Inside PayPal’s Strategy to Stop AI-Powered Bots & Reduce Fraud
None
<br><section is="bubble-deprecated-dualcontent" class=" overflow-hidden pt-8 pb-8 "> <div class=" not__containerized "> <!-- Section 1 --> <section class="component"> <div class="relative flex flex-col lg:flex-row-reverse items-center justify-center mx-auto w-full"> <div class="container relative z-20 flex flex-col w-full mb-6 text-2xl text-gray-700 lg:w-1/2 sm:items-center lg:items-start lg:mb-0"> <div class="content"> <p><span style="font-weight: 400;">Today’s bots are no longer just simple scripts. They use AI to mimic human behavior and adapt in real time, rotating IPs, simulating mouse movements, and even misclicking CAPTCHAs to slip past defenses. That’s why </span><a href="https://www.paypal.com/" rel="noopener nofollow"><span style="font-weight: 400;">PayPal</span></a><span style="font-weight: 400;">, a global fintech leader with over 400 million users, turned to DataDome to stop threats at the edge—before they reach critical systems—and stay ahead of AI-driven fraud.</span></p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwyXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> <div class="ai-rotate-option" style="visibility: hidden; position: absolute; top: 0; left: 0; width: 100%; height: 100%;" data-index="1" data-name="QVdTIEh1Yg==" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://devops.com/builder-community-hub/?ref=in-article-ad-1&utm_source=do&utm_medium=referral&utm_campaign=in-article-ad-1" target="_blank"><img src="https://devops.com/wp-content/uploads/2024/10/Gradient-1.png" alt="AWS Hub"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div> <p><strong>In our recent webinar with About Fraud, <span style="text-decoration: underline;"><a href="https://datadome.co/webinars/detect-bad-intent-early-to-stop-downstream-fraud/" rel="noopener">“Detect Bad Intent Early to Stop Downstream Fraud”</a></span></strong><span style="font-weight: 400;"><strong>,</strong> Dan Ayash, PayPal’s Director of Advanced Cybersecurity Solutions, shared how PayPal uses DataDome to clean traffic upstream before it causes problems for their fraud team later on. </span></p> <div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="1390147dc1c1f3819a00a053-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="1390147dc1c1f3819a00a053-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div> </div> </div> <div class="relative w-full rounded-lg md:w-3/4 lg:w-1/2 group"> <div class="relative overflow-hidden image-datadome-rounded group"><br> <a href="https://www.paypal.com/" rel="noopener noreferrer nofollow"> <picture class=""><source srcset="" sizes="(max-width: 400px) 600px, (max-width: 768px) 600px, 600px" type="image/webp"><br> <img loading="lazy" src="https://datadome.co/wp-content/uploads/2025/06/PayPal-homepage.png" data-src="https://datadome.co/wp-content/uploads/2025/06/PayPal-homepage.png" alt="Datadome" srcset="https://datadome.co/wp-content/uploads/2025/06/PayPal-homepage.png 2680w, https://datadome.co/wp-content/uploads/2025/06/PayPal-homepage-300x155.png 300w, https://datadome.co/wp-content/uploads/2025/06/PayPal-homepage-1024x530.png 1024w, https://datadome.co/wp-content/uploads/2025/06/PayPal-homepage-768x398.png 768w, https://datadome.co/wp-content/uploads/2025/06/PayPal-homepage-1536x796.png 1536w, https://datadome.co/wp-content/uploads/2025/06/PayPal-homepage-2048x1061.png 2048w" sizes="auto, (max-width: 400px) 600px, (max-width: 768px) 600px, 600px" decoding="async" class="z-10 object-cover w-full h-full " width="2680" height="1388" data-sal="fade" data-sal-delay="150" data-sal-duration="800" data-sal-easing="ease-out-quint" data- title="Inside PayPal’s Strategy to Stop AI-Powered Bots & Reduce Fraud"> </source></picture> </a> </div> </div> </div> </section></div> </section><section is="bubble-deprecated-quote" class=" overflow-hidden pt-8 pb-8 "> <div class=" not__containerized "> <div class="component"> <div class="top__svg"> <svg xmlns="http://www.w3.org/2000/svg" width="83" height="105" viewbox="0 0 83 105" fill="none"> <path d="M76.7819 66.1583C75.1983 63.8196 73.6781 62.3026 72.9813 61.6073C71.5139 60.1324 62.6564 54.6649 55.6782 44.4778C54.0735 42.1285 52.1521 39.3263 50.8114 35.6602C50.5369 34.9122 49.7451 33.5005 49.2278 30.8669C48.7738 28.7599 47.7604 24.999 47.0847 23.0185C43.7487 13.2211 34.4162 7.17417 27.4168 4.07694C18.211 -0.0105486 3.04016e-06 0.0105246 3.04016e-06 0.0105246L83 -7.62939e-06L83 105C83 93.3802 82.3349 79.7798 80.8463 74.9443C79.2733 69.835 76.7819 66.1689 76.7819 66.1689L76.7819 66.1583Z" fill="white"></path> </svg> </div> <div class="quote"> “To fight AI-driven bots, you have to understand what they’re trying to do, not just who they are. That is what DataDome helps us do.To fight AI-driven bots, you have to understand what they’re trying to do, not just who they are. That is what DataDome helps us do.” </div> <div class="author"> <div class="author_name">Dan Ayash</div> <div class="author_situation">Director, Advanced Cybersecurity Solutions at PayPal</div> </div> </div> </div> </section><div is="fusion-wysiwyg" class=" normal__dots "> <div class="component"> <div class="content"> <h2>The challenge: <strong>Blocking bots before they reach critical systems </strong></h2> <p><span style="font-weight: 400;">As attacks became more frequent and more evasive, PayPal’s internal defenses were seeing the strain. Fraudsters, who used to just flood known endpoints like login and checkout, were now testing every possible entry point, including registration flows and even low-value paths, to find weak spots.</span></p> <p><span style="font-weight: 400;">Dan Ayash knew that defending only the application layer was no longer sustainable. </span><i><span style="font-weight: 400;">“The sooner you block malicious traffic, the better your systems perform, and the less chances attackers have to adapt,”</span></i><span style="font-weight: 400;"> he explains. Dan then made a strategic decision: stop bots at the edge, as close to the adversary as possible. </span></p> <p><i><span style="font-weight: 400;">“We integrated DataDome at the CDN level, outside our infrastructure,”</span></i><span style="font-weight: 400;"> Dan explains. </span><i><span style="font-weight: 400;">“We wanted to be closer to the adversary so we could block the noise before it reached our systems.”</span></i></p> <p><span style="font-weight: 400;">This architectural change enabled Dan and his team to intercept and evaluate traffic at the edge, long before it hit the company’s core infrastructure, gaining visibility and control when threats are easier to detect.</span></p> <p><span style="font-weight: 400;">Automated upstream traffic filtering reduced the load on internal systems and made downstream models more effective. With less noise to analyze, detection accuracy improved, and legitimate users experienced fewer unnecessary challenges.</span></p> </div> </div> </div><div is="fusion-wysiwyg" class=" normal__dots "> <div class="component"> <div class="content"> <h2>The solution: <strong>AI-powered protection that adapts in real time </strong></h2> <p><span style="font-weight: 400;">Hackers are no longer content with launching brute force campaigns; they adapt their behavior and tactics in real time. </span></p> <p><i><span style="font-weight: 400;">“If ten years ago we saw thousands of IPs, now it’s millions,”</span></i><span style="font-weight: 400;"> says Dan. </span><i><span style="font-weight: 400;">“Attackers rotate IPs and change user-agent strings constantly. The protocol is stateless, and they use that to their advantage. Every request can look different.”</span></i></p> <p><span style="font-weight: 400;">At this level of sophistication, traditional bot detection, which asks “Is this traffic human or automated?” begins to show its limitations. That’s when Dan and his team realized the real question wasn’t who was behind the traffic, but what they were trying to do.</span></p> <p><span style="font-weight: 400;">Focusing on intent, not just identity, meant looking beyond static rules and signatures. It meant understanding behavior in context: Does this session resemble </span><a href="https://datadome.co/solutions/fake-accounts/" rel="noopener"><span style="font-weight: 400;">account validation</span></a><span style="font-weight: 400;">? Is this login attempt part of a larger credential stuffing pattern? Does this cart activity signal abuse or legitimate interest?</span></p> <p><span style="font-weight: 400;">DataDome’s real-time, </span><a href="https://datadome.co/ai-detection-engine/" rel="noopener"><span style="font-weight: 400;">AI-driven detection engine</span></a><span style="font-weight: 400;"> played a key role in answering those important questions. By analyzing traffic at the edge based on behavior and intent, Dan could make smarter, earlier decisions before threats reached sensitive endpoints.</span></p> <p><i><span style="font-weight: 400;">“When you clean the top of the funnel, every downstream layer gets smarter. They’re seeing clearer traffic and can better distinguish between legitimate and abusive behavior,”</span></i><span style="font-weight: 400;"> Dan says. </span><i><span style="font-weight: 400;">“That improves our visibility, helps our models learn faster, and reduces friction for real users.”</span></i></p> <p><span style="font-weight: 400;">One of the strengths of DataDome is its ability to probe intent silently by sending </span><a href="https://datadome.co/changelog/smarter-protection-less-friction-a-look-at-our-latest-datadome-product-updates/" rel="noopener"><span style="font-weight: 400;">background browser challenges</span></a><span style="font-weight: 400;"> from </span><a href="https://datadome.co/products/datadome-device-check/" rel="noopener"><span style="font-weight: 400;">Device Check</span></a><span style="font-weight: 400;"> and assessing how sophisticated the actor is. </span><i><span style="font-weight: 400;">“We can do that without introducing new friction, and that is a real advantage,” </span></i><span style="font-weight: 400;">Dan</span> <span style="font-weight: 400;">adds.</span></p> </div> </div> </div><div is="fusion-wysiwyg" class=" normal__dots "> <div class="component"> <div class="content"> <h2>The results: <strong>Security without sacrificing user experience</strong></h2> <p><span style="font-weight: 400;">At PayPal’s scale, </span><a href="https://datadome.co/products/bot-protection/" rel="noopener"><span style="font-weight: 400;">bot protection</span></a><span style="font-weight: 400;"> is only part of the story. The other half is maintaining user trust by ensuring that fraud detection doesn’t block legitimate transactions or create unnecessary friction. As a global provider of digital </span><a href="https://datadome.co/solutions/financial-services-industry/" rel="noopener"><span style="font-weight: 400;">financial services</span></a><span style="font-weight: 400;">, PayPal must secure every interaction and ensure a seamless experience for real users. </span></p> <p> </p> <p><span style="font-weight: 400;">Achieving this balance requires close coordination between the </span><a href="https://datadome.co/solutions/cybersecurity/" rel="noopener"><span style="font-weight: 400;">cybersecurity team</span></a><span style="font-weight: 400;">, which typically focuses on risk mitigation and early threat blocking, and the </span><a href="https://datadome.co/solutions/fraud/" rel="noopener"><span style="font-weight: 400;">fraud and business</span></a><span style="font-weight: 400;"> teams, which are equally attentive to conversions and customer impact. </span><i><span style="font-weight: 400;">“Fraud teams and cybersecurity teams speak different languages,”</span></i><span style="font-weight: 400;"> says Dan. </span><i><span style="font-weight: 400;">“It only works when we sit down, share data, and look at the outcomes together.”</span></i></p> <p> </p> <p><span style="font-weight: 400;">That’s why, for Dan and his team, DataDome has been evaluated on its ability to block attacks, but also on how it affects downstream systems and business performance. By filtering threats upstream, the platform streamlines the overall </span><a href="https://datadome.co/solutions/user-experience/" rel="noopener"><span style="font-weight: 400;">user experience.</span></a> <b>Cleaner traffic reaches core systems, fraud models work better, fewer genuine users get falsely challenged, and everyone is better equipped to do their job.</b></p> <p><span style="font-weight: 400;">There is also a measurable business benefit: reduced operating costs. By blocking unwanted traffic before it reaches PayPal’s infrastructure, the team lightens the load on internal systems and third-party services, lowering both infrastructure and vendor costs.</span></p> <p><i><span style="font-weight: 400;">“[Bots] are no longer overwhelming PayPal’s infrastructure, so costs are going down,”</span></i><span style="font-weight: 400;"> Dan notes.</span></p> </div> </div> </div><div is="fusion-wysiwyg" class=" normal__dots "> <div class="component"> <div class="content"> <h2><strong>Looking ahead: Agentic AI in the hands of fraudsters </strong></h2> <p><span style="font-weight: 400;">Fraudsters are already using AI to mimic human behavior and enhance their attacks—and the next phase is even more advanced: </span><a href="https://datadome.co/bot-management-protection/why-intent-based-detection-matters-in-the-age-of-ai-agents/" rel="noopener"><span style="font-weight: 400;">deploying AI agents</span></a><span style="font-weight: 400;"> to act autonomously on their behalf. Behind Dan’s forward-looking approach is a simple principle: to defend against agentic AI, where attackers adapt in real time and launch coordinated, autonomous attacks, you have to think like the ones building it.</span></p> <p><i><span style="font-weight: 400;">“You don’t need to become a developer,”</span></i><span style="font-weight: 400;"> said Dan. </span><i><span style="font-weight: 400;">“But you do need to understand how fraudsters use these tools. What would it take for AI to evade detection? How would it behave? Once you understand that, you’re in a much better position to defend against it.”</span></i></p> <p><span style="font-weight: 400;">This mindset is increasingly important as bad actors adopt the same tools as security teams, from automated MCPs to AI-based scripts. For Dan, the future of cybersecurity doesn’t lie solely in detection. It’s about anticipation.</span></p> <p><span style="font-weight: 400;">With DataDome, PayPal gets real-time analysis, intent-based detection, full visibility at the edge, and a great user experience. A smarter way to protect against smarter threats.</span></p> <p> </p> <p><b>Want to learn more about how PayPal stays ahead of AI-driven fraud?</b></p> <p><a href="https://datadome.co/webinars/detect-bad-intent-early-to-stop-downstream-fraud/" rel="noopener"><span style="font-weight: 400;">Watch the full webinar</span></a><span style="font-weight: 400;"> to learn how to detect bad intent early, stop fraud before it starts, and scale secure growth, without adding friction for real users.</span></p> <p><b>Curious how your defenses compare?</b></p> <p><span style="font-weight: 400;">If you’re wondering how your own website holds up against bots, try our </span><a href="https://datadome.co/signup/" rel="noopener"><span style="font-weight: 400;">Vulnerability Scan</span></a><span style="font-weight: 400;"> today, for free. </span></p> </div> </div> </div><div class="spu-placeholder" style="display:none"></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://datadome.co">DataDome</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Paige Tester">Paige Tester</a>. Read the original post at: <a href="https://datadome.co/customers-stories/paypal-s-strategy-to-stop-ai-powered-bots-reduce-fraud/">https://datadome.co/customers-stories/paypal-s-strategy-to-stop-ai-powered-bots-reduce-fraud/</a> </p>