Sally Beauty is the U.S. and Canadian brand of Sally Beauty Holdings, Inc., a global distributor and specialty retailer offering professional beauty products to both retail consumers and salon professionals with 5000+ stores worldwide. Sallybeauty.com is the e-commerce business for the Sally Beauty brand.
Sally Beauty conducts a significant portion of its business online on its website Sallybeauty.com and processes tens of thousands of credit cards each day. It strives to maintain a safe user experience for its customers and to ensure data privacy while conducting online payment transactions. To achieve this, it was manually monitoring all third-party scripts on its website to track script behavior, detect vulnerabilities and achieve compliance. This required a dedicated person on their infosec team to ensure the integrity of their payment pages and processes.
Magecart attacks were top of mind for Sally Beauty’s executive management, given the high profile attacks on several other online brands that led to customers’ credit card numbers being stolen from their websites. It wanted to ensure skimming attacks do not happen on Sallybeauty.com and that its customers’ personal data remained protected. At the same time, the security team could not hamper the pace of revenue-generating innovation by imposing restrictions on the use of third-party scripts and libraries.
Sally Beauty was also feeling the impact of stolen credit card numbers in the form of fraudulent carding attacks that led to a spike in their payment gateway fees. To mitigate this threat, it had deployed the PerimeterX Bot Defender solution via a Salesforce Commerce Cloud (SFCC) cartridge.
We were looking for a solution that could provide us visibility into the client-side scripts. Code Defender was easy to deploy leveraging the same sensor and Salesforce Commerce Cloud cartridge as Bot Defender.
Sally Beauty evaluated multiple alternatives to improve upon the manual process of auditing all first- and third-party scripts on its website. While the team could perform static audits and monitor the server side, they did not have the same visibility into the client side scripts. Sally Beauty uses SFCC and wanted a solution that could integrate easily in the form of an SFCC cartridge. They already had a WAF solution to protect the server side, and had not deployed any content security policies (CSPs) due to the complexity of managing CSPs.
Code Defender also uses the same PerimeterX Portal as Bot Defender which was already familiar to its security operations teams. Following a short tuning process, Sally Beauty was able to gain visibility into the client side of its web applications using the easy to use Portal. The security team discovered behavioral anomalies and changes to the website scripts with minimal manual effort. They were able to work with their e-commerce teams to analyze anomalous script activities and mitigate risks to their business without hampering innovation.
By protecting their customer data against digital skimming and Magecart threats, Sally Beauty was able to increase customer confidence, protect its brand reputation and remain compliant with data privacy regulations.
We wanted to find the anomalies and changes in our client-side scripts. The Code Defender behavioral analysis solution greatly simplifies this process. Combined with the threat intelligence on the back end, it helps us identify the known risks to our website, and enables us to work with our partners in e-commerce to mitigate those risks.
Using machine learning and behavior-based analytics, PerimeterX solutions detect and block automated bot attacks and client-side threats with unparalleled accuracy.
The PerimeterX Platform is cloud-native and can be deployed anywhere. It is compatible with your existing cloud services and content delivery network infrastructure.
With solutions from PerimeterX, your digital headquarters is constantly monitored and your pricing and inventory data remains uncompromised and available to real customers.