easyjet’s journey to protect its booking engine - the slides for the tnooz / distil networks...
TRANSCRIPT
TLearn WebinarDecember 13, 2016
easyJet’s Journey to Protect TheirBooking Engine from Unwanted Traffic
Your hosts
Sean O’NeillEditor in Chief & ModeratorTnooz
Gene QuinnCo-Founder & ProducerTnooz
Poll no. 1Where are you located?
Poll no. 2What travel business segment do you
represent?
Anthony Drury Rami EssaidCEO and Co-founderDirector, Head of Business
easyJet’s Journey to Protect Their
Booking Engine from Unwanted Traffic
The bad bot landscape
How bad bots impact the travel industryWeb/screen scrapingAccount takeover and fraudPoor customer experiencesSkewed analytics
easyJet case study
Q&A
Agenda
Bad Bots Cause the Majority of Website Problems
19% of Traffic Causes the Following Problems
Majority of Bots are Advanced Persistent Bots (APBs)
APBs have one or more of the following abilities:
AdvancedMimic human behaviorLoad JavaScriptLoad external resourcesSupport cookiesBrowser automation (Selenium, PhantomJS)
PersistentDynamic IP rotationDistribute attacks across IP addressesHide behind anonymous and peer-to-peer proxies
2016 Distil Bad Bot Report
That Majority of Bad Bots Now Use Multiple IP Addresses
Bots which dynamically rotate IP addresses, or distribute attacks are significantly harder to detect and mitigate
Bots Mimic Human Behavior
39% of bots able to mimic human behavior
These bots will fly under the radar of most security tools
True or False?
You have good visibility and control over unwanted website traffic and transactions.
Poll Question
Web Scraping
CompetitorsContent Theft
Competitive IntelPrice Scraping
AggregatorsStart-ups
Unauthorized Middlemen
HackersContent for Fake Pages
Search EnginesGoogle
BingYahooBaidu
Who is behind Web Scraping?
What Kind of Data is Being Scraped?
Customer data
Pricing info
Editorial content
Incentive packages
ReviewsSEO strategies
Booking engine inputs
What Are Scrapers Doing with Your Travel Site?
Unauthorized user of contentScrapers steal your traffic and advertising dollars. Duplicative content and high bounce rates diminish your SEO
Undermining your prices Bots monitor your prices, ensuring competitors can undercut with lower price listings
Executing searches on your siteThe resulting API calls to third parties can cost you
Booking travel as unauthorized middlemenWhich can result in lost cross sell opportunities, customer disruptions, and poor user experiences
Add-on sales like upgrades, travel insurance, etc. result in an average of $20 to $40 of additional revenue per sale for airlines
When scrapers insert themselves in the sale as middlemen, the upsell/cross-sell opportunity moves to their businesses
Web scrapers and travel aggregators may also charge referral fees or ask for volume discounts from airlines or hotel chains
Scraping Causes a Loss of Upsell and Cross-sell Opportunities
Source: http://www.eyefortravel.com/mobile-and-technology/scraping-single-biggest-threat-travel-industry
Website Security & Online Fraud
Common hacking tools like network mappers and vulnerability scanners are automated programs
Once a victim’s network has been mapped, automated vulnerability scanning can be used to find security flaws that can be exploited
These bots let hackers scale their operations
Vulnerability Scanning and Target Exploitation
Bots Make Large Scale Account Takeover Possible
Over 1 billion usernames, passwords combinations exist in the wild
Bot operators create bots to test millions of username/password combinations from breaches at other websites to find the credentials that also work on your site
Newly compromised accounts are then used for various forms of fraud/theft including virtual currency theft like loyalty points/rewards
Skewed Analytics
Sophisticated Bots Increasingly Appear as Human in Analytic Data
53% of bots able to load external Assets (e.g. JavaScript)
These bots will skew marketing tools such as (Google Analytics, A/B testing, conversion tracking, etc.)
Skewed Analytics Leads to Misinformed Business Decisions
Inaccurate analytic data results in
Poor funnel analysis & optimization
Poor conversion rates
Inaccurate KPI tracking
Skewed look-to-book ratios
Difficulty in planning server expansion
The bad bot problems I'm most concerned about (check all that apply):
A. Web scrapingB. Transaction fraudC. Login attacksD. Skewed analyticsE. Poor customer experience
Poll Question
About easyJeteasyJet at a glance● Market cap of £4bn
● 800+ routes across 31 countries
● 257 Airbus aircraft
● 10,000+ employees, including 2,800 pilots and 6,500 cabin crew
● 73.1 million passengers in last 12 months
● 88% direct bookings
● Over 18.3m app downloads
● Industry leading API capabilityFigures from easyJet Annual Report 2016 http://corporate.easyjet.com/~/media/Files/E/Easyjet-Plc-V2/pdf/investors/result-center-investor/annual-report-2016.pdf
easyJet Distribution Charter
Applies to any third party using easyJet's data (e.g. fares, schedules, seating availability, etc.) for the purpose of displaying, advertising, booking or selling any easyJet product or service.
● easyJet data only provided through easyJet API ● Content access through approved contracted partners only● Partner must ensure the best possible customer service● easyJet collects passenger contact info for sole purpose of
disruption alerts● Partners must adhere to the easyJet brand guidelines● Customers must be provided with accurate, complete and
timely information● http://www.easyjet.com/en/business/distribution/charter
Distil’s technology combined with their Analyst Managed Service helps keep our site fast and responsive and ensures our customers - wherever they are booking - get our price and availability content through our approved API channels.”
Anthony Drury, Head of Business, easyJet
easyJet in partnership with Distil
easyJet Challenges Distil Results
Eliminate web scraping and ensure partners are adhering to easyJet’s distribution charter
Clear ROI on Distil Networks. No need to pursue legal action. Resource redeployment
Rogue scrapers impacting data quality and system optimization
Set the technical bar so high as to force all but the most aggressive scrapers to give up
Strengthen partnerships by creating a level playing field
Transparent pricing. Everyone is using the same data sets. Everything is booked instantaneously. No delays, no drag
“
Six year partnership with Distil
Extension of our internal team
Technology, people and process
Why did easyJet choose Distil?easyJet chose Distil after a rigorous RFP process, and an evaluation of six different vendors. Why?
ENTERPRISE-READY ACCURATE SECURE ANALYST MANAGED
Integrates with existing infrastructure (e.g. Akamai CDN)
Handles high traffic without slowing down human customers
Ingests feeds from easyJet fraud team to strengthen & customize defense
Proactive identification & updates (e.g. via machine learning, wisdom of the crowd, etc.)
Ability to respond to anyone that says they’ve been blocked
Complete visibility into false positives
Handles HTTP POST requests that contain customer data such as email addresses
Covers all channels (desktop web, mobile web, API, mobile app)
Proven solution
PCI DSS Level 1 Service Provider
Managed service by people with experience across dozens of deployments
24x7x365 human response
Best technology + best people = best-of-both solution
How easyJet uses Distil Analyst Managed Service
● Intelligent way to augment our existing team
● Test bookings and other auditing measures to track violators
● Proactive analysis and investigation into security data based on our objectives
● Outsourced daily bot analysis, detection and response
Distil Analyst Managed Service
www.distilnetworks.com/trial/Offer Ends: December 31st at 5PM
Two Months of Free Service + Traffic Analysis
Anthony Drury Rami EssaidCEO and Co-founderDirector, Head of Business