopping interactions offer.
• Lower Average Order Value: Without proactive prompts for complementary products such as extended warranties or add-ons, merchants may see a decline in average order value compared to traditional online shopping experiences.
• Decreased Brand Engagement: Bots streamline transactions, but this can limit exposure to curated content, seasonal promotions, or loyalty programs that build long-term relationships with customers.

Negative Impacts of Malicious Bots for Merchants

Malicious bots should not be ignored and can create serious challenges for merchants:

• Fraud Costs: Credential stuffing bots use stolen passwords to access accounts and place fraudulent orders, which can lead to chargebacks.
• Inventory Manipulation: Hoarding bots add items to carts without buying, creating artificial scarcity and eroding customer trust.
• Price Wars: Scraping bots steal pricing data, forcing merchants into implementing constant price adjustments.
• Reputation Damage: When bots cause poor shopping experiences, customers blame the merchant – not the bot.

What Can Merchants Do About Bots?

1. Use Bot Management Tools: These tools help distinguish between good bots and harmful bots. Look into implementing solutions such as Cloudflare Bot Manager, or Imperva Advanced Bot Protection to keep your online business safe.
2. Secure Checkout Processes: Harmful bots can exploit vulnerabilities in checkout systems by performing card testing (using stolen credit card numbers to find valid ones) or making fraudulent purchases. These attacks can result in financial losses for merchants and compromised accounts for consumers. To mitigate these risks, enable multi-factor authentication (MFA) for account logins and high-value transactions, use tokenized payments, and implement address verification systems (AVS).
3. Monitor Traffic Patterns: Malicious bots often create abnormal traffic spikes or repetitive actions that humans wouldn’t. You should be tracking velocity spikes, failed login attempts or an abnormal amount of cart abandonments. The bot management tools mentioned above Cloudflare Bot Manager or Imperva Advanced Bot Protection, have the ability to monitor traffic patterns on your site and alert when suspicious activity occurs.
4. Work with Your Payment Provider: Payment processors typically have advanced fraud detection tools which can help you stay ahead of bot-driven attacks. Ask your payment processor about bot-specific fraud prevention features they enable, such as velocity checks, real-time transaction monitoring, and machine learning-based fraud detection.

The Future of Online Shopping Is Bot-Driven

Agentic commerce bots are here to stay. They’ll make shopping faster and more personalized. But malicious bots will keep evolving too. Merchants who act now by investing in smart security and bot management will protect their business and help maintain customer satisfaction.