Online Travel Agency Leverages PerimeterX

Stops Account Takeover and Scraping Bot Attacks

Download Case Study


This OTA is a leader in online travel deals, providing travelers smart and easy ways to save on hotel rooms, airline tickets, rental cars, vacation packages and cruises. With access to over 600,000 properties of all types, travelers can find accommodations with the best price guarantee as well as free cancellations and pay-at-arrival. The leading OTA has saved billions of dollars for travelers since its inception in the late 1990s.


Travelers search for the best deals on flights, hotels and vacation packages, which makes price and inventory information the most important asset for Online Travel Agencies (OTAs). As the online travel market gets more competitive, the players in this market continue to invest in the battle against the competition.

Millions of users expect the leading OTA to provide search results quickly across its website and mobile application. In addition, travelers expect the leading OTA to safeguard their personal data. However, bot attacks like account (ATO) attacks resulted in fraudulent bookings and loss of user confidence. These attacks also added a heavy performance load on the website. The costs associated with compromised user accounts and the negative impact on brand reputation was significant. Unauthorized web scraping increased the stress on the web infrastructure, while increasing the global distribution system (GDS) and third-party service fees. Ultimately, the bot attacks were hurting the look-to-book ratio, slowing the website and skewing site analytics.

Learn more about Account Takeover

I'm surprised bot mitigation isn't a staple for every company. The number of bot-related production outages dropped to zero allowing us to focus on the business.

Infrastructure leadOTA


The company’s web team chose PerimeterX Bot Defender for its bot management solution. The team wanted a bot solution that offered mitigation options for a breadth of bot attacks and that could integrate easily with its agile development process. Low-latency bot management was a pre-requisite for the team given the business focus on Google page rankings and performance expectations from its customers.

Bot Defender is a powerful, cloud-based and infrastructure-agnostic bot management solution for detecting and mitigating bots. The solution employs behavior-based analytics to detect anomalies and prevent sophisticated bot attacks.

The OTA team leveraged these Bot Defender features and capabilities:

Accurate bot protection: Bot Defender protection on the product and pricing pages enabled real-time mitigation from scraping and ATO attacks.

Advanced bot management capabilities: The leading OTA works with a large number of business partners that also use automation, so being able to discover and whitelist the unknown good bot traffic was extremely important for the business.

Low-latency open architecture: Bot Defender easily integrated with the leading OTA’s web architecture, allowing effective preventive mitigation of unwanted bots. In addition to improving the user experience by reducing the load on the web infrastructure, the Bot Defender low-latency architecture preserved the OTA’s Google page rankings.

Always-available security expertise: PerimeterX offers best-in-class service and responsiveness, fast deployment and 24/7/365 security analyst insight.

With the support of the PerimeterX team and the ease of integration — the deployment was fast, and results were realized immediately.

Bot Defender


After the online travel agency deployed Bot Defender, they realized that on average, over 50% of their traffic came from unwanted bots, with up to 95% of the traffic on login pages attributed to bot traffic. Mitigating bot traffic enabled the business to improve several important metrics in a very short time:

Significant improvement in user experience: By not serving the unwanted traffic, and with Bot Defender minimal latency, the response time reduced by up to 200ms — a reduction of over 50%. The efficient blocking of account takeover (ATO) attacks also provided for a safer user experience.

Reduction of business and infrastructure costs: By not serving unwanted bots, the leading OTA saved significantly on global distribution system (GDS) fees, booking engine and other third-party costs — with a reduction of over 12% in the API calls to these services. The CPU utilization on web servers also dropped by 25%, improving infrastructure costs. The number of bot-related production outages dropped to zero!

Significant improvement in look-to-book ratio: By cleaning up the web analytics data and providing accurate insights, the internal business success metrics tracking conversions went up:

  • The A/B testing became much more accurate and now the results could be trusted.
  • Enriching the internal data with data provided by Bot Defender enabled the pricing team to make smarter decisions about pricing and promotions.


Learn more about Bot Defender

I’m surprised bot mitigation isn’t a staple for every company. The number of bot-related production outages dropped to zero allowing us to focus on the business. The benefit of turning on PerimeterX was enormous in many ways beyond bot traffic mitigation. The response time for some pages improved by up to 200ms—a reduction of over 50%.

Infrastructure leadOTA

Secure Your Digital Business with PerimeterX

  • Accurate Threat Identification Icon
  • Accurate Threat Identification

  • Using machine learning and behavior-based analytics, PerimeterX solutions detect and block automated bot attacks and client-side threats with unparalleled accuracy. Your online business is protected while preserving user experience and page response times.

  • Fully Compatible Integration Icon
  • Fully Compatible Integration

  • PerimeterX is cloud-based and platform-agnostic. Using machine learning, we constantly update our library of attack patterns based on interactions with applications, fingerprints from devices and network characteristics to protect against the next new threat.

  • Frictionless Customer Experience Icon
  • Frictionless Customer Experience

  • To keep watch over your web and mobile applications and APIs, PerimeterX functions as an extension of your team and provides responsive, best-in-class service and around-the-clock security analyst oversight.

© PerimeterX, Inc. All rights reserved.