Founded over 30 years ago, Avenue Stores is a leader in the fashion industry for plus size clothing. It is considered the leading website for in-season, up-to-date plus-size fashions, serving millions of customers each year.
In the spring of 2017, Avenue Stores customers began noticing fraudulent
orders for merchandise placed on their accounts. Customers complained to their credit card companies who, in turn, notified Avenue that something was amiss. Avenue’s information security and fraud prevention teams investigated the issue and discovered that a ring of attackers had used bots to target Avenue.com with account takeover (ATO) attacks.
Over the course of three months, the Avenue fraud prevention team spent thousands of man-hours combating the attacks from log file analysis, cooperating with payment processors to inform blacklists of the hacker’s IP and physical addresses, and customer service to the affected customers. The Avenue team initially tested a static Web Application Firewall (WAF) but determined it would not stop dynamic bot attacks effectively; those attacks often varied IP addresses and behaved in ways that WAFs are not designed to address.
Not only did PerimeterX Bot Defender block account takeover but we also found bots executing extensive web scraping, copying product descriptions and stealing photos, which we had not seen before.
Avenue wanted a solution that could detect malicious bots with a high rate
of accuracy and an exceptionally low rate of false positives. They also wanted a solution that was easy to deploy, scalable, and cost-effective with a Software- as-a-Service (SaaS) architecture. SaaS eliminates infrastructure downtime and maintenance commonly required for the operation of stand-alone solutions delivered via on-premises physical servers or virtual machines in the cloud. Lastly, and perhaps most importantly, Avenue wanted a solution with plug- and-play integration with Salesforce Commerce Cloud. After studying a
variety of solutions PerimeterX Bot Defender met all of the criteria.
Avenue and PerimeterX worked together to quickly integrate PerimeterX
Bot Defender with Avenue’s digital commerce store and web presence. “The PerimeterX team worked closely with our own system integrator and Salesforce Commerce Cloud to get us up and running quickly,” said Avenue CIO, Jim Giantomenico. “We were pleased with the responsiveness of PerimeterX and their effort to bring all parties together and implement a solution.”
“The day we turned on blocking, we had a 48-hour period of a very serious account takeover. PerimeterX blocked all malicious bot activity,” said Giantomenico. Not only did PerimeterX Bot Defender block ATO but it also found bots executing extensive web scraping, copying product descriptions and stealing photos, which we had not seen before.” Prior to the PerimeterX installation, Avenue had not been aware of the scraping, in particular that some of its content was showing up on sites of prominent online e-commerce stores.
Avenue has been so happy with PerimeterX Bot Defender that the company
is now considering using it for additional use cases, specifically monitoring for click-fraud activity and enforcement. “We are evaluating how bot activity could be associated with bad-acting third- party marketing partners, and using PerimeterX to keep them honest” said Giantomenico. By deploying PerimeterX, Avenue neutralized the bot threat, and, even better, future-proofed its infrastructure against subsequent and even more sophisticated bot attacks. Said Giantomenico, “PerimeterX blocks malicious bot attacks. Their accuracy is very good. We have been very happy with PerimeterX.”
PerimeterX did what it was supposed to do. We were not blind anymore.
Using machine learning and behavior-based analytics, PerimeterX solutions detect and block automated bot attacks and client-side threats with unparalleled accuracy. Your online business is protected while preserving user experience and page response times.
PerimeterX is cloud-based and platform-agnostic. Using machine learning, we constantly update our library of attack patterns based on interactions with applications, fingerprints from devices and network characteristics to protect against the next new threat.
To keep watch over your web and mobile applications and APIs, PerimeterX functions as an extension of your team and provides responsive, best-in-class service and around-the-clock security analyst oversight.