Powered by Adobe Commerce 2.4.6

This extension is in our Payment category. Please remember that it is the merchant’s responsibility to ensure the proper PCI compliance level of their store, as applicable by PCI regulations. The PCI Self-Assessment is one tool you can use when evaluating Payment extensions and how they may affect your PCI compliance level. For more information on Marketplace policies, please review the Marketplace Terms & Conditions.

F5® Distributed Cloud Services



Back to top


Secure your Adobe Commerce store by leveraging F5’s proven approach to solving today’s most sophisticated cybersecurity and fraud challenges – empowering you to deliver exceptional and secure digital engagements. F5 Distributed Cloud Services support a wide variety of use cases for e-commerce businesses of any size to connect and secure distributed applications across public/private cloud and edge infrastructure while leveraging a single policy engine and management console. Unlike commoditized bot and fraud solutions that require extensive manual operation and introduce unnecessary friction for consumers, F5 Distributed Cloud Services for bot and fraud (Distributed Cloud Bot Defense, Account Protection, and Authentication Intelligence) provide Adobe Commerce applications ongoing and seamless protection against sophisticated attacks like account takeover, denial of inventory, credit card abuse, web scraping and more. Our no-friction approach mitigates the need for clunky multi-factor authentication or CAPTCHA – providing your customers optimal and secure digital experiences.    

F5 Distributed Cloud Services are trusted by leaders at the world’s largest banks, retailers, and airlines. Now you can protect your Adobe Commerce site against malicious bots, seamlessly authenticate users, and stop online fraud – enabling you to fully maximize your Adobe Commerce investment.  

Bot Defense blocks 99% of malicious automation at origin, protecting your Account Protection leverages a real-time, closed-loop AI fraud engine designed to predict if a transaction is risky or malicious, and Authentication Intelligence models good user behavior to help ensure safe user journeys.

Account & Pricing

F5 Account Creation


  • The extension is provided at no additional cost to Adobe Commerce customers.
  • Please contact acteam@f5.com for information about Distributed Cloud Services pricing and separate fees. Your designated F5 account manager will respond and be more than happy to address your questions about the solutions' benefits and costs.


The extension does not handle payments or other purchase transactions on Adobe Commerce's platform. The goal of F5 Distributed Cloud Services is to secure and defend your customers' transactions and data against fraud and malicious attacks while enhancing the customer experience.

Distributed Cloud Bot Defense 

Malicious bots can dramatically increase your costs, significantly slow down your site, frustrate customers, and critically damage your brand. Up to 90% of traffic flowing to e-commerce apps or websites is usually from unwanted bots. Now you can effortlessly remove unauthorized traffic to avoid attacks and improve customer experiences. 

Use Cases

Bot Defense protects Adobe Commerce websites from a range of attacks, including  

  • Account Takeover: Stops fraudsters from rapid-fire testing millions of stolen credentials against your login applications, eliminating fraudulent traffic before they have a chance to take over your customer’s accounts.  
  • Credential Stuffing: These attacks are accomplished by abusing digital interfaces and workflows such as login forms to gain unauthorized access to customer accounts. These attacks typically leverage automated tools and compromised credentials but often evolve to imitate human behavior or impersonate real customers.  
  • Denial of Inventory: Bot attacks often target online checkouts, where they add several products to the cart with the intent of depleting inventory, frustrating legitimate consumers and driving them to another retailer.  
  • Web Scraping: Product information and pricing is often a source of competitive advantage. Protect sensitive data by controlling how automated scrapers and aggregators harvest your website data.  
  • Fake Account Creation: Attackers relentlessly try to create fake accounts at scale using automated tools or sophisticated manual techniques. 
  • Gift Card Fraud: Using credentials spilled from other website breaches attackers hijack customer accounts and steal funds from gift cards. 
  • Credit Card Abuse: Using stolen credit card numbers, attackers will abuse the checkout function to test for valid credit card numbers, causing chargebacks and fraud losses to the retailer. Once validated they re-sell the credit card numbers on the dark web. 

With the highest real-world efficacy, Bot Defense uses JavaScript and API calls to collect telemetry and mitigate malicious users within the context of the Distributed Cloud global network. It guards against nefarious actors, protecting your customers, their digital experiences, and your business.  

Achieve highly effective protection against even the most sophisticated bots with our unparalleled analysis of devices and behavioral signals and gain the advantage of our network effect. Have confidence knowing your Adobe applications are protected by our adaptive platform that stays ahead of constantly retooling attackers. 


  • Highest efficacy, real-time bot mitigation. F5’s domain experts and data scientists continuously research attacker tools, behavioral and environmental signals, and utilize advanced machine learning to rapidly detect attacker retooling and deploy updated models to mitigate attacks in real-time.  
  • Easy deployment with pre-built connectors. Deployed easily with prebuilt connectors for CDN, Application Delivery Controllers (such as BIG-IP), e-commerce and application platforms, and F5 Distributed Cloud WAAP.   
  • Tamper-resistant code obfuscation and reverse engineering security protection. To prevent reverse engineering, code tampering, and to block attackers from breaking detection methods, F5 developed the first VM-based obfuscation in JavaScript for bytecode-level obfuscation and telemetry encryption. 
  • Protection for web, mobile and APIs. Attackers switch attack surfaces whenever they are blocked, going from web to mobile to APIs. Bot Defense protects each of these attack surfaces so you can provide secure experiences for customers wherever they interact.  

Key Benefits

  • Reduce fraud. Reduce fraud caused by credential stuffing, account takeover, scraping and inventory hoarding. 
  • Remove security friction. Mitigate bots and alleviate the need for security friction-CAPTCHA, account lockouts, and multifactor authentication – improving conversion and increasing revenue. 
  • Ease the security burden of fighting bots. Today’s sophisticated bots retool within minutes of detection. Eliminate the burden of constantly updating WAF rules with Bot Defense. 
  • Improve customer experiences. Prevent scrapings bots from slowing down your site and prevent them from hoarding the inventory that your customers want to buy. 

Find out how Q2 Uses Security Automation to Block 97% of Malicious Traffic with F5 Distributed Cloud Bot Defense

Distributed Cloud Account Protection 

Despite the arsenal of security and fraud defenses deployed, Account Takeover (ATO) fraud losses continue to rise, surpassing over $6B in total losses in 2020 and over 680,000 accounts pilfered by fraudsters. Organizations struggle to balance continuously retooled threats, pressure to reduce customer friction, surges in fraud cases to investigate, and staffing shortages. Mitigating account takeovers and preventing fraudsters from opening accounts are now easily achievable with Account Protection

Powered by a closed-loop AI engine and large-scale telemetry built on over a billion transactions per day, Account Protection monitors every transaction for signs of fraudulent activity across the entire customer journey – determining in real-time if the user’s intent is malicious. It identifies 2x more fraud than current solutions, with low false positives, and reduces MFA friction by up to 90% for legitimate consumers. 

Use Cases

Account Protection protects Adobe Commerce websites from a range of attacks, including: 

  • Online Fraud: The most sophisticated attackers will retool and adapt against all countermeasures, using techniques that leverage human behavior to evade detection. Stopping targeted, human-driven fraud requires adaptive, real-time detection of fraudulent activity across the entire user journey—without adding friction. 
  • Account Takeover: Account Protection monitors and detects the most subtle irregularities from the point of login across the user journey to stop account takeover and account opening that lead to fraud. 


  • Unified, secure telemetry. Determines user intent with advanced signal collection including user journey signals and behavioral and environmental insights, coupled with our global network of threat intelligence. 
  • Real-time fraud decisions. Powered by unique telemetry and adaptive machine learning models, the Account Protection Fraud Engine delivers real-time fraud decisions (Pass, Challenge, Review or Drop), as well as additional data elements for integration with existing fraud detection systems. 
  • High-efficacy, real-time fraud mitigation. F5’s domain experts and data scientists continuously research attacker tools, behavioral and environmental signals, and utilize advanced machine learning to rapidly detect attacker retooling and deploy updated models to mitigate attacks in real-time. 
  • Adaptive machine learning. Account Protection uses machine learning models to recognize fraud patterns and identify risky transactions, while minimizing false positives. Models are trained with insights from confirmed customer fraud files, telemetry, global threat intelligence, and human fraud expertise.  

Watch the video, Stop Online Fraud, to learn more. 

Key Benefits

  • Reduce fraud losses. Account Protection accurately identifies fraudulent activity in real-time across the entire journey – blocking fraud missed by existing tools. Its AI fraud engine, fueled with advanced signal collection and highly trained machine learning models, detects malicious intent, and stops fraud before it happens. 
  • Increase operational efficiency and reduce support costs. By blocking fraud in real-time there is no need to interpret scores or write and maintain rules – reducing workloads for fraud teams and overall support costs.  
  • Protect legitimate users. By accurately separating legitimate users from fraudsters, your customers will have low-friction experiences by mitigating burdensome MFA. 

Distributed Cloud Authentication Intelligence 

Proper identity verification is key to combating the spread of fraud – both online and off. Securely enable trust across the entire customer journey while reducing customer friction and abandonment with Authentication Intelligence.  

Authentication Intelligence rescues known, good consumers from the frustration of excessive logins and re-authentication, helping brands safely grow top-line revenue. Authentication Intelligence achieves this by accurately identifying, in real-time, returning consumers and other legitimate consumers through the power of deep analytics and the broad reach of the F5 network. With this insight, your web applications can dynamically reduce or eliminate login friction, capturing increased revenue while delivering frictionless experiences for legitimate customers and other returning consumers. Now, you can safely and silently re-authenticate known legitimate users to drive material conversion.  

Use Case

  • User Authentication. Truly effective user authentication requires balancing security and consumer convenience. To support risk-based authentication journeys, insights from across disparate security and fraud ecosystems must be properly assessed to discern legitimate users. Automatic and secure re-authentication with lower MFA friction should be the goal. 


  • Unified, secure telemetry. Our signal telemetry is diverse and unique and uses scalpel-like precision to identify devices and their environment, detect if a single device has multiple users, and track behavior. 
  • Proven obfuscation architecture at all layers. Attackers fear us because they can’t circumvent our unique, advanced obfuscation that adapts in real-time to stop manipulation analysis 
  • Networked fraud insights. Using a networked security approach and sophisticated AI fraud detection, devices are checked against a historical database of known fraud violators. 
  • Augmented ML and AI with humans in the loop at Web-Scale. Our data science team has unique tools, telemetry, and systems at their fingertips that allow them to operate at web-scale and leverage intel from billions of transactions they manage weekly. 

Find out how a Global Multinational Retailer Grows Revenue with Authentication Intelligence


  • Reduce friction for revenue-impacting events. Authentication Intelligence supports authentication flows that are continuous and adaptive with the aim of enabling frictionless and secure authentication – ensuring revenue opportunities are not disrupted. 
  • Increase ROI through lower support costs. Improve customer experience and reduce the number of support calls and tickets for failed authentication challenges. Leverage re-authentication to improve conversions and lower operating costs. 
  • Improve existing multifactor customer experiences. Instead of relying on knowledge-based verification questions, navigating email verification processes, or performing repeated out-of-band (OOB) one-time password (OTP) authentication requests, Authentication Intelligence performs transparent multifactor authentication (MFA) by verifying a transacting end-user with device identification information (such as mobile, laptop, or PC) in the context of a physical location (home, office, or datacenter) as an additional factor. Improve your customer experiences and increase topline revenue.


If you're interested in a trial or have any questions, please contact us at acteam@f5.com.

Technical Specifications

Back to top

Seller profile

F5, Inc.

Seller contact


Current Version


Adobe Commerce platform compatibility

Open Source (CE): 2.4 (current)

Commerce on prem (EE): 2.4 (current)

Commerce on Cloud (ECE): 2.4 (current)


Stable Build


24 January, 2023


Extensions, Payments & Security, Fraud

Quality Report

Back to top

Installation & Varnish Tests


Coding Standard


Plagiarism Check


Malware Check


Marketing Review


Manual Testing


All tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.

Release Notes

Back to top


  • Compatible with Open Source (CE) : 2.4
  • Compatible with Commerce on prem (EE) : 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.4
  • Stability: Stable Build
  • Description:

    Addressed bug fixes.


  • Compatible with Open Source (CE) : 2.4
  • Compatible with Commerce on prem (EE) : 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.4
  • Stability: Stable Build
  • Description:

    # Configuration updates
    # IP address source from custom header


  • Compatible with Open Source (CE) : 2.4
  • Compatible with Commerce on prem (EE) : 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.4
  • Stability: Stable Build
  • Description:

    Compatible with Open Source (CE) : 2.4
    Compatible with Commerce on prem (EE) : 2.4
    Compatible with Commerce on Cloud (ECE) : 2.4
    Stability: Stable Build
    Added Bot Defender service
    Added Account protection service
    Added Authentication Intelligence service


Back to top

The best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.

Contact Vendor

Q & A

Back to top


Back to top