Global Fashion Retailer Bucks Bad Bot Trends with Netacea Bot Protection

Category: Web Scraping

Article Contents

    The Challenge

    The client is a global fashion brand operating in more than 250 stores worldwide, with eCommerce sites serving the UK, Europe, North America and Asia.

    Customer experience is paramount to the brand, driving its recent digital transformation. Ensuring customers are protected against malicious activity online is part of the business’ strategy to deliver the best service possible across its eCommerce sites globally.

    The organization already had rudimentary bot protection bundled in with another service, but the alarming rise in sophisticated scraping, credential stuffing and carding attacks highlighted the need for a more advanced bot management solution and more specialized support for this issue.

    Scraping Attacks Risk Outages at Critical Moments

    The eCommerce site was being heavily targeted by scrapers, acting at scale to collect content and pricing information from across the website. Scraping is the first stage of many potential attack types, including undercutting prices automatically, intellectual property theft, scalping, or even creating a fake website to trick customers and commit fraud.

    Aside from these possible attacks, scraping generates a huge number of requests that can be falsely attributed by analytics platforms as genuine traffic, harming business strategy. It also costs money to serve these requests, and there is a risk of slowing the website down or causing outages at critical moments.

    Carding Attacks Targeting the Retailer and their Payment Partners

    As a prominent online retailer, the business was also concerned about carding (or card cracking), which can generate thousands of requests per second as criminals attempt to validate stolen credit card details. Validated card details may be used to buy higher value goods elsewhere or sold on dark web forums, which is damaging to the card’s genuine owner and the business exploited to validate the card, leading to chargebacks, inflated payment processing costs, and tarnished reputation.

    The Solution

    Previously, the organization blocked bots by modifying rules and policies in a reactionary, manual process that spilled out of office hours. With bots quickly bypassing these efforts, the business needed a more proactive and intelligent solution.

    Netacea’s Intent Analytics® engine goes beyond static rules, instead continually assessing and reassessing visitors with advanced machine learning algorithms in real time to pinpoint known malicious behavior, or flag and cluster together unexpected or anomalous patterns. Combined with analysis from bot experts, Netacea’s bot detection service delivers an industry-leading false positive rate of 0.001%.

    The organization was quickly able to deploy Netacea Bot Management into its Cloudflare CDN using pre-built Cloudflare Workers and move away from constantly tweaking rules and policies to keep pace with rapidly evolving threats.

    How Netacea integrates with Cloudflare Workers

    The Outcome

    After working closely with the client to understand its regular and expected traffic and fine-tuning our machine learning models to their use case, Netacea identified aggressive scraping and carding activity on the client’s site with a high level of accuracy and confidence.

    Example Attack Overview

    • More than 700,000 requests across two attacks
    • Bot traffic distributed across 150 countries and 1,000 datacenters
    • Offenders hidden amongst normal traffic between attacks

    Upon initial investigation, attacks appeared sophisticated. Bots were highly distributed across countries and datacenters, but also disguised their behavior as human; although every attack IP eventually made a request to a specific API endpoint as their final attack goal, they also undertook various other unrelated actions to throw defenses off their scent, such as adding gift cards to their basket, viewing newsletters, and even maintaining a presence on the site at low levels between high volume attacks to look like regular customers.

    With this traffic identified and its behavior analyzed, Netacea was able to spot future attacks and prevent them from impacting the business.

    The business is now supported by Netacea’s bot experts, who are on hand at any time to provide insights into increasingly complex attacks and engineer new solutions to address emerging threats.

    Block Bots Effortlessly with Netacea

    Book a demo and see how Netacea autonomously prevents sophisticated automated attacks.

    Related Case Studies

    US American Football cover art photo
    Case Study

    “The Big Game” Streamed Seamlessly to Millions Thanks to Netacea

    Netacea protected a major streaming service from outages during a major livestreaming event, mitigating huge credential stuffing attacks.
    Case Study

    Netacea Keeps an Online Pharmacy Safe from Scraping Attacks

    Aggressive scalper bots were threatening the availability of a major online pharmacy at peak times. Find out how Netacea protects them against malicious automation.
    Case Study

    Netacea Detects 11x More Bots Than Previous Bot Solution for Luxury Shoe Retailer

    Learn how Netacea helped a retailer of luxury shoe brands spot 11 times more bad bots than their previous solution, resulting in a 73% reduction in web traffic.

    Block Bots Effortlessly with Netacea

    Demo Netacea and see how our bot protection software autonomously prevents the most sophisticated and dynamic automated attacks across websites, apps and APIs.
    • Agentless, self managing spots up to 33x more threats
    • Automated, trusted defensive AI. Real-time detection and response
    • Invisible to attackers. Operates at the edge, deters persistent threats
    Book a Demo