Protecting booking engines from unwanted traffic

It comes as no surprise, unfortunately, that the bad bots are getting more sophisticated by the day, ensuring the cyber chess game between security professionals and bad actors is as active as ever.

NB: This article appears here as part of Tnooz's sponsored content initiative.

The people, process and technology needed to ensure customers can always access price and availability information through legitimate channels was discussed in a recent Tnooz webinar, featuring bot mitigation specialists Distil Networks and one of its long-standing customers, easyJet.

Watch the webinar here

Here’s where we are today:

● 88% of bots are advanced or persistent bots that can load JavaScript, support cookies, use real browsers, and/or mimic human behaviour; they’re also rotating through IPs and constantly changing headers to avoid detection. ● 73% of the time, the exact same attack comes from two or more IPs and 20% from over a hundred different IPs. This kind of “low and slow” attack slides under the radar of most web application security systems. ● 40% of bots are able to mimic human behaviour, so they can skirt detection and analytics. They're loading JavaScript, they're transacting on your site, and going through your checkout process with ease.

Travel industry websites are the targets of unwanted traffic such as web scraping by competitors and overaggressive partners, hackers going after confidential and/or proprietary information, and the unauthorized re-use of unique content.

Analytics can no longer be trusted, because the look-to-book ratio is skewed by bots loading JavaScript, and distorting marketing efforts.

And then there are the account takeovers and the unauthorized middlemen getting between travel operators and their customers, stealing add-on sales opportunities, committing fraud, and damaging customer relationships.

And the audience poll agreed, citing the following as their top bad bot concerns:

● 34% web scraping ● 27% skewed analytics ● 21% transaction fraud ● 9% login attacks ● 9% poor customer experience

easyJet knew this kind of activity was going on and wanted to deal with the threat head on. With dynamic pricing, more than fifty API partners feeding content out to thousands of third-party companies, and close to 90% of their business coming from direct bookings, bots were becoming a major headache.

easyJet touched on four key elements it was focused on when looking to regain control of its data:

● Customer disruption ● Impact on IT infrastructure ● Lost revenue ● Skewed analytics

It began by developing a customer charter, based on IATA principles, with their API partners to ensure that customers are not impacted and customer information is not being obfuscated. Then they began to look for a technology partner to ensure the back end of the information flow was not being disrupted. The carrier also specifically wanted an enterprise-scale solution that combined automation with expert human analysis, especially when it came to fraud detection.

easyJet chose Distil Networks after a rigorous RFP process, and an evaluation of six different vendors:

Six years later, easyJet now has an end-to-end system that leverages Distil Analyst Management Service to act as an outsourced daily bot detection and response solution that’s fully integrated into the company’s operations. Distil meets regularly with representatives from easyJet’s IT, distribution, legal, and fraud teams to update them on global, industry and site specific threat data and its potential impact on their business.

To watch the webinar, click here.