Every June and January, France’s state-mandated “soldes” periods drive a sharp spike in consumer activity, and with it, a measurable rise in fraud and abuse targeting online retailers. These events are heavily anticipated by consumers and adversaries alike.

Fraud actors know exactly how to take advantage of this sales window: high user volume, loosened friction controls, increased pressure on systems and staff. We consistently see the same tactics play out, adapted to whatever new evasion techniques are currently in circulation.

The good news is that this isn’t a novel challenge. It’s a repeat engagement, and one we can prepare for.

Sales spikes obscure malicious traffic

Soldes drive volume: 20% of annual French e-commerce revenue occurs during these periods, with 63% of consumers participating and budgeting €232 each. But while retailers brace for high demand from customers, they often underestimate what’s coming from bots.

During flash sales, like the first day of summer or winter soldes, we routinely see bot traffic increase 5x to 30x compared to baseline. These aren’t just commodity scrapers. They include distributed credential stuffing operations, session-aware scalping bots, and carding campaigns targeting checkout APIs. Many operate through residential proxy networks to sidestep IP-based rate limits.

Without behavioral analysis and real-time blocking in place, they blend in with legitimate traffic, and win.

Adversarial tactics that escalate during soldes

1. Scalping bots and cart saturation

Modern scalping bots operate at the API level. They bypass frontend rate limits, pull inventory in real time, and either automate checkouts or tie up availability by placing high-demand products in persistent carts. This creates artificial scarcity, frustrating real customers and skewing analytics. In some cases, cart-reserved inventory can rapidly outpace actual stock levels, creating artificial scarcity within minutes of a product drop.

2. Credential stuffing across user pools

Attackers know users will be logging in en masse to claim loyalty rewards, apply vouchers, or complete purchases. That activity gives perfect cover to credential stuffing attacks. The use of breached credentials across shared email domains (e.g. Gmail, Orange, Yahoo) makes attacks harder to differentiate from normal user behavior, especially when login success rates hover below 1% and blend into expected failure patterns.

3. Carding in low-value transaction windows

During soldes, attackers often test card validity via low-value purchases, particularly on mobile flows and guest checkout endpoints where friction is low and detection is inconsistent. Test transactions often use products priced just below the fraud-review threshold, allowing bad actors to confirm cards without triggering alerts.

4. Real-time scraping of prices and inventory

Adversaries and competitors aggressively scrape product and pricing data throughout the soldes period. These bots tend to cycle user agents frequently and rotate IPs to avoid basic protections. Beyond performance degradation, the business impact includes promo leakage, real-time undercutting by competitors, and fraudulent duplication of listings.

5. Availability attacks and smokescreens

Less frequent, but worth noting, are denial-of-service attempts timed to coincide with big sale launches. These can serve as cover for parallel fraud operations or simply target promotional momentum. In some cases, attackers initiate brief but high-impact bursts of traffic aimed at slowing down cart and checkout APIs, often from newly weaponized botnets.

Why soldes amplifies risk

The architecture of soldes—high urgency, aggressive discounting, compressed timelines—shifts team priorities toward conversion and uptime. That often means:

• Looser login or payment friction
• Temporary suppression of alerts
• Limited headroom for infrastructure scaling

These are trade-offs attackers anticipate. Many of the bots seen during soldes are engineered specifically to exploit leniency in login velocity thresholds, IP diversity checks, and order anomaly detection logic. Without adaptive defenses, those vulnerabilities are exposed quickly.

How we prepare & respond

At DataDome, we treat the soldes as a known operational scenario. Our preparations for flash sale events like these begin weeks ahead:

• We analyze threat patterns from previous cycles to proactively deploy countermeasures.
• We update rulesets and anomaly models to account for regional login shifts, mobile-heavy access, and edge-case flows like guest checkout.
• We coordinate directly with our customers’ infrastructure and fraud teams to anticipate flash traffic scenarios.

During the event, our Premium SOC stays live on all accounts:

• Monitoring for deviations in login success/failure ratios
• Tracking sharp changes in cart abandonment or payment failure rates
• Investigating spikes in unusual user agent strings or traffic via proxy providers

When we detect a pattern, we don’t wait; we adapt filters and issue blocklists in real time. And we follow through post-event to correlate traffic patterns with observed fraud outcomes.

Precision matters

Soldes is a high-stakes moment for e-commerce businesses. The revenue opportunity is significant, but so is the exposure. Traffic surges mask fraud indicators. Business teams relax controls to protect conversions. And attackers deploy increasingly tailored automation to slip through the gaps.

DataDome’s protection stack is purpose-built for this challenge. Products like Bot Protect and Account Protect provide behavioral-based, real-time detection and response to threats like credential stuffing, scalping, scraping, and carding across both web and mobile applications. For teams needing deeper operational support, DataDome’s Premium SOC offers expert-driven oversight and tuning, ensuring defenses stay sharp and responsive throughout the sales period.

Security teams need to match that pace with visibility, coverage, and fast reaction capability to apply the right controls at the right layer, without compromising the shopper experience.

If you’re preparing for the summer soldes, and you want coverage that moves as fast as the threat, let’s talk. Schedule a demo now to learn more about how DataDome can help.