Satori Threat Intelligence Alert: Phish 'n' Ships scheme steals tens of millions from unsuspecting shoppers
Learn more
Case Study

Online Travel Agency Stops Account Takeover and Scraping Bot Attacks

HUMAN_Case-Study_ATO_Scraping_Online-Travel-Agency

Company

This online travel agency (OTA) provides travelers smart and easy ways to save on hotel rooms, airline tickets, rental cars, vacation packages and cruises. With access to more than 600,000 properties of all types, travelers can find accommodations with a best price guarantee as well as free cancellations and pay-at-arrival. The leading OTA has saved billions of dollars for travelers since its inception in the late 1990s.

- Infrastructure Lead, OTA

“The benefit of turning on HUMAN was enormous in many ways beyond bot traffic mitigation. The response time for some pages improved by up to 200ms — a more than 50% reduction in page load time. The number of bot-related production outages dropped to zero”
Human-Case Study-Exclamation Mark Icons@2x

Challenge

The OTA was experiencing a high volume of account takeovers (ATOs) and other malicious bot attacks that resulted in fraudulent bookings. These attacks added a heavy performance load on the website and damaged consumer trust. The costs associated with compromised user accounts and the negative impact on brand reputation were significant. 
 
In addition, bots were scraping the OTA’s website to capture product and pricing information. Unauthorized web scraping taxed their site infrastructure, hurt their look-to-book ratio, skewed website metrics, and increased their global distribution system (GDS) and third-party service fees. 
Human-Case Study-Shield checkmark icon@2x

Solution

The OTA implemented HUMAN Application Protection to solve their bad bot problem. The team wanted a bot solution that offered mitigation options for a breadth of bot attacks and that could integrate easily with its agile development process. 
  • Accurate bot protection: Application Protection uses behavioral analysis, machine learning and predictive methods to detect and mitigate scraping and ATO attacks in real time.
  • Preserved functionality of good bots: The leading OTA works with a large number of business partners that use automation, so being able to discover and whitelist the unknown good bot traffic was extremely important for the business.
  • Easy integration: Application Protection’s open architecture allowed it to integrate easily with the OTA’s existing infrastructure. This enabled fast deployment and quick results.
  • Low-latency: Application Protection is designed for low latency, which reduces the load on the OTA’s web infrastructure. This preserved website performance and Google page rankings. 
  • Always-available security expertise: HUMAN offers best-in-class service and security analyst insights via Slack, email or phone.

RESULTS

Application Protection identified that, on average, more than half of the OTA’s traffic came from unwanted bots. That number jumped to 95% of the traffic on login pages. As Application Protection mitigated the malicious bots, the OTA quickly saw the following results:

  • Improved website performance: The low latency architecture and reduction in bot traffic improved response time by up to 200ms — over 50% faster.  In addition, the number of bot-related production outages on the OTA’s website dropped to zero.
  • Reduction of business and infrastructure costs: The OTA saved significantly on GDS fees and other third-party costs due to a more than 12% reduction in API calls to these services. The CPU utilization on web servers also dropped by 25%, lowering infrastructure costs. 
  • Improved look-to-book ratio: Once Application Protection cleaned up the OTA’s web data, their look-to-book ratio was no longer skewed low due to scraping bots. The team gained confidence that A/B testing results were accurate, allowing them to make smarter decisions about pricing and promotions.
  • Strengthened consumer trust: The efficient blocking of ATO attacks provided a safer user experience and reduced calls to customer service. The improved site performance also made for a more frictionless buyer journey.

Connect with Us
to Learn More How HUMAN Can Mitigate Scraping Attacks for You

Related Resources

Locations
  • New York City
  • Miami
  • Dallas
  • Washington DC
  • Tel Aviv
  • London
  • Victoria
© 2024 Human