Business-to-consumer (B2C) sellers come in every size and shape online—from retail and e-commerce sites to a vast array of online providers across the financial services, travel and hospitality, and digital services industries, to name a few. One thing nearly all online B2C companies have in common is the desire to “know the customer.” Online businesses that offer consumer-based services or products often need to go beyond just selling value and benefits—they need to invoke an emotional connection with the consumer. Since every customer is different, creating an emotional connection begins with delivering a personalized experience.
For a B2C business, knowing the customer requires first identifying each individual visitor—and that requires a robust Identity and Access Management (IAM) solution. SAP is a well-known leader for its Customer IAM (CIAM) and general commerce products and services for B2C businesses. This use case explores how these businesses can introduce F5 Distributed Cloud Services security into their defenses to optimize their investment in SAP and deliver a secure, frictionless customer experience.
SAP Customer Data Cloud (CDC) is a multi-tenant SaaS solution that provides the ability to store and govern consumer profiles. For its approximately 700 customers (and growing) SAP hosts more than 1.4 billion consumer identities, stores 1.6 billion consent transactions per month (addressing requirements of regional data protection laws such as GDPR, CCPA, and LGPD), provides integration for 4 billion consumer devices, and processes around 18 billion API calls per month. For many online B2C businesses, their SAP CDC solution is part of an overall SAP Customer Experience Solutions that also includes SAP Commerce Cloud. Among other capabilities, SAP CDC delivers:
It’s not unusual for 90 percent or more of a B2C web site’s daily log-in attempts to be from non-human visitors. Unfortunately, non-human in this case usually means bot-based attack traffic. These cheap, rudimentary bots simply cycle through the millions and millions of stolen and leaked credentials that are already in the wild, one after another, over and over, throwing username and password combinations at your commerce site hoping for even a tiny fraction to make it through.
It’s a process known as credential stuffing and it can be costly. All those automated login attempts are a constant, steady drain on bandwidth and server resources; and things can go from bad to worse if one of those bots is able to log-in with stolen credentials.
F5 Distributed Cloud Bot Defense identifies all manner of harmful, bot-driven network traffic and blocks it before it becomes a drain on your resources (or worse).
There are two stages to a Distributed Cloud Bot Defense deployment: observation mode and mitigation mode. In observation mode, Distributed Cloud Bot Defense analyzes the logs of all incoming requests to an application in order to identify threats and customize a defensive resolution.
While analyzing logs to distinguish between malicious and legitimate login traffic, Distributed Cloud Bot Defense also has the ability to categorize requests into attack campaigns for analysis. If an attack campaign tries to bypass F5 by somehow retooling (typically by updating software or leveraging new proxies), Distributed Cloud Bot Defense is still able to identify the campaign based on hundreds of other signals.
Once F5 and the customer are confident that no legitimate human traffic will be impacted, mitigation mode can be activated. From that point, when it is determined in real-time that an application request is from a fraudulent source, that source is immediately blocked—all without introducing any friction (such as the need for multi-factor authentication, CAPTCHA, etc.) to legitimate human users.
Online fraud is a real and growing threat from which B2C businesses need to protect their customers—but those protections must not inject friction into the user experience for risk of losing those same customers. While SAP helps convert your unknown users to known, loyal customers, F5 Distributed Cloud Bot Defense works behind the scenes to dramatically reduce your exposure to automated, fraudulent bot attack traffic, help ensure the security of your SAP services, and remove friction from the user experience.
For more information about F5 Distributed Cloud Bot Defense, visit f5.com/cloud/products/bot-defense.
Distributed Cloud Bot Defense protects against the most sophisticated credential stuffing and account takeover attacks, carding, and the rest of the OWASP Automated Threats to Web Applications, including: