Segpay Defends Against Layer 7 DDoS Attacks, Cuts Infrastructure Costs, & Scales Securely with DataDome

The challenge: DDoS attacks & high volumes of disruptive bot traffic

For 20 years, Segpay has been at the forefront of payment processing, guaranteeing merchants secure and transparent transactions. Naturally, the company’s growth also brought increased challenges posed by bad bots. Segpay had to cope with high volumes of bot traffic, along with a sharp rise in DDoS attacks and targeted attempts to disrupt its services—one of which even came with a ransom letter. That’s why, at the time, the team led by Senior Systems Engineer, Kenny Nash turned to Cloudflare.

“Our priority has always been PCI DSS compliance, because we do credit card processing, so we focus on certain sets of requirements like OWASP and other techniques,” says Kenny. “We used Cloudflare early on to handle threats, but the growing sophistication of attacks started revealing gaps.”

Indeed, Segpay did a lot of IP blacklisting, which proved inefficient as attackers could easily switch IPs, and the risk of blocking legitimate users was too high. To strengthen their defenses, Kenny and his team engaged with another security vendor, but the solution presented limitations. “It allowed us to create custom rules for specific fraud patterns, but it was still too reactive,” Kenny explains. 

Furthermore, Segpay’s setup became increasingly complex. Each request had to pass through multiple layers of encryption and decryption as traffic flowed between Cloudflare, the security provider, load balancers, and servers. “The more we added, the more convoluted the system became. It was clear we needed something more effective and streamlined,” Kenny remembers.

The stakes were high: in the payment processing industry, downtime isn’t just an inconvenience, it can lead to significant revenue loss and damage client relationships. “If our platform went down, merchants would cascade traffic to backup billers. Getting them to return was a challenge and created extra work for our sales team,” Kenny explains. To cut through the noise, stop the attacks at the source, and regain control, Segpay turned to DataDome.

The solution: Bot Protect & DDoS Protect, with seamless Cloudflare integration 

One of the most important factors in choosing DataDome was its seamless integration with Cloudflare. Unlike previous solutions that required multiple encryption and decryption hops, DataDome fit directly into Segpay’s existing infrastructure. “We weren’t adding another DNS hop, which was a huge relief,” explains Kenny. “Cloudflare already decrypts the traffic, and DataDome analyzes it right there. No extra steps, no added complexity, just pure, efficient protection.”

Getting DataDome up and running was shockingly fast. The Segpay team prioritized their payment endpoints, as these were the most vulnerable to attacks. “We had numerous endpoints to secure, so we tackled them one at a time, starting with the high-risk ones,” Kenny remembers.

Everything went smoothly, thanks in part to DataDome’s support for Kenny’s team during the POC: “Brett and Barry felt like part of our own team,” Kenny says. “They were on top of every detail, meeting with us weekly to ensure a smooth rollout. Whenever we encountered an anomaly, they guided us with best practices to resolve it quickly.” 

One challenge Segpay faced was managing API calls within their web applications. While most of their traffic came from human users in browsers, some legitimate API-like calls triggered DataDome’s defenses, but the team quickly fine-tuned exceptions for these cases. 

The results: Reduced infrastructure costs, significant time savings, & peace of mind 

With DataDome fully deployed, Segpay finally had the airtight bot protection they had been searching for. The first and most significant improvement was the elimination of bot-driven traffic. Before DataDome, bots accounted for roughly 20% of Segpay’s total traffic, clogging their network, increasing operational burdens, and raising infrastructure costs. “That 20% of junk traffic is just gone,” says Kenny. “I go through the logs looking for false positives, and I can’t find any. The only cases that initially looked legitimate turned out to be very sophisticated hackers trying to bypass security, but DataDome caught them too!”

Beyond blocking bad bots, DataDome significantly reduced the workload on Segpay’s Web Application Firewall (WAF). “Within the first week, our WAF saw 60% less activity,” Kenny shares. 

With the drop in bot traffic also came a consequent reduction in the operational stress weighing on Segpay’s security team. Before DataDome, bot attacks were a constant source of anxiety for Kenny and his team. But those days are gone. 

“It’s not even a question anymore. If an attack happens, we just log in, check that everything is fine, and go back to what we were doing,” Kenny says. 

That peace of mind allows Segpay to focus on bigger projects. With new clients coming onboard, the company anticipates an increase in traffic. Previously, such a surge would have required a major infrastructure overhaul to handle both real and bot-generated traffic. But with DataDome eliminating the junk, Kenny is confident. “It’s like getting a clean playing field! It gives us a huge advantage as we scale.” 

At the end of the day, DataDome lived up to its name. “It truly creates a dome around our infrastructure, stopping all suspect traffic at the door,” Kenny says. He is also excited to expand Segpay’s defenses even further by adopting DataDome DDoS Protect, a product that will allow them to proactively defend against L7 DDoS before these attacks can impact business operations or disrupt customers. 

Find out if your domain and subdomains are safe from bad bots by taking our free Bot Vulnerability Assessment today.