Leading Sporting Goods Retailer

Leading Sporting Goods Retailer Protects Against Carding Attacks with PerimeterX Bot Defender

Download Case Study


This leading sporting goods retailer is well-known for offering the best selection of sports equipment from top brands. In addition to its e-commerce business, the company operates 35 stores across the United States, serving more than 7.5 million customers annually.

The Problem

The company began noticing an increase in carding attacks, specifically on its e-gift card balance checking page. These types of carding attacks, known as gift card cracking, are increasingly common and difficult to detect. The bots themselves are designed to behave like humans, making them hard to distinguish. Security teams that block bots too aggressively or cannot detect the subtle behavioral differences will mistakenly block human customers. The company needed a solution that could differentiate between a sophisticated carding bot and a human, and one that could easily integrate into its existing tech stack.

“I have worked with PerimeterX in the past, so I was familiar with their products and how well they worked. When we needed a solution for the carding attacks, partnering with PerimeterX was a no-brainer.”

Information Security ManagerSporting Goods Retailer

The Solution

The retailer needed an immediate solution to gift card cracking that would be able to integrate with its Salesforce Commerce Cloud (SFCC) storefront. Members of the retailer’s e-commerce information security team had worked with PerimeterX Bot Defender in the past, with a similar use case and with SFCC. Because of their familiarity and previous success with Bot Defender, the security team opted to bypass the vendor selection and proof of concept process and move straight to implementation. The team highlighted the immediate benefits of using a product that could provide:

Protection against sophisticated carding attacks: Bot Defender collects hundreds of pieces of user activity data and device behavior to determine whether a user is a bot or not.

Easy integration: The cloud-native PerimeterX Platform integrates with industry-leading technologies to safeguard digital businesses using existing infrastructure.

Evolved Challenges: Bot Defender leverages PerimeterX Human Challenge, a user-friendly verification that is hard for bots to solve, yet easy for humans, improving customer experience on sites.

Bot Defender

The Result

Within hours, Bot Defender was integrated into the retailer’s tech stack. The company noted that while Bot Defender offers continuous protection, it is particularly effective during periods of high traffic.

Traffic over timeFigure 1: Requests blocked by Bot Defender during attempted carding attacks.

During a recent attack, when over half of its web traffic was malicious, Bot Defender detected and blocked over 397K malicious requests while allowing over 383K legitimate requests from customers to proceed without impact. There was also a noticeable improvement in web performance since unwanted bot traffic was being blocked at the edge.

Solve time percentile distributionFigure 2: Time spent on Human Challenge versus reCAPTCHA on verification pages.

Since switching from reCAPTCHA to PerimeterX Human Challenge, the company decreased the amount of time customers spend on verification pages from 66.09 seconds to 34.85 seconds. Removing unnecessary friction had a positive impact on customer satisfaction.

By implementing Bot Defender, the company improved its security posture without negatively impacting customer experience. The company was able to protect against gift card cracking while simultaneously improving its website performance.

Learn more about Bot Defender

“The partnership between PerimeterX and Salesforce made the implementation extremely easy; we were up and running that same day.”

Information Security ManagerSporting Goods Retailer

Secure Your Digital Business with PerimeterX

  • Accurate Threat Identification Icon
  • Accurate Threat Identification

  • Using machine learning and behavior-based analytics, PerimeterX solutions detect and block automated bot attacks and client-side threats with unparalleled accuracy. Your online business is protected while preserving user experience and page response times.

  • Fully Compatible Integration Icon
  • Fully Compatible Integration

  • PerimeterX is cloud-based and platform-agnostic. Using machine learning, we constantly update our library of attack patterns based on interactions with applications, fingerprints from devices and network characteristics to protect against the next new threat.

  • Frictionless Customer Experience Icon
  • Frictionless Customer Experience

  • To keep watch over your web and mobile applications and APIs, PerimeterX functions as an extension of your team and provides responsive, best-in-class service and around-the-clock security analyst oversight.

© PerimeterX, Inc. All rights reserved.