With over 9.7 million UK users, and still expanding its footprint in Australia and South Africa, ClearScore is the UK’s number one free credit score and financial product marketplace. Founded in 2015 with the mission to help users take control of their financial health, ClearScore is the industry leader in giving everybody access to their credit score and report for free, forever.
ClearScore uses consumers’ financial data at every step of their financial journey to ensure that they see the most relevant financial products and tips for their circumstances. The aim is to build consumer confidence of what’s going on with their finances and make the best decision for them.
But the company’s ambitious aim and an attractive amount of financial data at its disposal that was and still is attractive to criminals left ClearScore no choice but to seek out a robust solution to secure its platform.
As a growing FinTech company with a user base of over 12 million users in 3 countries, ClearScore market’s website and APIs are set up to run at a considerable scale. “We have the challenge of maintaining an excellent security posture while also maintaining high availability and keeping costs under control,” says Klaus Thorup, Chief Technology Officer, ClearScore.
He further adds, “As a brand, we have established a high level of trust with the consumer, and it is critical that we maintain this trust as we continue to scale and open in new markets.”
With the increase in botnet activity over the last 2 years (even before the outbreak of COVID-19), and the growing sophistication of the techniques being used in cyber-attacks against ClearScore’s systems, the company decided to seek out a solution that could provide real-time interventions to block these bad actors, while still allowing access to legitimate users. Therefore, the FinTech firm wanted a solution which went beyond simple rate-limiting and existing known bad IP address lists, and Netacea provided this solution.
Overcoming the challenges
“Challenges and risks frequently faced when implementing a new element into your technical ‘stack’. It can range from nervousness about making DNS changes, to unwillingness to add additional latency into the customer journey and everything in between.” says Andy Still, Chief Technology Officer, Netacea.
With the implementation of Netacea Bot Management, ClearScore was able to avoid these challenges as the service is implemented at the edge, via a CDN worker, and therefore no infrastructure changes were needed at all.
Reaping the benefits
ClearScore’s investment in implementing the solution from Netacea has had many benefits for the business.
Today, with Netacea’s research team providing regular feedback on the latest discoveries with emerging botnets, ClearScore can quickly pivot and focus on mitigating the botnets’ impact on its business operation. The team demonstrates how the detection process can and will minimize the effects of new techniques used by botnet developers.
“The solution implemented by Netacea has also improved our on-call team’s effectiveness by mitigating alert fatigue,” says Klaus. He further adds, “Previously the on-call team was using a set of tools to mitigate bot attacks that required frequent adjustments in order to block new types of malicious traffic.
Netacea’s machine learning-based solution automates this process to detect anomalies and block newly discovered bad traffic in real-time. This has resulted in a greater quality of service from our APIs. Netacea’s detection tools have reduced traffic to login pages by 14% average by mitigating bot traffic.”
ClearScore’s users are also benefiting from the solution. For most users, the layer of protection Netacea provides is completely transparent, and they can use the website and mobile apps seamlessly.
For the occasional user who is flagged up as suspicious, they can proceed onto viewing their ClearScore dashboard after passing a simple verification step which is not intrusive at all to the normal ClearScore user experience. This maintains ClearScore’s commitment to providing a frictionless service to the user that is clear, calm and easy to understand.