Laybuy Protects Customers and Merchants from ATO and Client-side Threats with PerimeterX

Download Case Study


Laybuy is a leading buy now, pay later (BNPL) service operating in New Zealand, Australia and the United Kingdom. Laybuy makes it easy for customers to buy from merchants in-store and online, and pay in six weekly, interest-free installments. As a responsible payment provider, Laybuy takes on the fraud risk for its merchant partners while ensuring purchases are as seamless and as safe as possible for its customers.


As a business with payment at the heart of everything it does, Laybuy needed to ensure that customer data was safe and transactions were secure. Protection from malicious bot activity and client-side threats was a priority for the company’s Chief Technology Officer. Part of the company’s responsibility was to maintain a secure platform payment for its consumers and merchants by proactively preventing account takeover (ATO) and digital skimming attempts.

ATO is an attack in which cybercriminals take unauthorized ownership of online accounts using stolen usernames and passwords. Digital skimming, sometimes known as Magecart, occurs when attackers insert malicious code in first-, third- and Nth-party scripts to modify page elements. The injected code is used to steal personally identifiable information (PII) from users who share credit card numbers or other valuable data on a web form. Laybuy was aware that these types of attacks could affect its merchants and consumers, as well as its day-to-day operations which made it all the more important to select a best-in-class security platform.

Learn more about Account Takeover

The protection that PerimeterX provides gives us the confidence to explore new markets and expand our relationships with our business partners. We frequently mention that PerimeterX is part of our tech stack because we have seen first-hand how effective it is in combating bots and keeping our customer data secure.

Justin SoongCTO, Laybuy


Laybuy needed a solution that could accurately detect sophisticated bots, monitor client-side scripts and easily integrate into its modern tech stack. After evaluating multiple vendors, Laybuy selected the PerimeterX platform, including PerimeterX Bot Defender and PerimeterX Code Defender, because of its reputation for protecting some of the largest and most respected brands in retail e-commerce and financial services.

Accuracy of bot detection: Bot Defender uses machine-learning models and behavior-based predictive analytics to detect modern ATO attacks and combat the growing sophistication of bot attacks.

Continuous monitoring of client-side scripts: Code Defender continuously monitors all client-side scripts, looking for anomalous activity such as changes in behavior, communication with new network domains or modifications to the document object model (DOM) which could leave the website open to compromise and result in theft of personal data.

Integration into modern tech stacks: Laybuy was specifically looking for a vendor that would be able to integrate with Cloudflare while providing superior bot protection. With over forty pre-built integrations, the PerimeterX platform supports a wide range of content delivery networks (CDNs), load balancers, web and application servers.

Bot Defender


Laybuy was able to fully integrate the PerimeterX Platform into its modern tech stack. By using Bot Defender, Laybuy is able to quickly detect and block malicious behavior on its website and mobile app before it reaches its consumers or merchants. Code Defender provides visibility into and control over third-party code to protect consumers from client-side threats. With both products working together, Laybuy is able to address the growing global threat of cyberattacks and ensure its customers and merchants stay safe.

To learn more about Laybuy, head to:

Learn more about Bot Defender

We were looking to rapidly scale and mature our team to match the acceleration of our business. We needed to quickly build an in-house security team and move into the cloud. PerimeterX supported a modern technology stack and was very easy to test and use to gain insights.

Justin SoongCTO, Laybuy

Secure Your Digital Business with PerimeterX

  • Accurate Threat Identification Icon
  • Accurate Threat Identification

  • Using machine learning and behavior-based analytics, PerimeterX solutions detect and block automated bot attacks and client-side threats with unparalleled accuracy. Your online business is protected while preserving user experience and page response times.

  • Fully Compatible Integration Icon
  • Fully Compatible Integration

  • PerimeterX is cloud-based and platform-agnostic. Using machine learning, we constantly update our library of attack patterns based on interactions with applications, fingerprints from devices and network characteristics to protect against the next new threat.

  • Frictionless Customer Experience Icon
  • Frictionless Customer Experience

  • To keep watch over your web and mobile applications and APIs, PerimeterX functions as an extension of your team and provides responsive, best-in-class service and around-the-clock security analyst oversight.

© PerimeterX, Inc. All rights reserved.