Protects Small Businesses from Account Takeover Attacks with PerimeterX

Download Case Study


Wave is an award-winning financial management software company that provides solutions that empower small business owners to simplify their finances. Founded in 2010, over 500,000 customers around the world use Wave as their primary financial management solution.


Wave offers online bookkeeping, payment processing, payroll, accounting and invoicing services for small businesses. These solutions allow the company’s more than 500,000 customers to easily manage their business’s finances online. Due to the sensitive nature of the customer data they process, Wave anticipated a high volume of account takeover (ATO) attacks. ATO is an attack in which cybercriminals take unauthorized ownership of online accounts using stolen usernames and passwords. In these attacks, also called credential stuffing attacks, hackers use bots to try millions of username and password combinations from previous data breaches, to gain fraudulent access to user accounts. Attackers will also create fake accounts in order to gain entry into the company’s services to perform fraudulent transactions. Despite having implemented a bot management solution, Wave recognized behavior in their web traffic that indicated ATO attempts, primarily credential stuffing and fake account creation. Wave needed a new solution that could identify these attacks to protect its customer’s data and preserve its brand reputation.

Learn more about Account Takeover

The portal itself and the metrics are absolutely beautiful. During our weekly security review we can dive into the metrics in the dashboard to understand and investigate where attacks are coming from. We really appreciate the customization and granularity of data the portal offers.

Matt MontreuilInformation Security Officer


Wave needed a bot management solution that could prevent ATO attacks without introducing website latency or impacting their customer experience. They also needed a solution with strong analytics capabilities to get insights from attacks. PerimeterX Bot Defender addressed the key requirements for the company to change their solution for combating bots.

Prevent fake account creation: Bot Defender detects fake account creation attempts in real-time, automatically blocking bots from registering, while performing automated analysis for continuously updated protection.

Eliminate account takeover: With its sophisticated machine learning, Bot Defender detects malicious behavior on websites in real-time, stopping the most advanced account takeover attacks.

Improved reporting: Bot Defender offers rich analytics through the Bot Defender Portal, which includes customizable dashboards that provide Wave with actionable insights that helps them to investigate incidents faster and more effectively.

Bot Defender


In the first two weeks of using Bot Defender, 6.6 million page views were protected and 912,000 malicious page views were blocked. Bot Defender was able to protect Wave’s online accounts from unauthorized access and stop account takeover attempts before they caused damage. Because of the intuitive design of the Bot Defender Portal, Wave was able to easily gain insights from the dashboard to use during weekly security reviews. The company also decreased the amount of time its security team spent each week to investigate attacks that were not detected by their previous bot management solution. By addressing these key requirements the company was able to protect customer accounts and preserve their brand reputation.

Learn more about Bot Defender

Before using Bot Defender, we had to manually respond to high levels of bot traffic that was not being caught by our previous solution. After implementing Bot Defender, we were very excited to see immediate results. The product worked very well, and we had the metrics to prove it. In the first two weeks of using PerimeterX Bot Defender 6.6 million page views were protected and 912,000 malicious page views were blocked.

Matt MontreuilInformation Security Officer

Secure Your Digital Business with PerimeterX

  • Accurate Threat Identification Icon
  • Accurate Threat Identification

  • Using machine learning and behavior-based analytics, PerimeterX solutions detect and block automated bot attacks and client-side threats with unparalleled accuracy. Your online business is protected while preserving user experience and page response times.

  • Fully Compatible Integration Icon
  • Fully Compatible Integration

  • PerimeterX is cloud-based and platform-agnostic. Using machine learning, we constantly update our library of attack patterns based on interactions with applications, fingerprints from devices and network characteristics to protect against the next new threat.

  • Frictionless Customer Experience Icon
  • Frictionless Customer Experience

  • To keep watch over your web and mobile applications and APIs, PerimeterX functions as an extension of your team and provides responsive, best-in-class service and around-the-clock security analyst oversight.

© PerimeterX, Inc. All rights reserved.