FanDuel blocks credential stuffing and ATO with PerimeterX

FanDuel blocks credential stuffing and ATO with PerimeterX

Download Case Study


FanDuel Group is an innovative sports-tech entertainment company that is changing the way consumers engage with their favorite sports, teams and leagues. FanDuel Group’s portfolio includes products for sports betting, casino, daily fantasy sports and horse racing. The premier gaming destination in the United States, the company has over 12 million customers and a sports betting presence in 50 states.


FanDuel experienced unprecedented growth in 2018 due to a United States Supreme Court ruling that allowed wagers on professional sporting events in the US. However, as FanDuel’s popularity and product portfolio grew with this change in legislation, it became a large target for account takeover (ATO) attacks. The company was experiencing up to 10 million malicious login attempts per day. FanDuel originally explored a homegrown bot management solution but ultimately pivoted to consider vendor offerings instead.

Given the high volume of malicious traffic and the sums of money held in customer accounts, FanDuel began searching for an automated solution that would better protect its customers. The company needed a solution that would not adversely impact performance and which integrated easily into its existing tech stack, including Amazon Web Services (AWS) CloudFront. FanDuel also required a solution that would prevent bots from using stolen credentials and that had an aggressive product roadmap to keep up with increasingly sophisticated and distributed bot attacks.

It’s an enormous benefit for us to defend against malicious authentication requests. We derive terrific value from Bot Defender and it continues to be our primary layer seven security control in our defense against bad actors.

Alan MurraySenior Director, Architecture at FanDuel


After evaluating multiple products against its homegrown solution, FanDuel selected PerimeterX Bot Defender because of its ability to protect against the volume of attacks its platform had to endure. During the evaluation, the 10 million malicious login requests they received during a 24-hour period were reduced by over 60%. FanDuel was impressed with these preliminary results and was confident the solution would prove to be even more effective once it had been tuned to recognize its specific customer traffic.

In addition, Bot Defender delivered the following benefits that allowed FanDuel to keep its customers’ data safe without sacrificing their online experience:

  • FanDuel could augment Bot Defender code and leverage the PerimeterX concept of custom parameters to store specific data points. This was very useful and a key differentiator for FanDuel.
  • Seamless integration with AWS CloudFront allowed FanDuel to integrate Bot Defender via an edge Lambda function, ensuring very low latency.
  • PerimeterX Credential Intelligence, a cloud-native web app security solution that flags and stops the use of compromised credentials on websites and mobile apps in real-time, provided additional protection against sophisticated attacks.

Bot Defender also offered accurate bot protection based on behavioral analytics, advanced machine learning techniques, predictive models and security research to block a wide range of automated attacks. It preserved page load performance and optimized the use of FanDuel’s internal security resources and its infrastructure costs.

Bot Defender


FanDuel saw immediate results. After tuning, Bot Defender turned away 99.9% of malicious inbound traffic, blocking bad requests at scale and delivering astounding results. Bot Defender was routinely blocking over 3,000 bad login attempts per second, even after these requests had already made it through various standard security controls, such as web application firewalls (WAFs).

The added protection of Credential Intelligence gave FanDuel an early-warning and mitigation system for stolen credentials. Getting a real-time indicator of when a customer’s credentials are known to be breached was an incredibly valuable capability for the company. When compromised credentials are presented at login, the FanDuel customer’s account is immediately locked, requiring a password reset. By utilizing Credential Intelligence, FanDuel was able to shift the economic viability of credential stuffing attacks on its site, thus deterring future attempts. This provided a meaningful improvement to FanDuel’s fraud posture.

FanDuel was very pleased with PerimeterX across many dimensions, noting the following:

  • The product line and bot mitigation solutions are continuously evolving to keep up with new technologies and threats from bad actors.
  • The customer success manager was always responsive.
  • As a technology-driven company, PerimeterX engineers were readily available via Slack to answer questions and address problems.

FanDuel continues to grow and as they do, more bad actors are attracted to its platform. PerimeterX bot mitigation solutions have helped keep FanDuel’s customers’ data safe and protected FanDuel’s reputation and bottom line.

Learn more about Bot Defender

We seamlessly integrated Bot Defender at our platform edge AWS CloudFront to ensure maximum protection against automated bot attacks but also to minimize latency. By using AWS CloudFront in conjunction with an edge Lambda function, it was simple to integrate and leverage Credential Intelligence.

Alan MurraySenior Director, Architecture at FanDuel

FanDuel Video Case Study

Secure Your Digital Business with PerimeterX

  • Accurate Threat Identification Icon
  • Accurate Threat Identification

  • Using machine learning and behavior-based analytics, PerimeterX solutions detect and block automated bot attacks and client-side threats with unparalleled accuracy. Your online business is protected while preserving user experience and page response times.

  • Fully Compatible Integration Icon
  • Fully Compatible Integration

  • PerimeterX is cloud-based and platform-agnostic. Using machine learning, we constantly update our library of attack patterns based on interactions with applications, fingerprints from devices and network characteristics to protect against the next new threat.

  • Frictionless Customer Experience Icon
  • Frictionless Customer Experience

  • To keep watch over your web and mobile applications and APIs, PerimeterX functions as an extension of your team and provides responsive, best-in-class service and around-the-clock security analyst oversight.

© PerimeterX, Inc. All rights reserved.