Online Learning Company Protects Against Carding and Digital Skimming

The COVID-19 pandemic spurred exponential growth in virtual education, raising the online learning company’s popularity—and making it a bigger target for bot attacks. The company’s security team noticed an increase in carding attacks on its websites, which led to financial losses from chargebacks and damaged consumer trust. The high volume of bot traffic also skewed the company’s web analytics and required hours of manual work to clean up.

Additionally, the online learning company relied on third-party JavaScript and open-source libraries to build its websites. They realized that some of this JavaScript could access users’ PII when they typed it into site forms, a data privacy compliance violation. They needed full visibility and control of third-party script behavior to ensure compliance and prevent digital skimming attacks.

The online learning company wanted a single platform to address bot attacks and client-side threats. HUMAN Bot Defender and HUMAN Code Defender met their needs on both fronts.

Bot Defender

• Uses machine learning algorithms, behavioral analysis, and predictive methods to accurately detect and mitigate carding and other bot attacks on web and mobile apps and APIs
• Filters out bot traffic from human traffic, so teams can use accurate data to inform their decisions
• Improves operational efficiency, freeing security teams to work on more strategic tasks

Code Defender

• Detects anomalies in the behavior of first-, third- and nth-party scripts, such as unauthorized PII access and data exfiltration events
• Provides granular control to block specific actions a script is taking, so you can immediately mitigate potential breaches of data and stop legitimate scripts from accessing sensitive data while otherwise letting them run as intended
• Enforces content security policy (CSP) to prevent unwanted scripts from loading at all 

Bot Defender and Code Defender use the same open architecture, making them easy to integrate with the company’s existing infrastructure, including AWS CloudFront. Together, the solutions provide a layered defense model that protects against a range of cyberthreats.