Leading Fashion Retailer

Blocks ATO and Scraping with PerimeterX Bot Defender

Download Case Study

Company

Founded over 30 years ago, this retailer is a leader in the fashion industry for size-inclusive clothing. The company’s e-commerce website offers in-season fashions to millions of customers each year.

Problem

In the spring of 2017, the retailer’s customers began noticing fraudulent orders for merchandise placed on their accounts. Customers complained to their credit card companies who, in turn, notified the retailer that something was amiss. The retailer’s information security and fraud prevention teams investigated the issue and discovered that a ring of attackers had used bots to target its e-commerce site with account takeover (ATO) attacks.

Over the course of three months, the retailer’s fraud prevention team spent thousands of man-hours combating the attacks from log file analysis, cooperating with payment processors to inform blacklists of the hacker’s IP and physical addresses, and customer service to the affected customers. The team initially tested a static Web Application Firewall (WAF) but determined it would not stop dynamic bot attacks effectively; those attacks often varied IP addresses and behaved in ways that WAFs are not designed to address.

Learn more about Account Takeover

Not only did PerimeterX Bot Defender block account takeover but we also found bots executing extensive web scraping, copying product descriptions and stealing photos, which we had not seen before.

CIOLeading Fashion E-commerce Retailer

SFCC - Storefront Reference Architecture Certified
PerimeterX products directly integrate into your Salesforce Commerce Cloud store using certified Cartridges, your digital storefront is protected from login to check out, stopping unwanted bot traffic and client-side attacks.

Solution

The retailer wanted a solution that could detect malicious bots with a high rate of accuracy and an exceptionally low rate of false positives. It also wanted a solution that was easy to deploy, scalable, and cost-effective with a Software- as-a-Service (SaaS) architecture. SaaS eliminates infrastructure downtime and maintenance commonly required for the operation of stand-alone solutions delivered via on-premises physical servers or virtual machines in the cloud. Lastly, and perhaps most importantly, the retailer wanted a solution with plug- and-play integration with Salesforce Commerce Cloud. After studying a variety of solutions PerimeterX Bot Defender met all of the criteria.

Bot Defender

Result

PerimeterX worked with the e-commerce retailer to quickly integrate PerimeterX Bot Defender with its digital commerce store and web presence. The CIO noted, “The PerimeterX team worked closely with our own system integrator and Salesforce Commerce Cloud to get us up and running quickly. We were pleased with the responsiveness of PerimeterX and their effort to bring all parties together and implement a solution.”

The CIO also noted, “The day we turned on blocking, we had a 48-hour period of a very serious account takeover. PerimeterX blocked all malicious bot activity. Not only did PerimeterX Bot Defender block ATO but it also found bots executing extensive web scraping, copying product descriptions and stealing photos, which we had not seen before.” Prior to the PerimeterX installation, the retailer had not been aware of the scraping, in particular that some of its content was showing up on sites of prominent online e-commerce stores.

The e-commerce retailer has been so happy with PerimeterX Bot Defender that the company is now considering using it for additional use cases, specifically monitoring for click-fraud activity and enforcement. The CIO added, “We are evaluating how bot activity could be associated with bad-acting third- party marketing partners, and using PerimeterX to keep them honest.” By deploying PerimeterX, the retailer neutralized the bot threat, and, even better, future-proofed its infrastructure against subsequent and even more sophisticated bot attacks.

Learn more about Bot Defender

PerimeterX blocks malicious bot attacks. Their accuracy is very good. We have been very happy with PerimeterX.

CIOLeading Fashion E-commerce Retailer

  • Accurate Threat Identification Icon
  • Accurate Threat Identification

  • Using machine learning and behavior-based analytics, PerimeterX solutions detect and block automated bot attacks and client-side threats with unparalleled accuracy. Your online business is protected while preserving user experience and page response times.

  • Fully Compatible Integration Icon
  • Fully Compatible Integration

  • PerimeterX is cloud-based and platform-agnostic. Using machine learning, we constantly update our library of attack patterns based on interactions with applications, fingerprints from devices and network characteristics to protect against the next new threat.

  • Frictionless Customer Experience Icon
  • Frictionless Customer Experience

  • To keep watch over your web and mobile applications and APIs, PerimeterX functions as an extension of your team and provides responsive, best-in-class service and around-the-clock security analyst oversight.

© PerimeterX, Inc. All rights reserved.