This leading sporting goods retailer is well-known for offering the best selection of sports equipment from top brands. In addition to its e-commerce business, the company operates 35 stores across the United States, serving more than 7.5 million customers annually.
The company began noticing an increase in carding attacks, specifically on its e-gift card balance checking page. These types of carding attacks, known as gift card cracking, are increasingly common and difficult to detect. The bots themselves are designed to behave like humans, making them hard to distinguish. Security teams that block bots too aggressively or cannot detect the subtle behavioral differences will mistakenly block human customers. The company needed a solution that could differentiate between a sophisticated carding bot and a human, and one that could easily integrate into its existing tech stack.
“I have worked with PerimeterX in the past, so I was familiar with their products and how well they worked. When we needed a solution for the carding attacks, partnering with PerimeterX was a no-brainer.”
The retailer needed an immediate solution to gift card cracking that would be able to integrate with its Salesforce Commerce Cloud (SFCC) storefront. Members of the retailer’s e-commerce information security team had worked with PerimeterX Bot Defender in the past, with a similar use case and with SFCC. Because of their familiarity and previous success with Bot Defender, the security team opted to bypass the vendor selection and proof of concept process and move straight to implementation. The team highlighted the immediate benefits of using a product that could provide:
Protection against sophisticated carding attacks: Bot Defender collects hundreds of pieces of user activity data and device behavior to determine whether a user is a bot or not.
Easy integration: The cloud-native PerimeterX Platform integrates with industry-leading technologies to safeguard digital businesses using existing infrastructure.
Evolved Challenges: Bot Defender leverages PerimeterX Human Challenge, a user-friendly verification that is hard for bots to solve, yet easy for humans, improving customer experience on sites.
Within hours, Bot Defender was integrated into the retailer’s tech stack. The company noted that while Bot Defender offers continuous protection, it is particularly effective during periods of high traffic.
Figure 1: Requests blocked by Bot Defender during attempted carding attacks.
During a recent attack, when over half of its web traffic was malicious, Bot Defender detected and blocked over 397K malicious requests while allowing over 383K legitimate requests from customers to proceed without impact. There was also a noticeable improvement in web performance since unwanted bot traffic was being blocked at the edge.
Figure 2: Time spent on Human Challenge versus reCAPTCHA on verification pages.
Since switching from reCAPTCHA to PerimeterX Human Challenge, the company decreased the amount of time customers spend on verification pages from 66.09 seconds to 34.85 seconds. Removing unnecessary friction had a positive impact on customer satisfaction.
By implementing Bot Defender, the company improved its security posture without negatively impacting customer experience. The company was able to protect against gift card cracking while simultaneously improving its website performance.
“The partnership between PerimeterX and Salesforce made the implementation extremely easy; we were up and running that same day.”
Using machine learning and behavior-based analytics, PerimeterX solutions detect and block automated bot attacks and client-side threats with unparalleled accuracy. Your online business is protected while preserving user experience and page response times.
PerimeterX is cloud-based and platform-agnostic. Using machine learning, we constantly update our library of attack patterns based on interactions with applications, fingerprints from devices and network characteristics to protect against the next new threat.
To keep watch over your web and mobile applications and APIs, PerimeterX functions as an extension of your team and provides responsive, best-in-class service and around-the-clock security analyst oversight.