Released new products to protect against more sophisticated threats.

DataDome CAPTCHA: Easy on Humans, Tough on Bots

Towards the end of 2022, we released DataDome CAPTCHA—the only user-friendly, 100% secure, and readily privacy-compliant CAPTCHA on the market. Our CAPTCHA sought to solve the main issues with traditional CAPTCHAs: easy to bypass, lack of user privacy, poor user experience, and lack of transparency. As of April 2023, 100% of DataDome customers are utilizing DataDome CAPTCHA to protect their businesses.

The DataDome CAPTCHA is integrated with our bot protection solution to weed out bad bots from the start and ensure as few real humans see the challenge as possible. Typically, only 1 in 10,000 human requests are challenged with a visible CAPTCHA. When a user is presented with DataDome CAPTCHA, they’re met with a simple-to-understand, quick-loading puzzle piece challenge. Our CAPTCHA loads in .09 seconds and only takes around 2.2 seconds to solve, compared to reCAPTCHA’s more than 20 seconds to pass (typically 30 seconds based on our measurements).

Device Check

Device Check became available for all DataDome customers in December 2023. Early access began in February 2023, open to select customers across different industries. These customers all had specific use cases where Device Check benefited them in two ways:

• Detection of highly sophisticated bots from the first request.
• Client-side validation that allowed for additional responses to tailor access based on each client.

Device Check is an improvement to the way DataDome tests potential threats, and is the first truly invisible challenge. It is particularly effective against distributed bot attacks, as it blocks them from the very first request without impacting the user experience (UX). Now, we are seeing over 11 million Device Check responses in a day—that’s 11 million bad bots stopped without damaging UX.

We look forward to seeing how Device Check helps our customers keep their users happy while stopping even more bots and fraudsters than before.

Early Access: Ad Fraud & Account Fraud Protection

We are working on ways to apply DataDome’s powerful, accurate detection to many more use cases, like ad fraud and account fraud. In 2023, we opened two early access (EA) programs for select customers to test these features.

Ad Fraud Prevention

Many customers are struggling with bad bots that drain their marketing budgets with fake ad clicks. That’s why DataDome introduced a new EA product to prevent this type of bot-driven ad fraud. Ad fraud prevention can identify and classify illegitimate automated traffic and, through meticulous monitoring, analyze attributes of the campaign—such as traffic source, time patterns, and user behavior. With our detailed ad reporting, these EA customers have gained valuable insights into the efficiency of their ad campaigns—by campaign—and are able to take steps to optimize their marketing ROI and ad spend.

The results have been stunning: multiple early customers were able to identify that significant ad spend (between 13% and 48%) was wasted on malicious bots and not real users, and that performance varied widely among different ad networks and campaigns—including Facebook, Google, TikTok, and more. With this information, DataDome was able to help them realize the potential to save millions of marketing dollars.

Account Fraud Protection

Account fraud has been a problem for online businesses for a long time and has continued to increase exponentially in the past few years due to automated bot-driven account takeovers (ATO), credential stuffing attacks, and fake account creation. This has resulted in significant financial damage from costly chargebacks, stolen stored value, credit card processing fees, and redemptions abuse.

DataDome introduced a user fraud solution to identify suspicious behavior, new account abuse, and accounts that have been taken over. It instantly assesses risk and enforces security policies that stop malicious activity and block requests. DataDome customers can now block malicious or anomalous account activity on first request in real time, and new customer identity signals for specific accounts, users, devices, and sessions can be monitored and tracked.

For example, one major retailer that struggled with massive fake account creations on their website to book in-store appointments used DataDome to stop these fraudulent requests from bad bots—which accounted for 75% of all appointment requests! This amounted to hundreds of thousands of fake bookings blocked, saving significant downstream disruptions and resources for the retail stores.

Like any major web property, we’re constantly trolled with password lists. Account takeover is a real risk, so it’s nice to get rid of that.

—VP of Engineering at a Leading US Travel Booking Site