TLearn WebinarDecember 13, 2016

easyJet’s Journey to Protect TheirBooking Engine from Unwanted Traffic

Your hosts

Sean O’NeillEditor in Chief & ModeratorTnooz

Gene QuinnCo-Founder & ProducerTnooz

Poll no. 1Where are you located?

Poll no. 2What travel business segment do you

represent?

Anthony Drury Rami EssaidCEO and Co-founderDirector, Head of Business

easyJet’s Journey to Protect Their

Booking Engine from Unwanted Traffic

The bad bot landscape

How bad bots impact the travel industryWeb/screen scrapingAccount takeover and fraudPoor customer experiencesSkewed analytics

easyJet case study

Q&A

Agenda

Bad Bots Cause the Majority of Website Problems

19% of Traffic Causes the Following Problems

Majority of Bots are Advanced Persistent Bots (APBs)

APBs have one or more of the following abilities:

AdvancedMimic human behaviorLoad JavaScriptLoad external resourcesSupport cookiesBrowser automation (Selenium, PhantomJS)

PersistentDynamic IP rotationDistribute attacks across IP addressesHide behind anonymous and peer-to-peer proxies

2016 Distil Bad Bot Report

That Majority of Bad Bots Now Use Multiple IP Addresses

Bots which dynamically rotate IP addresses, or distribute attacks are significantly harder to detect and mitigate

Bots Mimic Human Behavior

39% of bots able to mimic human behavior

These bots will fly under the radar of most security tools

True or False?

You have good visibility and control over unwanted website traffic and transactions.

Poll Question

Web Scraping

CompetitorsContent Theft

Competitive IntelPrice Scraping

AggregatorsStart-ups

Unauthorized Middlemen

HackersContent for Fake Pages

Search EnginesGoogle

BingYahooBaidu

Who is behind Web Scraping?

What Kind of Data is Being Scraped?

Customer data

Pricing info

Editorial content

Incentive packages

ReviewsSEO strategies

Booking engine inputs

What Are Scrapers Doing with Your Travel Site?

Unauthorized user of contentScrapers steal your traffic and advertising dollars. Duplicative content and high bounce rates diminish your SEO

Undermining your prices Bots monitor your prices, ensuring competitors can undercut with lower price listings

Executing searches on your siteThe resulting API calls to third parties can cost you

Booking travel as unauthorized middlemenWhich can result in lost cross sell opportunities, customer disruptions, and poor user experiences

Add-on sales like upgrades, travel insurance, etc. result in an average of $20 to $40 of additional revenue per sale for airlines

When scrapers insert themselves in the sale as middlemen, the upsell/cross-sell opportunity moves to their businesses

Web scrapers and travel aggregators may also charge referral fees or ask for volume discounts from airlines or hotel chains

Scraping Causes a Loss of Upsell and Cross-sell Opportunities

Source: http://www.eyefortravel.com/mobile-and-technology/scraping-single-biggest-threat-travel-industry

Website Security & Online Fraud

Common hacking tools like network mappers and vulnerability scanners are automated programs

Once a victim’s network has been mapped, automated vulnerability scanning can be used to find security flaws that can be exploited

These bots let hackers scale their operations

Vulnerability Scanning and Target Exploitation

Bots Make Large Scale Account Takeover Possible

Over 1 billion usernames, passwords combinations exist in the wild

Bot operators create bots to test millions of username/password combinations from breaches at other websites to find the credentials that also work on your site

Newly compromised accounts are then used for various forms of fraud/theft including virtual currency theft like loyalty points/rewards

Skewed Analytics

Sophisticated Bots Increasingly Appear as Human in Analytic Data

53% of bots able to load external Assets (e.g. JavaScript)

These bots will skew marketing tools such as (Google Analytics, A/B testing, conversion tracking, etc.)

Skewed Analytics Leads to Misinformed Business Decisions

Inaccurate analytic data results in

Poor funnel analysis & optimization

Poor conversion rates

Inaccurate KPI tracking

Skewed look-to-book ratios

Difficulty in planning server expansion

The bad bot problems I'm most concerned about (check all that apply):

A. Web scrapingB. Transaction fraudC. Login attacksD. Skewed analyticsE. Poor customer experience

Poll Question

About easyJeteasyJet at a glance● Market cap of £4bn

● 800+ routes across 31 countries

● 257 Airbus aircraft

● 10,000+ employees, including 2,800 pilots and 6,500 cabin crew

● 73.1 million passengers in last 12 months

● 88% direct bookings

● Over 18.3m app downloads

● Industry leading API capabilityFigures from easyJet Annual Report 2016 http://corporate.easyjet.com/~/media/Files/E/Easyjet-Plc-V2/pdf/investors/result-center-investor/annual-report-2016.pdf

easyJet Distribution Charter

Applies to any third party using easyJet's data (e.g. fares, schedules, seating availability, etc.) for the purpose of displaying, advertising, booking or selling any easyJet product or service.

● easyJet data only provided through easyJet API ● Content access through approved contracted partners only● Partner must ensure the best possible customer service● easyJet collects passenger contact info for sole purpose of

disruption alerts● Partners must adhere to the easyJet brand guidelines● Customers must be provided with accurate, complete and

timely information● http://www.easyjet.com/en/business/distribution/charter

Distil’s technology combined with their Analyst Managed Service helps keep our site fast and responsive and ensures our customers - wherever they are booking - get our price and availability content through our approved API channels.”

Anthony Drury, Head of Business, easyJet

easyJet in partnership with Distil

easyJet Challenges Distil Results

Eliminate web scraping and ensure partners are adhering to easyJet’s distribution charter

Clear ROI on Distil Networks. No need to pursue legal action. Resource redeployment

Rogue scrapers impacting data quality and system optimization

Set the technical bar so high as to force all but the most aggressive scrapers to give up

Strengthen partnerships by creating a level playing field

Transparent pricing. Everyone is using the same data sets. Everything is booked instantaneously. No delays, no drag

“

Six year partnership with Distil

Extension of our internal team

Technology, people and process

Why did easyJet choose Distil?easyJet chose Distil after a rigorous RFP process, and an evaluation of six different vendors. Why?

ENTERPRISE-READY ACCURATE SECURE ANALYST MANAGED

Integrates with existing infrastructure (e.g. Akamai CDN)

Handles high traffic without slowing down human customers

Ingests feeds from easyJet fraud team to strengthen & customize defense

Proactive identification & updates (e.g. via machine learning, wisdom of the crowd, etc.)

Ability to respond to anyone that says they’ve been blocked

Complete visibility into false positives

Handles HTTP POST requests that contain customer data such as email addresses

Covers all channels (desktop web, mobile web, API, mobile app)

Proven solution

PCI DSS Level 1 Service Provider

Managed service by people with experience across dozens of deployments

24x7x365 human response

Best technology + best people = best-of-both solution

How easyJet uses Distil Analyst Managed Service

● Intelligent way to augment our existing team

● Test bookings and other auditing measures to track violators

● Proactive analysis and investigation into security data based on our objectives

● Outsourced daily bot analysis, detection and response

Distil Analyst Managed Service

www.distilnetworks.com/trial/Offer Ends: December 31st at 5PM

Two Months of Free Service + Traffic Analysis

Anthony Drury Rami EssaidCEO and Co-founderDirector, Head of Business

Send your questions to gene@tnooz.com

Replay and presentation available on tnooz.com

Thank you!