Datadome
Customer Stories

Leading Benefits Provider Fights Account Takeovers & Ensures Customer Trust with DataDome

Table of content
Paige Tester, Sr. Content Marketing Manager
23 Oct, 2024
|
min

A leading American benefits and retirement solutions provider faced persistent account takeover attempts, which threatened their customers’ experience and financial well-being. After implementing DataDome, the company saw a rapid decrease in fraudulent activities and reduced the need for daily security checks. DataDome’s seamless integration with existing systems, <0.01% false positive rate, and responsive support helped the company secure sensitive data, rebuild customer confidence, and refocus their time on strategic initiatives.

“The DataDome team is incredibly involved and supportive. They don't just respond promptly—they actively resolve our issues with impressive speed, which has been a huge advantage for us.”
Senior Security Engineer

The Challenge: Fighting Persistent Account Takeover Attempts and Protecting Customer Data

A company in the health, wealth, retirement, and employee benefits sector found itself in a tricky situation. Due to multiple automated credential stuffing attempts, hackers were threatening account takeovers, which risked the confidentiality of customers’ data. These attacks represented potentially significant financial losses, since the company would need to reimburse defrauded customers as well as devote valuable resources towards incident response efforts. Moreover, failing to effectively combat these attacks would damage the company’s reputation and erode customer trust.

Despite deploying a web application firewall (WAF) with basic bot protection, the attacks persisted. The Senior Security Engineer who dealt with the problem recalls: “We were a small security team of two engineers, so we investigated as best we could. We tightened the configuration and implemented new bot detection rules, but the credential stuffing attempts continued to occur. The CAPTCHA from our WAF was firing too frequently, frustrating legitimate users, yet it still wasn’t stopping sophisticated bots in their tracks.”

It was then that the team realized they had to find a more effective way to protect their customers’ accounts.

The Solution: Accurate Bot Protection That Runs on Auto-Pilot

Of course, the company needed to fight online fraud, but it was crucial that any approach would accurately distinguish bots from humans. “We wanted a tool that had a low false positive rate,” explains the Senior Security Engineer. This need naturally pointed them in the direction of DataDome; and since they were a small security team, they desired a solution that was easy to integrate into their existing setup and required minimal ongoing maintenance.

The company evaluated several bot management vendors but chose DataDome for its quick and straightforward implementation. The DataDome implementation team showed great commitment, right from the trial phase. “During our POC, the DataDome team was incredibly involved and supportive. Ever since, whenever an issue arises, we can reach out via Slack or email and always receive quick, helpful responses. They don’t just respond promptly—they actively resolve our issues with impressive speed, which has been a huge advantage for us.”

The Results: Safe User Accounts & Reliable Support

The day-to-day life of the company’s security team changed as soon as DataDome went live. What used to be a routine of reviewing five to six suspicious activity events a day has become rare occurence, dropping to nearly zero.

“What a time saver not to have to spend hours in meetings checking each event one by one as soon as you had a doubt!” The Senior Security Engineer now simply looks at the DataDome dashboard from time to time to make sure there are no alerts.

DataDome also alerted the small security team to other automated threats targeting their business, such as sensitive data scraping from their company website and credential stuffing attacks. In response, the team was able to add a second layer of defense to their online applications: “If DataDome detected something our WAF had missed, we could adjust the rules in our other tools to improve detection,” explains the Senior Security Engineer.

With DataDome, the small security team has experienced significant time savings, regained peace of mind, and strengthened its security posture. They are satisfied with the tool and their collaboration with the DataDome Support team: “I’ve never had to push them to get things done—they’re always proactive and helpful. The level of support we receive from DataDome is unmatched and a huge benefit on top of their exceptional bot protection.”