DataDome Helped Topps Slash Infrastructure Costs & Reclaim 50 Work Hours Per Day

The Problem: Scalper bots were overloading the site & ruining the customer experience.

Sayed Gaffar is Director of E-Commerce, EMEA, and International Markets at The Topps Company. He describes how automated scalper bots were causing a poor experience for the company’s loyal customers, driving up infrastructure costs and diverting his team’s attention from other projects in the process.

“Topps launches limited-edition cards and other collectibles during specific time windows,” he explains. “The fewer cards we print, the more valuable they are for collectors, and the faster they will sell out.”

Unsurprisingly, the advantage of speed in the purchasing process attracted a particular category of visitors: scalper bots. Scalper bots are software programs that automate the checkout process, enabling its operators to secure limited-edition goods in a fraction of the time it takes human buyers.

“Many of these bots were provided as professional services, in the shape of browser extensions developed specifically for our site,” Sayed continues. “Users could put in their contact details, their credit card number, and the URL of the product they wanted to buy. The moment it went on sale, the bot would complete the purchase in seconds. It’s very unfair: they were cheating the system, but because they were using real browsers and coming from residential IP addresses, it was impossible for us to tell whether they were humans or automated programs.”

The relentless hits from scalper bots were also putting Topps’ servers under duress, causing slowdowns and checkout problems for regular users. The situation came to a crux when the Coronavirus started to spread around the world, driving both existing and new shoppers online.

“It was a perfect storm,” Sayed recalls. “We had more people than ever wanting to buy our products, but because of all the nefarious activity, they sometimes weren’t able to. People were looking forward to our launches and to purchasing something, but the malicious actors ruined the experience for them. Of course, they would then vent their disappointment and complain about it on social media.”

The Solution:DataDome blocks scalper bots & DDoS attacks.

While the company’s CDN provided some level of protection, it clearly wasn’t sufficient. Sayed and his team decided that something had to be done, and it had to be done fast.

The team reached out to multiple providers, but found themselves up against month-long engagement processes, POCs, and coding requirements that they weren’t comfortable with. Finally, it was their systems integrator who suggested testing the DataDome free trial. In half an hour, they had implemented the DataDome module for Fastly with only the help of the online documentation.

Credential stuffing, DDoS attacks, a lot of scrapers … there was so much activity which our rudimentary user agent and IP tracking hadn’t enabled us to discover. We realized that we had various categories of problems that we hadn’t even been aware of, which was a really rich insight for us.”

Right off the bat, the DataDome dashboard enabled the team to identify the most troublesome IP addresses, block them manually in the WAF, and restore a bit of balance in their systems. But with a steady stream of new product launches coming up, they knew they needed a more sustainable long-term solution—and sooner rather than later.

“We just didn’t have time for a one-month POC,” says Sayed. “Thanks to the free trial, we knew how DataDome worked, and we knew it required the lightest of touch. We didn’t need to set in motion a big project or make any changes to our infrastructure.”

In the current climate, cost is obviously a major decision factor as well. “All budget expenditures had been stopped,” Sayed explains, “but with the data from our free trial, we could show how the bad bot traffic forced us to upscale and incur additional infrastructure costs. The flexibility of the subscription model also made it easier to defend our case.”

The Results: Substantial cost savings, positive ROI, & freedom to focus on important priorities.

The most immediate benefit was indeed a significant reduction of infrastructure costs. Before DataDome, the Topps team would increase its server capacity before major launch events to cater to extra traffic. But while the additional capacity meant that the servers would resist a little longer, they would still end up being overtaxed.

“Adding extra servers only gave the bots more capacity to work with. We were just delaying the inevitable sluggishness and customer complaints, and at the same time we were incurring heavy costs,” Sayed confirms. “Just the fact that we no longer have to upscale our servers for two-hour spikes of launch activity means that DataDome pays for itself—and that’s without mentioning the time my team is saving.”

The time a team of engineers can spend managing bot traffic is an often underestimated opportunity cost. At Topps, implementing DataDome resulted in freeing up both internal staff and system integrator resources.

“Before DataDome, we could spend up to 50 work hours per day prepping our servers for launches, monitoring logs, and handling customer complaints. And that’s not even counting the time our system integrators spent blocking IPs instead of focusing on the developments we wanted,” Sayed observes. “Now, I don’t even know DataDome is running—it’s just there in the background, doing its job. I haven’t had a bot-related discussion for something like three months, which is fantastic!”

The COVID-19 pandemic has created new challenges and projects for Sayed and his team, as they work to manage the shift to more digital business and ensure a good customer experience while continuing to support their retail colleagues.

“When you’re firefighting, you’re not doing your day job,” he says. “DataDome has given me back the time to concentrate on the priorities and projects I was brought in to deliver, and it enables the teams to focus on value-adding tasks. It’s one of the best things that have come out of the implementation.”