Rafal Kukliński
, SVP, Engineering at SoundCloud

The Problem: Fraudulent Traffic Undermines Trust & Skews KPIs

“SoundCloud is all about interactions between creators and their fans, and one of my responsibilities is to make sure that all these interactions are real and can be trusted,” says Rafal Kukliński, SVP of Engineering at SoundCloud.

“In our case, fraud has many faces. It can be inauthentic plays of uploaded tracks, fake likes or follows skewing our recommendation algorithms, or offensive comments causing users to lose trust in the platform. All these factors can also impact our experimentation framework and business decisions, so it’s critical for us to eliminate fraud.”

The SoundCloud engineering team’s primary mission is to build features that empower artists and fans to connect and share through music. For everything that’s not directly related to music or user interactions, they prefer to build relationships with trusted partners.

“In the past, we built our own in-house models to detect and filter out traffic we perceived as potentially inauthentic,” Rafal explains. “But ad hoc work after an attack to try to understand what happened means that roadmaps are diverted, and valuable resources are devoted to research and mitigation of a problem that ultimately doesn’t generate any revenue.”

He adds: “Fraud is also a business on its own, and with the growth in online traffic and booming artificial intelligence and machine learning techniques, it’s becoming extremely specialized. To keep up, we would have needed to hire more and more people—it just doesn’t scale.”

The Solution: Accurate, Real-Time & Cost-Effective Bot Detection

When Rafal and his team started their search for anti-abuse partners, they were looking for solutions that could detect all the different dimensions of what they consider fraud.

“A lot of our services are running on AWS, so it was natural to include the AWS firewall as part of our multilayer approach,” Rafal explains. “But as the ultimate layer of protection against fraud, we wanted a specialized solution with the ability to accurately detect the most sophisticated fraud attempts, and in real time. Cost completed the triangle of values we were looking for.”

The team shortlisted several potential vendors and ran an offline evaluation of their detection accuracy on a dataset consisting of two weeks’ worth of traffic.

“In the end, it was an easy decision: DataDome was the clear winner,” Rafal says. “The solution delivered the best value for money with the most accurate detection at the lowest price, with minimal additional latency on both mobile and web-based apps. For creators and fans, it isn’t noticeable that anything is happening behind the scenes, which was very important for us.”

During the integration process, SoundCloud experienced a fraud attack on a specific endpoint that wasn’t yet included in the roadmap. The attack was generating significant financial losses and posing a serious reputational risk.

“We had to act fast, and decided to rush the integration of DataDome on this particular endpoint,” Rafal recalls. “In a very short time, the protection was set up and activated, and the fraud was stopped overnight. The attacks kept coming, but they were no longer effective. Problem solved! It was a great proof point that DataDome really would work for us.”

The Results: Trusted Interactions, Reliable KPIs, and Better UX

Fraudulent traffic is no longer a concern for SoundCloud. The multilayer protection keeps user interactions real and free from malicious interference, thereby acting as a force multiplier for the engineering team.

“Attacks are still happening, but we’re not affected by them anymore,” Rafal confirms. “Instead of fighting fake traffic, my team can focus on building functionalities for our customers, based on KPIs and data we can trust.”

Their anti-fraud efforts are also paying off in terms of user experience: “Creators and fans can trust the interactions they are having on the platform,” Rafal attests. “As a result, we’ve seen improved first-day experiences, with improved sign-ups, first likes, and fewer shady comments showing up.”

Every success story has a soundtrack, so in conclusion, we ask: What song or piece of music would be the theme of SoundCloud’s journey with AWS and DataDome, and why?

“I would choose the theme from Mission: Impossible,” Rafal smiles. “Fraud prevention is a fast-changing landscape with high stakes and many traps, and to succeed you need solid technology, fast decision-making, and good communication. And that’s exactly what our collaboration is like—it feels like we’re all part of one team.”