“Before DataDome, bots could hit us freely. Once they were blocked, they started changing tactics, but DataDome’s detection models evolve just as fast.”

Crédit Agricole Personal Finance & Mobility (CAPFM), a key player in consumer credit and mobility services in Europe, North Africa, and China, chose DataDome to secure its digital ecosystem against growing bot and AI-driven threats. Within months, CAPFM has cut malicious traffic by nearly 40%, restored clean and reliable analytics, and achieved complete autonomy in protecting targeted assets. Thanks to DataDome, the company now securely manages access for AI and LLM crawlers, balancing visibility and performance across all of its web assets.

The challenge: Protecting critical financial data from sophisticated scrapers

With numerous high-traffic websites and services covering loans, mobility, and customer portals, Crédit Agricole had become a target for automated scraper bots. These attacks would mainly come from competitors seeking to extract financial data (such as loan rates and offers).

“We knew that half of global web traffic was automated,” recalls Kilian Chiarelli, Cybersecurity Engineer at CAPFM. “And we saw that our most strategic sites were constantly being crawled. It was potentially hurting our site performance, and definitely skewing analytics.”

Over time, a new layer of complexity emerged: AI and LLM crawlers began flooding CAPFM’s sites, as generative models searched the web for fresh content. This traffic wasn’t necessarily malicious, but it came with its own set of new risks around data exposure, uncontrolled indexing, and infrastructure load. Managing which AI agents and LLMs could access CAPFM’s content and under what conditions quickly became a priority for the cybersecurity team.

Before turning to DataDome, CAPFM relied on manual WAF and firewall rules to limit traffic and create rate restrictions. While these measures were effective temporarily, they quickly became complex to maintain and ineffective.

“We had dozens of configuration files and rule sets to manage,” Kilian explains. “Each new bot pattern meant new manual adjustments. It worked, but it was time-consuming.”

Kilian’s team then sought a way to control how bots and AI agents interacted with CAPFM’s websites, without compromising accessibility or performance.

The solution: From rule-based defense to real-time, AI-powered protection

As the cybersecurity team was spending too much time maintaining firewall rules and tracking constantly evolving bot patterns, they began testing solutions dedicated to bot management and cyberfraud. “DataDome was the best fit,” says Kilian. “Thanks to clear documentation, we could set up everything ourselves, both client-side and server-side.”

In just a few weeks, testing led to the full deployment of the solution across all targeted access points and domains. From there, protection became both simpler and more scalable. From there, protection became both simpler and more scalable. DataDome’s Bot Protect automatically handles behavioral analysis of incoming traffic, freeing the security team from daily manual maintenance.

For Crédit Agricole Personal Finance & Mobility, value for money was important, as well as the expertise of the DataDome team, always one step ahead with its new developments. “The price is reasonable for everything the platform offers,” Kilian explains. “And we knew more features were on the way, like Account Protect, which would help us expand our coverage even further.”

The results: 40% less bot traffic, reliable data, & complete autonomy

Since implementing DataDome, CAPFM has seen a 30–40% decrease in bot traffic and scraping activity, resulting in more reliable data and improved performance across all of its websites.

“Our dashboards finally reflect real user activity,” Kilian explains. “That’s essential for us, both from a cybersecurity and business perspective.” Indeed, the team can now rely on its analytics and performance metrics, which directly support its digital strategy and customer experience initiatives.

DataDome’s automation has also reduced manual workload and given CAPFM complete independence in security configuration. “Firewall rule management used to take hours. Now, detection is automatic, and we can use that time to strengthen other areas of our security,” Kilian notes.

Faced with the growing presence of AI crawlers, CAPFM found another benefit to this collaboration: the granular control provided by DataDome allows Kilian to easily test and manage access for LLM and AI agents.

“We allow certain AI user agents to access our content, but only after observing their behavior for 30 days. If they stay within the boundaries we set, we allow them gradually. It’s a controlled, step-by-step process.”

On the user side, protection remains completely transparent. “Invisible CAPTCHAs make the experience seamless,” Kilian adds. “Users don’t even notice, and if they do, it’s solved in seconds.”

CAPFM is now expanding its use of the platform by testing Account Protect, reinforcing protection against account takeover and cyberfraud.

“Before DataDome, bots could hit us freely. Once they were blocked, they started changing tactics. But DataDome’s detection models evolve just as fast. And if we detect something new, the team responds fast. It’s a real partnership.”

Don’t let bots or AI crawlers distort your data or drain your resources. See what’s really behind your traffic with a free Vulnerability Scan and take back control.