Open letter to Kmart Australia: why don’t you have sufficient bot protections?
To Kmart Australia,
We are writing to you as a group of several Australian Pokémon Trading Card Game (TCG) communities, representing thousands of dedicated players, collectors, and parents of disappointed children. Our goal with this letter is to ensure that Pokémon TCG products remain accessible to genuine fans and customers.
The Current Challenge
The kmart.com.au online shopping experience for high-demand Pokémon releases is compromised and unusable. When Kmart lists new Pokémon TCG products, they frequently appear "in stock" on your website, yet human users are consistently unable to complete a purchase. These products are often completely sold out within seconds, all purchased by software robots, leaving genuine customers frustrated and unable to participate in the hobby.
The latest examples:
- Today, 12th of May: Pokémon TCG Pokémon Trading Card Game: First Partner Illustration Collection Series 2
- In previous weeks: Ascended Heroes Booster Bundles, Elite Trainer Boxes - highly popular products and systematically purchased by bots, not humans
Technical Exploitation
This issue is driven by the use of automated "bot" software. This software does not navigate your website like a standard customer; instead, they utilise techniques to bypass the standard Kmart website or app. These methods include:
- API-Direct Checkout: Bots send data requests directly to your backend checkout and payment servers, skipping the "Add to Cart", shipping information and payment pages entirely, even if the product is not meant to be orderable yet. This means bots buy the products, owned/run by scalping opportunists, not real buyers.
- Fake order details: Bots cycle through names, credit cards, email and physical addresses, to maximise the amount of stock they can order automatically.
- Inventory Monitoring: Automated scripts scrape your servers at millisecond intervals to detect stock changes before they are even visible to the public.
- Automated browsing: Multiple automated instances act simultaneously to overwhelm the system and secure all available inventory before a human can click a single button.
Proposed Solutions
To level the playing field and ensure a fair distribution of products, we urge Kmart Australia to implement robust bot-mitigation strategies. Specifically, we recommend:
- Advanced Captcha Systems: Implementing a challenge-response test (such as hCaptcha, reCAPTCHA v3, or Cloudflare Turnstile) at the point of adding items to the cart or at the final checkout stage.
- Queueing Systems: Utilising a "waiting room" or queue for high-demand releases to process transactions in an orderly, human-verifiable manner. Cloudflare can offer you this capability.
- Account limits: Ensure that TCG purchases require a one-pass subscription and enforce an account limit for each product.
- Lottery: If you can’t invest in better technical systems like other stores have, stop selling online and ensure all stock is sold in-store, with a fair numbering or lottery system.
For the best successful examples of solutions, please refer to: JB-Hi-Fi and EB Games.
Call to Action
Facebook marketplace Australia is full of products that were purchased from Kmart, via bots run by scalpers, thereby taking advantage of collectors. We call on Kmart to implement a solution as soon as possible, with potential options outlined above. We call on Kmart to please stop helping scalpers profit.
We are calling on the wider Australian TCG community to share this letter across social media platforms and community forums. By raising awareness, we hope to demonstrate to Kmart Australia that there is a significant demand for a secure, fair, and bot-free shopping environment.
We look forward to seeing Kmart take proactive steps to support the local Aussie TCG community.
Sincerely,
The Australian Pokémon TCG Collector Community