Case Study

Sporting Goods Retailer Protects Against Carding Attacks



This leading sporting goods retailer is well-known for offering the best selection of sports equipment from top brands. The company serves more than 7.5 million customers annually through its e-commerce business and 35 stores across the United States.

- Information Security Manager

Sporting Goods Retailer

“When we needed a solution for the carding attacks, partnering with HUMAN was a no-brainer. The integration between HUMAN and Salesforce made the implementation extremely easy. We were up and running that same day.”

Human-Case Study-Exclamation Mark Icons@2x


The sporting goods retailer noticed an increase in carding attacks, specifically on its e-gift card balance checking page. If bots were blocked too aggressively, human customers would mistakenly be blocked as well. The company needed a solution that could detect the subtle behavioral differences between real human users and the sophisticated carding bots mimicking them.

Human-Case Study-Shield checkmark icon@2x


The retailer needed an immediate solution to gift card cracking that would be able to integrate with its Salesforce Commerce Cloud (SFCC) storefront. The team chose HUMAN Bot Defender, highlighting the following capabilities: 
  • Protection against sophisticated carding attacks: Bot Defender uses behavioral monitoring, intelligent fingerprinting and predictive methods to detect and mitigate bad bots with unparalleled accuracy. The solution uses machine learning to analyze hundreds of pieces of user activity data and device behavior to determine whether a user is a bot or not.
  • Easy integration: Bot Defender’s open architecture allows it to integrate any existing infrastructure and technology stack, including SFCC.
  • User-friendly verification: Bot Defender uses Human Challenge, a user-friendly alternative to traditional CAPTCHAs. The Press and Hold technology serves proof-of-work and other behind-the-scenes tests to distinguish humans from bots, without impacting customer experience.


Bot Defender was integrated into the retailer’s tech stack within a matter of hours and quickly yielded the following results: 

Human-Case Study-1@2x

Blocked bad bots during periods of high traffic

During a recent attack during a high-traffic period, Bot Defender detected and blocked more than 397K malicious requests while allowing over 383K legitimate requests from human customers to proceed without impact. There was also a noticeable improvement in web performance since unwanted bot traffic was being blocked at the edge. 

HUMAN-Sporting Goods Retailer Case Study-Figure 1
Figure 1: Requests blocked by Bot Defender during attempted carding attacks
Human-Case Study-2@2x

Reduced response times as compared to reCAPTCHA

Since switching from reCAPTCHA to Human Challenge, the sporting goods retailer decreased the amount of time users spend on verification pages from 66.09 seconds to 34.85 seconds. This allowed customers to complete transactions faster and had a positive impact on their shopping experience.
HUMAN-Sporting Goods Retailer Case Study-Figure 2
Figure 2: Time spent on Human Challenge versus reCAPTCHA on verification pages

By implementing Bot Defender, the sporting goods retailer improved its security posture without negatively impacting customer experience. The company was able to protect against gift card cracking while simultaneously improving its website performance.

Connect with Us
to Learn More How HUMAN Can Mitigate Carding Attacks for You

Related Resources