Case Study

Sally Beauty Protects Against Carding and Magecart Attacks

HUMAN_Case-Study_Sally Beauty Supply Chain Transaction Abuse


Sally Beauty is the U.S. and Canadian brand of Sally Beauty Holdings, Inc., a global distributor and specialty retailer of professional beauty products. Both retail consumers and salon professionals alike frequent its 5000+ stores worldwide and e-commerce site,  

- Lee Tarver

Sr. Manager, Security Architecture and Engineering, Sally Beauty
“In just one hour of one day, if we had not had HUMAN Bot Defender in place, we would have seen about 34,000 hits on our backend payment processor. That’s about $3,100 (in fees) in just an hour."
Human-Case Study-Exclamation Mark Icons@2x


Sally Beauty noticed significant spikes in card-not-present (CNP) fraud, which came from malicious bots. This cost them thousands of dollars per hour in fees for card pre-authorization, address verification and payment gateway services. Sally Beauty had a web application firewall (WAF), but its rule-based approach wasn't enough. 

In addition, Sally Beauty was concerned about the growing risk of digital skimming and Magecart attacks. They understood that weaknesses in first- and third-party scripts put them at risk, and manually monitoring script behavior consumed too many resources.

Human-Case Study-Shield checkmark icon@2x


Sally Beauty implemented HUMAN Bot Defender and HUMAN Code Defender to  combat carding bots and Magecart threats.
  • No infrastructure changes: Bot Defender fit seamlessly into the Salesforce Commerce Cloud platform used by Sally Beauty to combat sophisticated carding bots. The ability to implement Bot Defender without coordinating efforts between application owners and infrastructure providers was a huge plus for the team.
  • Accurate detection: Rules-based technology was known to be insufficient to combat all bot attacks especially with the growing sophistication of bots. Bot Defender was a complete solution with the ability to combat the growing sophistication of bot attacks.
  • Comprehensive coverage: The combination of Bot Defender and Code Defender provided a comprehensive solution for bot attacks and addressed the growing concern of Magecart attacks. 


Together, Bot Defender and Code Defender protect Sally Beauty from automated attacks and client-side threats.

  • Reduced digital CNP fraud costs: Bot Defender reduced CNP fraud costs by 97%. By contrast, carding attacks previously cost Sally Beauty over $3,100 per hour in fees alone.
  • Ongoing bot protection without additional overhead: Sally Beauty was able to to stay on top of automated threats, as well as separate malicious bot traffic from good bot traffic.
  • Reduced risk of digital skimming attacks: Code Defender saved Sally Beauty significant resources by automatically detecting and proactively mitigating potential Magecart threats. 


Connect with Us
to Learn More How HUMAN Can Mitigate Magecart and Digital Skimming Attacks for You

Related Resources