Satori Threat Intelligence Alert: Phish 'n' Ships scheme steals tens of millions from unsuspecting shoppers
Learn more
Case Study

Sally Beauty Protects Against Carding and Magecart Attacks

HUMAN_Case-Study_Sally-Beauty_Transaction-Abuse_Thumbnail

Company

Sally Beauty is the U.S. and Canadian brand of Sally Beauty Holdings, Inc., a global distributor and specialty retailer of professional beauty products. Both retail consumers and salon professionals alike frequent its 5000+ stores worldwide and e-commerce site, sallybeauty.com.  

Sr. Manager, Security Architecture and Engineering

Sally Beauty
“In just one hour of one day, if we had not had Application Protection in place, we would have seen about 34,000 hits on our backend payment processor. That’s about $3,100 (in fees) in just an hour."
Human-Case Study-Exclamation Mark Icons@2x

Challenge

Sally Beauty noticed significant spikes in card-not-present (CNP) fraud, which came from malicious bots. This cost them thousands of dollars per hour in fees for card pre-authorization, address verification and payment gateway services. Sally Beauty had a web application firewall (WAF), but its rule-based approach wasn't enough. 

In addition, Sally Beauty was concerned about the growing risk of digital skimming and Magecart attacks. They understood that weaknesses in first- and third-party scripts put them at risk, and manually monitoring script behavior consumed too many resources.

Human-Case Study-Shield checkmark icon@2x

Solution

Sally Beauty implemented HUMAN Application Protection to combat carding bots and Magecart threats.
  • No infrastructure changes: Application Protection fit seamlessly into the Salesforce Commerce Cloud platform used by Sally Beauty to combat sophisticated carding bots. The ability to implement Application Protection without coordinating efforts between application owners and infrastructure providers was a huge plus for the team.
  • Accurate detection: Application Protection uses behavioral analysis, intelligent fingerprinting, and 400+ machine learning algorithms to detect and mitigate malicious bots.
  • Comprehensive coverage: Application Protection provided a comprehensive solution for bot attacks and addressed the growing concern of Magecart attacks. 

RESULTS

Application Protection safeguards Sally Beauty from automated attacks and client-side threats.

  • Reduced digital CNP fraud costs: Application Protection reduced CNP fraud costs by 97%. By contrast, carding attacks previously cost Sally Beauty over $3,100 per hour in fees alone.
  • Ongoing bot protection without additional overhead: Sally Beauty was able to to stay on top of automated threats, as well as separate malicious bot traffic from good bot traffic.
  • Reduced risk of digital skimming attacks: Application Protection saved Sally Beauty significant resources by automatically detecting and proactively mitigating potential Magecart threats. 

 

Connect with Us
to Learn More How HUMAN Can Mitigate Magecart and Digital Skimming Attacks for You

Related Resources

Locations
  • New York City
  • Miami
  • Dallas
  • Washington DC
  • Tel Aviv
  • London
  • Victoria
© 2024 Human