Case Study

Online Learning Company Protects Against Carding and Digital Skimming



This online learning company is a leading education technology innovator, creating engaging and effective learning resources to help children build a strong foundation for academic success. Its flagship product in the United States is a comprehensive curriculum for preschool through second grade, available on all major digital platforms and used by tens of millions of children.

- Director of Information Security

Online Learning Company

“The business case for HUMAN made itself. I'm saving my team almost a hundred hours a month going through logs. We’re saving a ton of money from carding attacks and chargebacks.

We can manage where our data is going and what is being collected, which helps us maintain CCPA and GDPR compliance. Once people see the efficacy and value, there is no way you can live without HUMAN."

Human-Case Study-Exclamation Mark Icons@2x


The COVID-19 pandemic spurred exponential growth in virtual education, raising the online learning company’s popularity—and making it a bigger target for bot attacks. The company’s security team noticed an increase in carding attacks on its websites, which led to financial losses from chargebacks and damaged consumer trust. The high volume of bot traffic also skewed the company’s web analytics and required hours of manual work to clean up.

Additionally, the online learning company relied on third-party JavaScript and open-source libraries to build its websites. They realized that some of this JavaScript could access users’ PII when they typed it into site forms, a data privacy compliance violation. They needed full visibility and control of third-party script behavior to ensure compliance and prevent digital skimming attacks.

Human-Case Study-Shield checkmark icon@2x


The online learning company wanted a single platform to address bot attacks and client-side threats. HUMAN Bot Defender and HUMAN Code Defender met their needs on both fronts.

Bot Defender

  • Uses machine learning algorithms, behavioral analysis, and predictive methods to accurately detect and mitigate carding and other bot attacks on web and mobile apps and APIs
  • Filters out bot traffic from human traffic, so teams can use accurate data to inform their decisions
  • Improves operational efficiency, freeing security teams to work on more strategic tasks

Code Defender

  • Detects anomalies in the behavior of first-, third- and nth-party scripts, such as unauthorized PII access and data exfiltration events
  • Provides granular control to block specific actions a script is taking, so you can immediately mitigate potential breaches of data and stop legitimate scripts from accessing sensitive data while otherwise letting them run as intended
  • Enforces content security policy (CSP) to prevent unwanted scripts from loading at all 

Bot Defender and Code Defender use the same open architecture, making them easy to integrate with the company’s existing infrastructure, including AWS CloudFront. Together, the solutions provide a layered defense model that protects against a range of cyberthreats. 


Bot Defender has protected an average of 26.5 million page views each month. The drop in malicious bot activity has saved the online learning company tens of thousands of dollars in chargebacks. In addition, because Bot Defender automatically removes bot traffic from website data, the company’s marketing team has saved almost 100 hours each month manually sorting through metrics. 

Code Defender identified 562 scripts from 28 different source domains that sent data to 74 destination domains. The solution discovered that the online learning company risked violating GDPR and CCPA because two of their legitimate third-party vendor scripts could access users’ PII. Code Defender blocked access to the sensitive fields, helping ensure compliance. 

All in all, the online learning company has gained real-time visibility and control into its client-side supply chain attack surface and remains protected from malicious bot attacks.


Connect with Us
to Learn More How HUMAN Can Mitigate Carding and Digital Skimming for You

Related Resources