Keyboard with a shopping cart pictured on the enter key

What is cart abandonment?

In e-commerce, when bots automatically put items into digital shopping carts and leave them there without checking out, this is referred to as cart abandonment. This type of harmful manipulation is used frequently in online retailing. In cart abandonment, attackers aim to ensure that the artificially induced shortage of stocks causes customers to migrate to competitors.

Consequences of Cart Abandonment


A definition of cart abandonment

A comparison with traditional supermarkets illustrates how a cart abandonment attacks work: The customer fills his cart up with items. But instead of going to check out, he just leaves it in a corner and leaves the shop. It can take some time for staff to notice the abandoned cart and put the items back on the shelves. Until then, the goods are blocked from being sold to other customers. Bot attacks of the “cart abandonment” type work similarly in the virtual world. They involve blocking inventory in “parked” carts to slow down or hinder sales on the site under attack.

Online payment process


How does cart abandonment work?

Cybercriminals usually employ widely distributed botnets for cart abandonment. Their automated tools can block a large number of items simultaneously and are difficult to tell apart from regular buyers thanks to different IP addresses and falsified header data.

What are the consequences of cart abandonment?

Between 40 and 80 percent of the visitors to a webshop abandon their purchase. In bot-driven cart abandonment, blocking inventory is the goal from the outset. For products available in any quantity, this is not a problem at first. Parking carts becomes critical if the quantity of products is limited or if there is high demand for a certain time only. If an online provider successfully uses such a bot against a competitor, the competitor’s customers will be informed that the product is not available. As a result, he himself could be the one who gets the big rush of buyers. The direct consequences of cart abandonment include:

Economic losses

If the desired product is not available, customers will switch over to the competition. A considerable loss of revenue threatens the affected shop.

Image loss

Dissatisfied customers will give the company under attack negative ratings. From negative word-of-mouth propaganda to considerable backlash, the damage to the reputation of the online shop will be long-lasting.

Damage to organization and planning

Bots can disrupt the logistics planning and human resources organization of companies. There is a risk of bottlenecks on the one hand and a waste of resources on the other.

Online Shopping


Which industries are affected by cart abandonment?

E-commerce companies are primarily affected by cart abandonment attacks. These bots not only haunt heavily frequented webshops; small niche providers are also potentially at risk. Ticket sellers, the travel industry, and providers of limited lifestyle products are common victims as well.


How can companies protect themselves from cart abandonment?

To reliably fend off attacks of the cart abandonment type, companies must precisely analyze the traffic on their website and systematically block malicious access. A bot management solution that enables systematic control of automatic requests is a good solution for this. This enables companies to uniquely identify and counter malicious bots, while maintaining access for harmless requests, such as from search engines. There is enormous potential in consistently managing traffic on websites, especially since about half of all requests today are made by automatic queries.

Myra protects your webshop from cart abandonment

With Application Security and its integrated Deep Bot Management, Myra Security offers an upstream protection instance that protects online shops from cart abandonment and other manipulative intrusions. High-performance Myra technology monitors, analyzes, and filters malicious internet traffic before virtual attacks cause any real damage.

To Myra Application Security