Founded over 30 years ago, this retailer is a leader in the fashion industry for size-inclusive clothing. The company’s e-commerce website offers in-season fashions to millions of customers each year.
In the spring of 2017, the retailer’s customers began noticing fraudulent orders for merchandise placed on their accounts. Customers complained to their credit card companies who, in turn, notified the retailer that something was amiss. The retailer’s information security and fraud prevention teams investigated the issue and discovered that a ring of attackers had used bots to target its e-commerce site with account takeover (ATO) attacks.
Over the course of three months, the retailer’s fraud prevention team spent thousands of man-hours combating the attacks from log file analysis, cooperating with payment processors to inform blacklists of the hacker’s IP and physical addresses, and customer service to the affected customers. The team initially tested a static Web Application Firewall (WAF) but determined it would not stop dynamic bot attacks effectively; those attacks often varied IP addresses and behaved in ways that WAFs are not designed to address.
Not only did PerimeterX Bot Defender block account takeover but we also found bots executing extensive web scraping, copying product descriptions and stealing photos, which we had not seen before.
The retailer wanted a solution that could detect malicious bots with a high rate of accuracy and an exceptionally low rate of false positives. It also wanted a solution that was easy to deploy, scalable, and cost-effective with a Software- as-a-Service (SaaS) architecture. SaaS eliminates infrastructure downtime and maintenance commonly required for the operation of stand-alone solutions delivered via on-premises physical servers or virtual machines in the cloud. Lastly, and perhaps most importantly, the retailer wanted a solution with plug- and-play integration with Salesforce Commerce Cloud. After studying a variety of solutions PerimeterX Bot Defender met all of the criteria.
PerimeterX worked with the e-commerce retailer to quickly integrate PerimeterX Bot Defender with its digital commerce store and web presence. The CIO noted, “The PerimeterX team worked closely with our own system integrator and Salesforce Commerce Cloud to get us up and running quickly. We were pleased with the responsiveness of PerimeterX and their effort to bring all parties together and implement a solution.”
The CIO also noted, “The day we turned on blocking, we had a 48-hour period of a very serious account takeover. PerimeterX blocked all malicious bot activity. Not only did PerimeterX Bot Defender block ATO but it also found bots executing extensive web scraping, copying product descriptions and stealing photos, which we had not seen before.” Prior to the PerimeterX installation, the retailer had not been aware of the scraping, in particular that some of its content was showing up on sites of prominent online e-commerce stores.
The e-commerce retailer has been so happy with PerimeterX Bot Defender that the company is now considering using it for additional use cases, specifically monitoring for click-fraud activity and enforcement. The CIO added, “We are evaluating how bot activity could be associated with bad-acting third- party marketing partners, and using PerimeterX to keep them honest.” By deploying PerimeterX, the retailer neutralized the bot threat, and, even better, future-proofed its infrastructure against subsequent and even more sophisticated bot attacks.
PerimeterX blocks malicious bot attacks. Their accuracy is very good. We have been very happy with PerimeterX.
Using machine learning and behavior-based analytics, PerimeterX solutions detect and block automated bot attacks and client-side threats with unparalleled accuracy. Your online business is protected while preserving user experience and page response times.
PerimeterX is cloud-based and platform-agnostic. Using machine learning, we constantly update our library of attack patterns based on interactions with applications, fingerprints from devices and network characteristics to protect against the next new threat.
To keep watch over your web and mobile applications and APIs, PerimeterX functions as an extension of your team and provides responsive, best-in-class service and around-the-clock security analyst oversight.