Case Study

Laybuy Protects Customers and Merchants from ATO and Client-side Threats



Laybuy is a leading buy now, pay later (BNPL) service operating in New Zealand, Australia, and the United Kingdom. Laybuy makes it easy for customers to buy from merchants in-store and online, and pay in six weekly, interest-free installments. As a responsible payment provider, Laybuy takes on the fraud risk for its merchant partners and ensures that customers can make purchases safely.

Justin Soong

Chief Technology Officer, Laybuy
“The protection that HUMAN provides gives us the confidence to explore new markets and expand our relationships with our business partners. We frequently mention that HUMAN is part of our tech stack because we have seen first-hand how effective it is in combating bots and keeping our customer data secure.”
Human-Case Study-Exclamation Mark Icons@2x


For Laybuy, payments are the heart of everything it does. The company needed to ensure that customer data was safe and transactions were secure, which meant protecting against account takeover (ATO) and digital skimming attacks. Laybuy was aware that these types of attacks could have severe consequences for its merchants and customers, as well as the reputation and revenue of the company itself.

Human-Case Study-Shield checkmark icon@2x


After evaluating multiple vendors in the market, Laybuy selected HUMAN Bot Defender and Code Defender to protect its business from automated attacks and client-side threats. Here’s why:
  • Accurate bot protection: Bot Defender uses machine-learning models and behavior-based predictive analytics to detect and mitigate ATOs and other sophisticated bot attacks. 
  • Client-side threat mitigation: Code Defender continuously monitors all client-side scripts for vulnerabilities and anomalous activity, which could lead to or indicate a digital skimming attack. The solution then mitigates the risk using content security policy (CSP) and granular JavaScript blocking. 
  • Integration into existing tech stack: Laybuy was specifically looking for a solution that would easily integrate with Cloudflare. HUMAN’s open architecture was able to support this, as well as other content delivery networks (CDNs), load balancers, web servers and application servers. 


Bot Defender and Code Defender allow Laybuy to protect its customers and merchants from ATO and digital skimming. With both products working together, Laybuy is able to address increasingly sophisticated threats in real time and ensure its customers and merchants are protected throughout the digital attack lifecycle.

Connect with Us
to Learn More How HUMAN Can Mitigate ATO Attacks and Client-side Threats for You

Related Resources