Better Metrics, Less Hacks: Online Travel and The Future of Web Security
-
Upload
distil-networks -
Category
Travel
-
view
663 -
download
0
Transcript of Better Metrics, Less Hacks: Online Travel and The Future of Web Security
Better Metrics, Less Hacks: Online Travel and The Future of Web
Security
Speakers
Rami Essaid
CEO & Co-founderDistil Networks
Speaker
Orion CassettoDir. of Product Marketing
Distil NetworksModerator
Good BotsSearch Engine Crawling Power APIsCheck system connectivity and status
Bad BotsSteal contentScan for vulnerabilitiesPerform Fraudetc.
The Basics of Bots
A “Bot” is an automated program that runs on the internet
Cheap scraping software
Inexpensive cloud computing resources
Botnet-as-a-Service
What is Contributing to the Growth in Bots?
Three Layers of Business Damaged Caused by Malicious Bots
Bots hurt your KPIs...Slowdowns, downtime and poor CXDecline in website trafficLoss of revenue and customer base
How Bad Bots Impact Travel Business Profits
What Kind of Data is Being Scraped?
Customer Data
Pricing Info
Editorial Content
Incentive Packages Reviews Keyword
PlacementSEO
Optimization
What Are Scrapers Doing with Your Travel Site?Posting your content on competitor sitesScrapers steal your traffic and advertising dollars. Duplicative content and high bounce rates diminishes your SEO
Undermining your prices Bots monitor your prices, ensuring competitors can undercut with lower price listings
Executing searches on your siteThe resulting API calls to third parties can cost you
According to RyanAir unauthorized scrapers frequently
○ Added excessive charges to European customers
○ Failed or refused to pass on vital information like customer contact info, flight changes, web check in, and info on special needs
○ Caused missed flights and repeated problems for customers
Unauthorized Scraping Causes Problems for Passengers and Airlines Alike
EasyJet complained of 60% increase in ticket prices due to eDreams adding excessive fees to its tickets
Affected over 300,000 customers during the 6 months period of monitoring
EasyJet implemented bot detection tech to make informed decisions about automated clients
Aggregators Add Excessive Fees to Airline Tickets
“Utilizing an automated system for detecting scrapers gives us the information we need to act on each situation, and block individuals if we wish to.”
-- Jerry DunnDistribution Development Manager, EasyJet
Add-on sales like upgrades, travel insurance, etc. result in an average of $20 to $40 of additional revenue per sale for airlines
When scrapers insert themselves in the sale as middlemen, the upsell/cross-sell opportunity moves to their businesses
Web scrapers and travel aggregators may also charge referral feesor ask for volume discounts from airlines or hotel chains
Scraping Causes a Loss of Upsell and Cross-sell Opportunities
Source: http://www.eyefortravel.com/mobile-and-technology/scraping-single-biggest-threat-travel-industry
Negative SEO Attacks Damage Relevancy
Bots steal content, product lists, and prices for duplication elsewhere on the Internet
Duplicated content reduces your company’s uniqueness and thus quality score
SEO damage may result, especially if○Your prices are undercut○The content is repurposed on a more
popular site
Duplicate Content Results in Diminished SEO
Bots Break Into Accounts with Stolen Passwords
Brute Force Account TakeoverUsing a bot to try stolen usernames and passwords from breaches at other websites on your site
Newly compromised accounts are then used for various forms of fraud/theft
The Ashley Madison breach released 32 million log-in credentials into the wild
Account takeover and transaction fraud have significantly increased
Lost or stolen credentials were already the top cause of data breaches since 2010
Online Fraud Boosted by Ashley Madison Breach
Source: VBIR 2105
Brute Force Attacks used to Pilfer Loyalty Programs
Loyalty programs are Low hanging fruit Loyalty programs are frequent targets for hackers
Legacy systems were secured with 4-digit PIN numbers
Points in can be used for air travel, rental cars, dining and shopping.
Traffic from unnecessary bots inflates “Look-to-book” ratios
Blocking unnecessary bots improves KPI tracking and analytic data accuracy
Bots Skew Key Website Analytics
Roughly 23% of traffic on the average travel website is from bad bots
Bot traffic frequently cause websites to experience performance issues or brownouts
Garbage Bot Traffic Increases Costs and Infrastructure Utilization
Challenges Distil Results
Bots caused brownouts which led to immediate loss of revenue
Increased uptime from 99.6% to 99.9% (no downtime for the first time in five years)
Bots can hurt Google quality score and SEO Improved SEO and Google quality score
Homegrown IP blocking wasn’t working - Bots came in through proxies and used spoofed IP addresses
Automated bot defense identified and blocked more than 99.99% of bots
Redtag.ca Protects SEO and Uptime by Blocking Bad Bots
Redtag.ca specializes in finding fantastic travel deals on vacations, flights, cruises, hotels and car rentals.
With Distil, we increased our uptime from 99.6% to 99.9%, reduced infrastructure costs and eliminated costly bot-driven API calls. Bots, be gone!”
-Rob Gennaro, Digital Marketing Officer, Red Label Vacations
“
Reviewing The Impact Bots Have on Travel Site Profits
Customers transfer loyalty
to 3rd party sites
Add-on sales happen on 3rd party sites
Excessive fees increase prices
SEO damage reduces web site
searchability
Order errors and ToS breaches cause poor
experiences
Loyalty programs hacked
Good bots make up over 35% of all traffic to the average website
○ Search engines - Google, Bing, Baidu, etc.,
○ Alexa Crawler
○ Pingdom, Keynote, etc.
○ Vulnerability Scanners
○ etc.
Effective solutions block bad bots but leave good bots unhindered
The Importance of Accurately Identifying Good Bots
Source: Distil Networks, 2015 Bad Bot Landscape Report
Partners in DisguiseMany meta search sites get their start from scraping. Once revenues appear they license API access.
Site IndexingSearch engine bots scour and prioritize content to drive inbound Traffic to your site.
When Site Scraping Should be Sanctioned
The First Easy and Accurate Way to Defend Websites Against Malicious
Bots
The World’s Most Accurate Bot Detection System
Inline FingerprintingFingerprints stick to the bot even if it attempts to reconnect from random IP addresses or hide behind an anonymous proxy. Known Violators DatabaseReal-time updates from the world’s largest Known Violators Database, which is based on the collective intelligence of all Distil-protected sites.
Browser ValidationThe first solution to disallow browser spoofing by validating each incoming request as self-reported and detects all known browser automation tools.
Behavioral Modeling and Machine LearningMachine-learning algorithms pinpoint behavioral anomalies specific to your site’s unique traffic patterns.
How Travel Companies Benefit from Distil
Increase insight & control over human, good bot & bad bot
traffic
Block 99.9% of malicious bots without impacting legitimate
users
Slash the high tax bots place on
internal teams & web infrastructure
Protect data from web scrapers, unauthorized aggregators &
hackers
www.distilnetworks.com/trial/Offer Ends: November 26th
Two Months of Free Service + Traffic Analysis
www.distilnetworks.com
QUESTIONS….COMMENTS?I N F O @ D I S T I L N E T W O R K S . C O M
1.866.423.0606OR CALL US ON