Better Metrics, Less Hacks: Online Travel and The Future of Web

Security

Speakers

Rami Essaid

CEO & Co-founderDistil Networks

Speaker

Orion CassettoDir. of Product Marketing

Distil NetworksModerator

Good BotsSearch Engine Crawling Power APIsCheck system connectivity and status

Bad BotsSteal contentScan for vulnerabilitiesPerform Fraudetc.

The Basics of Bots

A “Bot” is an automated program that runs on the internet

Cheap scraping software

Inexpensive cloud computing resources

Botnet-as-a-Service

What is Contributing to the Growth in Bots?

Three Layers of Business Damaged Caused by Malicious Bots

Bots hurt your KPIs...Slowdowns, downtime and poor CXDecline in website trafficLoss of revenue and customer base

How Bad Bots Impact Travel Business Profits

What Kind of Data is Being Scraped?

Customer Data

Pricing Info

Editorial Content

Incentive Packages Reviews Keyword

PlacementSEO

Optimization

What Are Scrapers Doing with Your Travel Site?Posting your content on competitor sitesScrapers steal your traffic and advertising dollars. Duplicative content and high bounce rates diminishes your SEO

Undermining your prices Bots monitor your prices, ensuring competitors can undercut with lower price listings

Executing searches on your siteThe resulting API calls to third parties can cost you

According to RyanAir unauthorized scrapers frequently

○ Added excessive charges to European customers

○ Failed or refused to pass on vital information like customer contact info, flight changes, web check in, and info on special needs

○ Caused missed flights and repeated problems for customers

Unauthorized Scraping Causes Problems for Passengers and Airlines Alike

EasyJet complained of 60% increase in ticket prices due to eDreams adding excessive fees to its tickets

Affected over 300,000 customers during the 6 months period of monitoring

EasyJet implemented bot detection tech to make informed decisions about automated clients

Aggregators Add Excessive Fees to Airline Tickets

“Utilizing an automated system for detecting scrapers gives us the information we need to act on each situation, and block individuals if we wish to.”

-- Jerry DunnDistribution Development Manager, EasyJet

Add-on sales like upgrades, travel insurance, etc. result in an average of $20 to $40 of additional revenue per sale for airlines

When scrapers insert themselves in the sale as middlemen, the upsell/cross-sell opportunity moves to their businesses

Web scrapers and travel aggregators may also charge referral feesor ask for volume discounts from airlines or hotel chains

Scraping Causes a Loss of Upsell and Cross-sell Opportunities

Source: http://www.eyefortravel.com/mobile-and-technology/scraping-single-biggest-threat-travel-industry

Negative SEO Attacks Damage Relevancy

Bots steal content, product lists, and prices for duplication elsewhere on the Internet

Duplicated content reduces your company’s uniqueness and thus quality score

SEO damage may result, especially if○Your prices are undercut○The content is repurposed on a more

popular site

Duplicate Content Results in Diminished SEO

Bots Break Into Accounts with Stolen Passwords

Brute Force Account TakeoverUsing a bot to try stolen usernames and passwords from breaches at other websites on your site

Newly compromised accounts are then used for various forms of fraud/theft

The Ashley Madison breach released 32 million log-in credentials into the wild

Account takeover and transaction fraud have significantly increased

Lost or stolen credentials were already the top cause of data breaches since 2010

Online Fraud Boosted by Ashley Madison Breach

Source: VBIR 2105

Brute Force Attacks used to Pilfer Loyalty Programs

Loyalty programs are Low hanging fruit Loyalty programs are frequent targets for hackers

Legacy systems were secured with 4-digit PIN numbers

Points in can be used for air travel, rental cars, dining and shopping.

Traffic from unnecessary bots inflates “Look-to-book” ratios

Blocking unnecessary bots improves KPI tracking and analytic data accuracy

Bots Skew Key Website Analytics

Roughly 23% of traffic on the average travel website is from bad bots

Bot traffic frequently cause websites to experience performance issues or brownouts

Garbage Bot Traffic Increases Costs and Infrastructure Utilization

Challenges Distil Results

Bots caused brownouts which led to immediate loss of revenue

Increased uptime from 99.6% to 99.9% (no downtime for the first time in five years)

Bots can hurt Google quality score and SEO Improved SEO and Google quality score

Homegrown IP blocking wasn’t working - Bots came in through proxies and used spoofed IP addresses

Automated bot defense identified and blocked more than 99.99% of bots

Redtag.ca Protects SEO and Uptime by Blocking Bad Bots

Redtag.ca specializes in finding fantastic travel deals on vacations, flights, cruises, hotels and car rentals.

With Distil, we increased our uptime from 99.6% to 99.9%, reduced infrastructure costs and eliminated costly bot-driven API calls. Bots, be gone!”

-Rob Gennaro, Digital Marketing Officer, Red Label Vacations

“

Reviewing The Impact Bots Have on Travel Site Profits

Customers transfer loyalty

to 3rd party sites

Add-on sales happen on 3rd party sites

Excessive fees increase prices

SEO damage reduces web site

searchability

Order errors and ToS breaches cause poor

experiences

Loyalty programs hacked

Good bots make up over 35% of all traffic to the average website

○ Search engines - Google, Bing, Baidu, etc.,

○ Alexa Crawler

○ Pingdom, Keynote, etc.

○ Vulnerability Scanners

○ etc.

Effective solutions block bad bots but leave good bots unhindered

The Importance of Accurately Identifying Good Bots

Source: Distil Networks, 2015 Bad Bot Landscape Report

Partners in DisguiseMany meta search sites get their start from scraping. Once revenues appear they license API access.

Site IndexingSearch engine bots scour and prioritize content to drive inbound Traffic to your site.

When Site Scraping Should be Sanctioned

The First Easy and Accurate Way to Defend Websites Against Malicious

Bots

The World’s Most Accurate Bot Detection System

Inline FingerprintingFingerprints stick to the bot even if it attempts to reconnect from random IP addresses or hide behind an anonymous proxy. Known Violators DatabaseReal-time updates from the world’s largest Known Violators Database, which is based on the collective intelligence of all Distil-protected sites.

Browser ValidationThe first solution to disallow browser spoofing by validating each incoming request as self-reported and detects all known browser automation tools.

Behavioral Modeling and Machine LearningMachine-learning algorithms pinpoint behavioral anomalies specific to your site’s unique traffic patterns.

How Travel Companies Benefit from Distil

Increase insight & control over human, good bot & bad bot

traffic

Block 99.9% of malicious bots without impacting legitimate

users

Slash the high tax bots place on

internal teams & web infrastructure

Protect data from web scrapers, unauthorized aggregators &

hackers

www.distilnetworks.com/trial/Offer Ends: November 26th

Two Months of Free Service + Traffic Analysis

www.distilnetworks.com

QUESTIONS….COMMENTS?I N F O @ D I S T I L N E T W O R K S . C O M

1.866.423.0606OR CALL US ON