Posts Tagged ‘Fraud Prevention’

IP Reputation and the Nationwide Bomb Threat Hoax

The bomb threat hoax from Thursday, December 13, 2018 was easily detectable as fraud.

There were several smoking guns that could have quickly identified the bomb threats as bogus. The leading indicator of fraud was the IP block from which the emails were sent. Emails associated with this bomb threat hoax were sent from the 194.58.x.x address range. This address range is well known in Internet security circles as malicious. IP reputation databases show this range was identified as fraudulent as early as March of 2015. Internet traffic originating from this range was commonly known to place fraudulent orders on e-commerce sites. This IP range was also seen often in fake reviews, instances of click fraud, and hacking attempts.

Further investigation of the 194.58.x.x address block shows with near perfect certainty the range was a manually banned, well-known public proxy. Said another way, this IP range was known to be among the worst of the worst, and clearly its originating messages should have been ignored.

Internet security professionals need to use IP reputation services to determine if an IP address is a proxy or VPN. Lookup tables with this information have existed for years. IP reputation services use machine learning and probability theory to infer a trust score on IP addresses. IP addresses with poor trust scores are behaving badly in an automated manner. Online merchants and video streaming services already utilize advanced mathematical and modern data science to identify malicious Internet addresses, and e-mail providers should too.

In the Internet of Things (IoT), with 11 billion smart devices connected, we can’t allow hospitals, schools, and emergency services to be distracted because of a dozen rogue devices like this. In life reputation matters, but on Thursday we let a few well-known bogus devices in Russia cause panic and fear.

We can do better — the data already exists.

Preventing Fraud Associated with the Freight Forwarding Industry

Service Objects is committed to fighting fraud and bad data wherever we see it. Through our APIs, best practices when handling sensitive data, or through recommendations on clients’ business logic, we are here to help enhance data quality and eliminate fraud.

A good example of the latter is educating our customers about how to avoid fraud losses. One way is by paying closer attention to orders using freight forwarders – which are legitimate services that are often misused by fraudsters. At the end of this post, you will find a free resource to make this easier: an extensive list of shipping and freight forwarders that you can use to help fight fraud when fulfilling orders.

What is a freight forwarder?

Freight and shipping forwarders arrange for the exporting and importing of goods. These companies often specialize in storage and shipping of goods on behalf of customers. In short, they help arrange for goods to get from point A to point B.

Are all freight forwarders associated with fraud?

Absolutely not! There are many reputable freight forwarders that do great work in coordinating the shipping of goods between consumers and sellers. When fraud is perpetrated, they are co-victims along with the seller. That being said, freight forwarders are often a go-to-tool for duping vendors and sellers into footing the bill for fraudulent purchases.

The typical process may go as follows:

  • A customer will place a large order, and ask that the product(s) be shipped through a specific freight forwarder.
  • The customer will offer to reimburse the seller for shipping through the freight forwarder – and normally wants the order shipped quickly, before the scam is discovered. (Money is no object for orders like these, because they are usually being placed with stolen or compromised payment methods.)
  • Often the fraudster will have set up a legitimate-looking website ahead of time to give the appearance of a legitimate and trustworthy business.
  • After the seller ships the goods and they are picked up by the fraudster, the payment for the shipping fee and the products itself usually falls through, leaving the seller to foot the bill for both the freight forwarder’s services and inventory loss.

How do I avoid fraud where freight forwarders are used?

Great question! One of the best and easiest ways to help mitigate this type of fraud as a seller of goods is to pay extra attention to orders using a freight forwarding company’s address. For PO’s like these, it would be smart to build in business logic for some extra vetting to ensure the purchaser’s legitimacy and help prevent fraud from the start.

That is why we are providing a list of all the freight forwarders we could find. We recommend using this list to detect matches between an order’s shipping address and a freight forwarder’s. To do this, run an order’s shipping address through our DOTS Address Validation – US service and use the BarcodeDigits field as a unique identifier for an address. If the BarcodeDigits address matches a freight forwarder’s address, the order should be flagged for some additional vetting to verify its authenticity.

Service Objects is committed to helping our clients avoid fraud however we can, and this list and the business logic is just one strategy that can make a real difference. If you need help setting up our address validation tools, please feel free to contact us, we are always happy to help.

Protecting Your Business from Ecommerce Fraud

Most ecommerce merchants learn the hard way; orders and registrations from fraudulent sources cause financial, merchandise, and time losses. With the rise of mobile ecommerce and the proliferation of high-profile data breaches, you’ll need the best information and tools available to combat fraud in your marketplace. The October 2017 Global Fraud Index reported a total of $57.8 billion in ecommerce fraud losses in eight major industries.

Ecommerce fraud continues to grow, and the best way to protect yourself is a good defense. Here are some of the most troubling fraud issues ecommerce merchants face, and how to limit your exposure.

Identity Theft

Identity theft is defined as the fraudulent acquisition and use of a person’s private identifying information, usually for financial gain. Financial identity theft through credit card fraud is what most people envision when they think of identity theft.

Identity thieves use a person’s identifying information, such as name and address, or an existing credit card to make a purchase on your website. Frequently, this data is acquired in a breach or skimming scam and sold on the black market before a victim even knows they’ve been compromised.

DOTS Order Validation can help identify if a user is who they claim to be by cross-checking the information provided at the point-of-sale, such as Ship To and Bill To address, phone number, and Banking Identification Number (BIN). IP address location is also compared to the billing and shipping addresses to determine if the order should be flagged.

Order Validation assigns individual quality scores to each input and a composite quality score to the overall transaction. You determine your quality score threshold, which is used to flag suspicious transactions for your team to review or reject.

Here are a few examples of transactions that might be flagged for additional review:

  • Phone number not matching the name and state on the order
  • Issuing bank (via BIN) in a different country than shipping address
  • IP location not close to shipping address

Your team can review and manage flagged transactions before the order is fulfilled.

Chargebacks

A chargeback occurs when a customer disputes a transaction and their payment is returned to their account. Sometimes this is referred to as “friendly fraud,” meaning it was a misunderstanding on the part of the consumer. Perhaps they didn’t read the fine print to see that they were signing up for a subscription with recurring fees, for example.

Frequently, chargebacks are caused by a fraudster either using stolen financial information to make a purchase or by lying and claiming they never received the product. Friendly or not, chargebacks cost your customer service team time, both interfacing with the customer and researching the issue.

Chargebacks are particularly nasty because you lose product, incur shipping costs, chargeback fees AND they hurt your standing with creditors over time. If your business reaches the high-risk threshold for your industry your processing rates will increase, or worse – your processor could drop you.

DOTS Order Validation can again flag risky transactions by cross-checking customer information and location elements through more than 200 proprietary tests, resulting in a quality score based on the validity of the information. Order Validation also provides a record of the order with all the information you need to argue a chargeback should one occur.

Order Validation also helps your customers correct typos in shipping info at the point of entry, so you can avoid chargebacks from misdelivered shipments and any related customer service headaches.

High Risk Cards

With the rising sales of prepaid credit cards and gift cards, the frequency of scams involving these cards has risen. There are many types of prepaid and gift card fraud, involving both the sale or loading of cards, and using prepaid or gift cards to make a purchase. High risk cards can cost you on either end of the transaction.

High risk cards can also hurt you if your product or service is offered on a payment plan. The first payment on a prepaid card might be approved, but subsequent payment transactions could return insufficient funds. Not only do you have product loss, you’ll incur additional costs attempting to collect the debt internally or settle for a fraction of the debt through a collections service, if you can collect at all.

DOTS BIN Validation uses the Bank Identification Number (BIN), comprised of the first six digits of a card number, to identify the issuing bank and card-type, including those higher risk prepaid and gift cards. Cross-referencing the BIN with user phone and address information can help you identify a high-risk transaction.

Your team creates protocol to manage these transactions, such as:

  • declining prepaid cards outright at point-of-sale
  • requesting a secondary form of payment in real-time
  • simply flagging the order for review before fulfillment

BIN Validation also provides the name and phone number of the issuing bank, so you can call to verify flagged transactions.

Validation services help your team stop wasting time identifying and troubleshooting fraudulent transactions, and spend more time managing transactions flagged as high-risk before they become a problem.

It’s increasingly important to protect your business from fraudulent transactions. Implementing an API can literally stop fraud before it even begins, right at the point of sale, and in real-time. Learn more about how Order Validation or BIN Validation can help you prevent fraud and enjoy the benefits of improved customer satisfaction and more efficient resource management.

Saving More of Your Labor this Labor Day

Labor Day is much more than the traditional end of summer in America: it pays tribute to the efforts of working people. It dates back well over a century, with one labor leader in the 1800s describing it as a day to honor those “who from rude nature have delved and carved all the grandeur we behold.” And we aren’t forgetting our friends in Europe and elsewhere, who celebrate workers as well with holidays such as May Day.

As we celebrate work and the labor movement – and enjoy a long holiday weekend – we wanted to take a look at some of the ways that we help you save labor, as you try to carve grandeur from your organization’s data. Here are some of the more important ones:

Validation and more. Let’s start with the big one. For nearly two decades, the main purpose of our existence has been to take the human effort out of cleaning, validating, appending, and rating the quality of your contact and lead data. Whether your needs involve marketing, customer service, compliance or fraud prevention, these tools save labor in two ways: first, by saving you and your organization from re-inventing the wheel or doing manual verification, and second, by saving you from the substantial human costs of bad data.

Ease of integration. What is the single worst data quality solution? The one that gets implemented badly, or not at all. One of the biggest things our customers praise us for is how easy it is to implement our tools, to work almost invisibly in their environment. We offer everything from API integration and web hooks with common platforms, all the way to programming-free batch interfaces for smaller or simpler environments – backed by clear documentation, free trial licenses and expert support.

Speed and reliability. As one customer put it, “milliseconds matter” – particularly in real-time applications where, for example, you are validating customer contact data as they are in the process of entering it. Our APIs are built for speed and reliability, with a longstanding 99.999% uptime and multiple failover servers, as well as sub-second response times for many services – so you don’t waste time tearing your hair out or troubleshooting responsiveness issues.

Better analytics. Your contact data is a business asset – put it to work as a tool to gain business insight for faster, more informed decision-making and market targeting. You can target leads by demographics or geocoding, enhance your leads with missing phone or contact information, or leverage your customer base for better decision support, among many other applications.

Customer support. We recently interviewed a major longtime customer about using our products, and when we asked them about support they gave us the highest compliment of all: “We never need to call you!” But those who do call know that our best-in-class support, staffed by caring, knowledgeable experts who are available 24/7/365, represents a large savings of time and effort for our clients.

We hope you enjoy this Labor Day holiday. And when you get back, contact one of our product experts for a friendly, pressure-free discussion about how we can create less labor for you and your organization!

 

Why Our Customers Love Data Quality

Every year, February 14th is a time when our thoughts turn to things like true love, flowers, chocolates … and data quality.

In fact, there is more in common between these things than you might think. If you look at the history of Valentine’s Day, St. Valentine’s intention was to protect his fellow man. In ancient Rome, St. Valentine accomplished this by secretly marrying couples so that the husbands would not have to go to war. This is how his name became synonymous with love and marriage. Along those lines, Service Objects tries to also help our fellow man– admittedly less romantically – by ensuring your data accuracy, automating regulatory compliance, and protecting you from fraud.

Nowadays, our customers love how our data quality solutions solve the following problems:

High quality contact data. When you communicate with your prospects or customers, the cost directly links to the accuracy and validity of your contact list. When you automate the quality of this contact data – often your biggest and most valuable data asset – the ROI will warm the hearts of the toughest CFOs.

Lead validation. Does she love me or does she not? Better to find out early in the relationship whether she gave you a fake email address, bad contact information, or is otherwise giving you the slip, with validation tools that check over 130 data points to give you a numerical rating of lead quality.

Delivery accuracy. Nothing will make your customers fall out of love with you quicker than misdirected deliveries – even though in the US alone, 40 million of them don’t help matters by changing their addresses every year, while many others mistype their address at the time they order. When you automatically verify these addresses against continually updated postal databases, you help ensure a good relationship.

Compliance strategies. When government regulators come calling, they aren’t bringing you flowers. New rules on consumer privacy in the US and Europe have changed the game of outbound marketing, including stiff financial penalties for non-compliance, and sales tax policies are constantly changing. Automated compliance verification tools can help prevent problems from happening in the first place, and also provide quantifiable proof of your efforts.

Fraud prevention. Cupid isn’t the only one aiming his arrows at you. Fraudsters are constantly trying to separate you from your inventory and money, particularly during your busiest periods. We can help with solutions ranging from address, BIN, email and IP validation to tools that provide you an overall order quality score, to help keep the bad guys out.

Finally, it turns out we have one other connection to St. Valentine. In Italy, he is still commemorated by a charm known as St. Valentine’s Key, which is supposed to unlock the hearts of lovers. We have a key for you as well: a free trial key to any of our API products, yours for the asking. Happy Valentine’s Day!

Improving Customer Satisfaction Through Data Quality

“Online retailers of all sizes are constantly under attack by sophisticated fraudsters. In fact, credit card fraud costs US online retailers an estimated $3.9 billion each year.” – Geoff Grow, Founder and CEO, Service Objects

At Service Objects, we know that data quality excellence is the key to helping retailers feel confident about improving delivery rates while reducing fraud associated with vacant addresses, PO boxes and commercial mail handlers. This, in turn, helps maintain higher customer satisfaction ratings among your legitimate customers.

This video, featuring Service Objects’ Founder and CEO, Geoff Grow, will show you tools you can use to improve the deliverability of your products and combat fraud. You will learn how to validate addresses against current USPS certified address data to prevent undeliverable and lost shipments, as well as how to validate a customer’s IP address against the billing and shipping information they provide, using data from over many authoritative data sources to stop fraud before it happens.

 

Mail Servers: Where in the world…?

We love data here at Service Objects. We are constantly working to expand and improve on our datasets to further innovate our product lineup. A big part of what makes our Email Validation (EV) service so good is the data that helps drive it. When communicating with a mail server in real-time to verify an email address it helps to know what kind of mail server it is dealing with and if it is trustworthy. Just because an email address is deliverable does not always mean that it is good.  For example, an email may be disposable, vulgar or worse yet, a spamtrap.

Our Email Validation service already keeps track of mail server behavior patterns for millions of domains, which allows us to identify and flag mail servers with malicious activity or servers that have a high association with malicious activity.  In addition to monitoring behavior patterns, we are now focusing on determining the geographic location of the email servers.

What benefits does identifying mail server location offer?

Email addresses can be sent and received from anywhere in the world. They are not anchored to one physical location, and at a glance, one cannot easily discern its geographic origin. Even email addresses with a country code for a Top Level Domain (TLD) can have a global presence and may have servers located in multiple countries.  Fortunately, mail server location data can be derived and aggregated from some of our other datasets. This allows our Email Validation service to better identify potentially malicious mail servers and flag servers from known geographic hot spots.

In addition to helping identify problematic email servers, mail server location data can provide additional insights and benefits. From a marketing and administration perspective, the mail server location data can be used to help identify and organize email addresses for a particular region. The location information can also be used to gain business insights about a company and its location(s). At Service Objects, we are using the additional information to further enhance some of our other services, such as Lead Validation.

Challenges to identifying mail server location information

There are a number of challenges to accurately identifying mail server location information. First, we are identifying the mail server locations of a domain, not attempting to identify where an email message was sent from. This would require more than just a simple email address. However, the location data can be used to help cross-check and verify the legitimacy of an email message. For example, an email message is received, and the headers say that the message was sent from Gmail.com. However, the server IP address in the header does not match any of the known Gmail mail server locations, so chances are the message was spoofed and that it is spam or part of a phishing scam.

Second, trying to identify all of the mail servers for a particular domain is not something that can be done quickly enough for a real-time service where end-users expect sub-second response times. Real-time communication with a mail server can often take several seconds, but trying to identify all the mail servers for a domain from around the world can sometimes take several minutes. For this reason, our DOTS Email Validation service does not include mail server location identification in its suite of real-time checks. Instead, the service relies on background systems that have already collected and identified mail server locations from around the world. This ensures that the service is not bogged down by slow processes and continues to respond normally. While mail server location identification may be too slow for a real-time check, it is a daily process that we perform to ensure our list of locations is up to date. The process is also quick enough that our background processes can routinely check for any new domains that we have not come across before and process them hourly.

Third, if a business has multiple locations, then a typical DNS lookup for a domain will just tell you which mail server(s) to connect to that are closest to your area, and not necessarily tell you about their other mail servers. DNS does this to help ensure that communication is quick and efficient, that way an end-user isn’t trying to communicate with a server on the other side of the country or potentially in a different nation entirely if it doesn’t have to. Part of what makes the location identification process “slow” is that we are looking for mail servers in every major region of the world, and not just in our own local areas.

What’s going on behind the scenes

While our email validation service will currently only display the location(s) of the mail server(s) in the notes of the output when it has been identified, it is doing a lot more with that data behind the scenes. Knowing the IP Addresses and locations of the mail servers means that we can perform cross-checks against more data points in other areas. Service Objects is extremely interested in fraud prevention, so we use this data to check for associations with known proxies, VPNs, bot services and other data points that have ties to malicious activity. The data allows us to check various data driven blacklists and white hat resources against more than a simple email address and domain.  Instead, we can pull back the curtain, so to speak, and dig deeper into the mail server(s) that run behind the scenes. All, while continuing and expanding our server behavior monitorization.

With the addition of this new data, we have added additional NoteCodes to the output from our DOTS Email Validation 3 service. Below is a list of the new notes codes and that have been added:

Code Description Example
11 Countries: The ISO2 country code for the country where the mail server(s) is located. If mail servers are found in more than one country, then all country ISO2 codes will be represented in a pipe-delimited list. JP
12 Region: The region in the country where the mail server(s) is located. The region is commonly returned as a two-character abbreviation. If mail servers are found in more than one region then the value will be a pipe-delimited list of the regions. OS|TY
13 Localities: The name of the locality where the mail sever(s) is located in. If mail servers are found in more than one locality then the value will be a pipe-delimited list of all the localities. Osaka|Tokyo
14 PostCodes: The post code of where the mail server(s) is located. If multiple post codes are found, then the value will be a pipe-delimited list. 543-0062|102-0082

 

For more information about terms for international addresses and locations please check out this previous blog post.

Unlike other NotesCodes where the corresponding NotesDescriptions value will be a human readable flag to describe the note code, the value will instead contain the list of locations found.

Get started testing DOTS Email Validation by downloading a real-time API trial key or sending is a sample list to run for you.

Your Business and The Holidays: A Christmas Carol

Christmas is, of course, a major religious holiday celebrated around the world. And also one of the busiest and most profitable times of year for your business. But do you know how it first got that way?

Many people credit author Charles Dickens and his story A Christmas Carol with helping Victorian England, and later the world, see Christmas as a time of gift-giving and family connection. His mid-1800s story focused on how a lonely miser, Ebenezer Scrooge, learned to avoid the fate of his partner’s eternal torment when the ghosts of Christmas Past, Christmas Present and Christmas Yet to Come taught him to focus on what really matters – other people.

With apologies to Dickens, we feel that the three ghosts of Christmas have a valuable modern-day lesson to teach us about creating a happy holiday season for everyone, in the middle of your biggest crunch time. (Fair warning: it involves data quality.)

  • First, the ghost of Christmas Past showed Scrooge what life was like once upon a time at the holidays, when employees were happy and the company took good care of everyone – before Scrooge eventually presided over a joyless, high-pressure workplace. Just like what happens when your own performance pressures put data quality on the back burner, something a recent executive survey showed as being a major concern.
  • Next, the ghost of Christmas Present warns Scrooge that unless he changes his priorities, his neglect of others will harm people like the humble Bob Crachit and his ailing son Tiny Tim – much like your business can ruin the holidays for your customers when bad contact data causes service failures.
  • Finally, the ghost of Christmas Yet to Come paints a grim picture of a world where Scrooge is dead and no one cares – the same way that people turn away from your business and never return when you don’t deliver what you promise.

What do these lessons have to do with your own holiday rush season? Everything.

You see, most people in most businesses focus on doing their individual jobs, like entering orders or shipping products. But what about the greater mission of making sure that everyone gets what they need from you, particularly at the holidays? Too often, that is someone else’s job. Which means it becomes no one’s job. And service failures, such as packages that never arrive or contact information that isn’t correct, just become a fact of life that gets tolerated by everyone.

The ghosts of Christmas taught Scrooge that he had to learn to care, or face the consequences. The same is true for you and your business at the holidays. And the best way to care for your customers – particularly when things are at their busiest – is to put processes in place that make sure the customer comes first.

At Service Objects, we help the holidays go smoothly with tools that range from simple address validation – fueled by up-to-date real-time data from the United States Postal Service and others – all the way to complete order verification capabilities that authenticate customers and guard against fraud. We can even append information such as phone numbers to your contact data, to help you keep in touch with people, or gain geographic and demographic insight that lets you serve people better in the future. All through automated processes that run seamlessly in your applications environment.

The lesson for Christmas, then and now? Don’t be a Scrooge. And let the holiday season be a time when your business shines for everyone.

Black Friday and Cyber Monday: Opportunity and Peril

Do you sell products online? If you do, you have a great opportunity in front of you. An opportunity to boost revenues, increase market share, and create visibility for your business. Or an equally great opportunity to drive away customers, damage your brand, and lose money to fraud.

This opportunity comes once a year, in the form of the Black Friday and Cyber Monday holiday shopping period. Using figures from Adobe Digital Insights, Fortune Magazine noted that Cyber Monday 2016 was the biggest online shopping day in US history, with sales of $3.45 billion – a jump of 12% from the previous year. The traditional post-Thanksgiving shopping day of Black Friday came in a close second, with $3.34 billion of online sales in 2016, putting it on track to eventually surpass Cyber Monday as shopping channels continue to blur.

The good news is that both Black Friday and Cyber Monday each represent more than three times the volume of a normal online shopping day. And beyond sheer sales volume, these holidays traditionally draw new or annual shoppers online – people who are openly searching with an intent to purchase, with a great opportunity to discover your brand and become long-term customers.

Unfortunately, it is also open season for fraudsters. Online e-commerce fraud increases sharply during the holiday season, with fraudulent transaction rates reaching a peak of 2.5% versus a normal rate of 1.6%, against an average transaction value in excess of $200. The rise of chip-enabled cards has pushed even more fraudulent activity online in recent years, with online fraud attempts rising by 31% between 2015 and 2016. And there are risks associated with your legitimate customers as well, where problems such as missed deliveries or incorrect contact information can lead to problems ranging from lost business to poor social media reviews – particularly in the spotlight of the holidays.

Here is a quick guide to making the most of your customer opportunities this holiday season:

Screen out the bad guys. Prevent fraudulent transactions by using multi-function order verification to check for things such as address validation, BIN validation, reverse phone lookup, email validation, and IP validation, returning a measure of order quality from 0 to 100 that you can use to flag potential problem orders before they ship.

Execute orders correctly. Use address validation to verify and correct shipping information against up-to-date USPS, Canada Post or international address data, to ensure every order goes to the right place on schedule.

Keep your contact data working for you. Did you know that 70% of contact data changes every year? Validating and correcting this data every time you use it in a campaign preserves this valuable contact information as a business asset.

Target your marketing. Validate the legitimacy of your marketing leads, and check for appropriate demographics such as income and geographic location, to make your outreach for the holidays as efficient as possible.

Thankfully automated data quality solutions that can be engineered right in your API, or run as convenient batch processes with your existing data, can make optimizing the value of your contact data a simple and cost-effective process. And in the process, make Black Friday and Cyber Monday a little less scary – and a lot more profitable.

Service Objects Launches Newly Redesigned Website

Service Objects is excited to announce that we have launched a newly redesigned website, www.serviceobjects.com. The redesign effort was undertaken to enhance the user experience and features a new graphical feel, enhanced content and improved technical functionality. Visitors can now more quickly find information on how Service Objects’ contact validation solutions solve a variety of challenges in global address validation, phone validation, email validation, eCommerce and lead validation. Free trial keys for all 23 data quality services can also be readily accessed.

As part of the launch, Service Objects also made significant updates to its data quality and contact validation blog, which contains hundreds of posts on topics such as fraud protection, address validation and verification, data quality best practices, eCommerce, marketing automation, CRM integration and much more. New content is published weekly and visitors can subscribe to have new content and updates sent to them directly.

“The recent launch of DOTS Address Validation International and DOTS Lead Validation International has firmly established Service Objects as the leader in global intelligence,” said Geoff Grow, CEO and Founder, Service Objects. “We redesigned our website to more prominently communicate Service Objects’ expertise in the global intelligence marketplace and continue to reinforce what is most important to our customers: in-depth developer resources, guaranteed system availability, 24/7/365 customer support and bank grade security.”

New features also include three ways to connect with our services: API integration, Cloud Connectors or sending us a list.  We hope you will take a look at our new website and blog and send us your feedback at marketing@serviceobjects.com.

Don’t Let Bad Data Scare You This Halloween

Most of us here in North America grew up trick-or-treating on Halloween. But did you know the history behind this day?

In early Celtic culture, the feast of All Hallows Eve (or Allhallowe’en) was a time of remembering the souls of the dead – and at a more practical level, preparing for the “death” of the harvest season and the winter to follow. People wore costumes representing the deceased, who by legend were back on earth to have a party or (depending upon cultural interpretation) cause trouble for one last night, and people gave them alms in the form of soul cakes – which evolved to today’s sweet treats – to sustain them.

So what were people preparing for in celebrating Halloween? Good data quality, of course. Back then, when your “data” consisted of the food you grew, people took precautions to protect it from bad things by taking the preventative measure of feeding the dead. Today, Halloween is a fun celebration that actually has some important parallels for managing your data assets. Here are just a few:

An automated process. The traditions of Halloween let people honor the dead and prepare for the harvest in a predictable, dependable way. Likewise, data quality ultimately revolves around automated tools that take the work – and risk – out of creating a smooth flow of business information.

Organizational buy-in. Unlike many other holidays, Halloween was a community celebration fueled by the collective efforts of everyone. Every household took part in providing alms and protecting the harvest. In much the same way, modern data governance efforts make sure that all of the touch points for your data – when it is entered, and when it is used – follow procedures to ensure clean, error free leads, contacts and e-commerce information.

Threat awareness. Halloween was designed to warn people away from the bad guys – for example, the bright glow of a Jack-o-lantern was meant to keep people away from the spirit trapped inside. Today, data quality tools like order and credit card BIN validation keep your business away from the modern-day ghouls that perpetrate fraud.

An ounce of prevention. This is the big one. Halloween represented a small offering to the dead designed to prevent greater harm. When it comes to your data, prevention is dramatically more cost- effective than dealing with the after-effects of bad data: this is an example of the 1-10-100 rule, where you can spend one dollar preventing data problems, ten dollars correcting them, or $100 dealing with the consequences of leaving them unchecked.

These costs range from the unwanted marketing costs of bad or fraudulent leads to the cost in lost products, market share and customer good will when you ship things to the wrong address. And this doesn’t even count some of the potentially big costs for compliance violations, such as the Telephone Consumer Protection Act (TCPA) for outbound telemarketing, the CAN-SPAM act for email marketing, sales and use tax mistakes, and more.

So now you know: once upon a time, people mitigated threats to their data by handing out baked goods to people in costumes. Now they simply call Service Objects, to implement low-cost solutions to “treat” their data with API-based and batch-process solutions. And just like Halloween, if you knock on our door we’ll give you a sample of any of our products for free! For smart data managers, it’s just the trick.

Baseball and Data Quality: America’s National Pastimes

By the time October rolls around, the top Major League baseball teams in the country are locked in combat, in the playoffs and then the World Series. And as teams take the field and managers sit in the dugout, everyone has one thing on their mind.

Data.

Honestly, I am not just using a cheap sports analogy here. Many people don’t realize that before my current career in data quality, I was a young pitcher with a 90+ MPH fastball. I eventually made it as far as the Triple-A level of the Pittsburgh Pirates organization. So I know a little bit about the game and how data plays into it. We really ARE thinking about data, almost every moment of the game.

One batter may have a history of struggling to hit a curve ball. Another has a good track record against left-handed pitching. Still another one tends to pull balls to the left when they are low in the strike zone. All of this has been captured as data. Have you noticed that position players shift their location for every new batter that comes to the plate? They are responding to data.

Long before there were even computers, baseball statisticians tracked everything about what happens in a game. Today, with real-time access to stats, and the ability to use data analytics tools against what is now a considerable pool of big data, baseball has become one of the world’s most data-driven sports. The game’s top managers are distinguished for what is on their laptops and tablets nowadays, every bit as much as for who is on their rosters.

And then there are the people watching the game who help pay for all of this – remember, baseball is fundamentally in the entertainment business. They are all about the data too.

A recent interview article with the CIO of the 2016 World Champion Chicago Cubs underscored how a successful baseball franchise leverages fan data at several levels: for example, tracking fan preferences for an optimal game experience, analyzing crowd flow to optimize the placement of concessions and restrooms, and preparing for a rush of merchandise orders in the wake of winning the World Series (although, as a lifelong Cubs fan, I realize that they’ve only had to do that once so far since 1908). For any major league team, every moment of the in-game experience – from how many hot dogs to prepare to the “walk up” music the organist plays when someone comes up to bat – is choreographed on the back of customer data.

Baseball has truly become a metaphor for how data has become one of the most valuable business assets for any organization – and for a competitive environment where data quality is now more important than ever. I couldn’t afford to pitch with bad data on opposing players, and you can’t afford to pursue bad marketing leads, ship products to wrong customer addresses, or accept fraudulent orders. Not if your competitors are paying closer attention to data quality than you are.

So, pun intended, here’s my pitch: look into the ROI of automating your own data quality, in areas such as marketing leads, contact data verification, fraud prevention, compliance, and more. Or better yet, leverage our demographic and contact enhancement databases for better and more profitable customer analytics. By engineering the best data quality tools right into your applications and processes, you can take your business results to a new level and knock it out of the park.

Service Objects New BIN Validation Operation Helps Retailers Fight Fraud

Here at Service Objects, we strive to improve our services to best meet our customers’ needs. Sometimes that means adding additional features and upgrades, tweaking an existing service and/or operation, leveraging new datasets, or adding an entirely new service. We take pride on being able to quickly and effectively respond to our customers’ feedback and requests.

Part of this response to client feedback has led us to develop a new operation upgrade for our DOTS BIN Validation service. It is called ValidateBIN_V2. This new feature represents the latest and greatest that our BIN Validation service has to offer.

DOTS BIN Validation service is used to help determine if a certain BIN (the first 6 digits of a credit card number) is valid or not — a crucial step in fighting fraud. BIN validation also helps merchants determine if a credit card number is for a debit card, credit card, gift card, or prepaid card. Likewise, the BIN number will identify the country of origin for the card, providing you with insight as to the validity of the transaction.

This new BIN operation upgrade builds on the previous operation, providing even further information about a BIN.

By design, and to ensure that we’re giving our customers quality information, the V1 BIN operation returns information about a BIN only if bank information can be found about it.

The ValidateBIN_V2 operation provides the same information as the V1 operation, but also functions slightly differently and provides additional information:

  • Instead of failing a BIN or providing an error response, ValidateBIN_V2 displays any information about a BIN that we can find.
  • The V2 operation upgrade will return a “Status” field indicating “OK” for BINs we were able to find or “Not Found” for BINs that we weren’t able to find or that don’t exist.
  • The V2 operation will return the same card type, sub type, bank, and country information that the old operation returned.

We’ve also added a few new fields to the new BIN operation that make it more helpful to the end user:

  • Warnings — This field returns warning codes and accompanying descriptions about those warnings. The current service will only return warnings if the bank information, card type or country information is missing for a BIN.
  • Notes— This field contains additional information. Based on the way we have set these fields up in our API, we can easily add new warnings and notes as we continue to improve our services.  These fields allow us to return useful information about a BIN without affecting the current output structure of the API.
  • Information Components — This field is set up in a way that allows us to future proof the ValidateBIN_V2 operation. If we need to add new fields, the Information Components field allows us to easily do so without altering the existing structure of the API.

If you are interested in testing our BIN Validation API, sign up for a free trial key today!

Is Your Shopping Cart Feeling Abandoned? Data Quality Can Help

Dating experts will tell you that people have more problems committing than ever before. And nowhere is this more evident than in your online shopping cart. According to Barriliance, a vendor of online shopping cart optimization tools, over three-quarters of people abandoned their carts in 2016, with specific figures ranging from 73% on desktops to over 85% on mobile phones.

Cart abandonment sounds like a term straight out of family therapy, but in reality it provides an important window on consumer behavior. Some factors for bailing out on a purchase may be unavoidable – for example, customers may window-shop on their phones to purchase something later, or become reluctant to purchase when they see high shipping charges or additional fees. But other factors are within your control, and these often revolve around data quality issues.

Here are some of the big ones:

Too much data entry. Your customer sees 20 ‘required’ fields to be completed to check out.  Instead, they abandon the cart due to too much ‘form friction’. For greater conversion, we want to reduce the amount of friction wherever possible to promote a fast and accurate checkout process. Autocomplete tools can help lessen the friction, and are generally considered accurate, as they are based on the individuals’ contact information. Whereas, address-suggestors should be used with caution, as they can present the user with multiple address matches close to their own.  This significantly increases the risk of the user accidentally selecting an incorrect but real address. This can also create increased confusion when credit card authorization fails due to mismatched address, further increasing cart abandonment. Regardless of the tool, Address validation should always take place after the customer uses autocomplete and/or address-suggestor, to reduce the risk that a wrong – but valid and deliverable – address gets used.

Computer literacy. Often your richest target markets struggle the most with ordering things online – and too often, throw up their hands if there are too many hardships to placing an order. This means that cart recovery often revolves around being able to reach out to a customer and help them complete the order.

By using phone validation and email validation tools, you can help ensure correct contact data is captured in the event that you need to call or email customers about incomplete orders, and hopefully convert some of these into completed ones. These contacts are generally very effective: for example, Business Insider cites figures from marketing automation firm Listrak showing that 40% of follow-up cart recovery emails are opened if sent within three hours.

Payment information. When people pay by credit card online, they are usually entering 16-20 digits, and typos and bad information can quickly kill valid orders. A Luhn check, a real-time, simple checksum formula designed to distinguish valid numbers from mistyped or otherwise incorrect numbers, can help ensure the credit card number entered at least meets the basic criteria.  You can also check the Bank identification number (BIN) to ensure correct credit card numbers, that have passed that Luhn algorithm, are legitimately issued by financial institutions even before trying to process the actual charge.  This provides the opportunity to engage the customer at the time of entry and allow for corrections.  As a bonus, BIN validation also helps screen out fraudulent payment information before you process the order and/or ship.

Keep It Simple. The design, layout and even language used for your cart make a difference too. Kissmetrics notes that buyers can be turned off by faux pas ranging from bad design, making people create an account, or the process is too complicated.  A simple, clean step-by-step guide can provide confidence for your shopper and increase your conversion rates as well.  When there is an error, do not overlook the power of strong and informative error messaging.  For example, if email validation returns a specific error, let the customer know the precise nature of the error and provide suggestions on how to fix it. A generic ‘error’ message is not enough.

Finally, there is one kind of cart that always should be left behind: people who are trying to place fraudulent orders. You can use bundled tools such as lead and order validation to perform real-time multi-point contact validation on US, Canadian and International leads, comparing data such as name, company, address, phone, email and device against hundreds of authoritative data sources. The results provide both an individual quality score for each data point and a composite quality score (0-100), to ensure that you are working with genuine and accurate leads.

Online order entry truly is a bit like dating. We can’t make everyone fall in love with us, or guarantee that they will make it all the way to the altar. But with the right kinds of tools, including building in data quality safeguards at the API level, we can boost our chances of success substantially. And that is something every online merchant can be in love with.

The Importance of Data Quality for International Ecommerce

In today’s era of online ecommerce, international sales represent a huge potential market for US vendors. According to research firm eMarketer, international sales represent three-quarters of a nearly US $2 trillion retail ecommerce market, nearly half of which comes from China alone. And much of this vast market is only a click away.

On the other hand, cross-border sales remain one of the greatest risks for fraud, with a rate that was more than twice that of domestic fraud through 2012, and despite recent improvements in data quality technology this rate is still 28% higher as of 2015. And one digital commerce site notes that while retailers are making progress at managing fraudulent transaction rates, they are doing so at the expense of turning away good customers – people who, in turn, may never patronize these sites again.

So how do you exploit a rich and growing potential market while mitigating your risk for fraud? The answer might surprise you. While nearly everyone preaches the importance of a fraud protection strategy for ecommerce, and suggestions abound in areas that range from credit card verification to IP geolocation, the head of ecommerce at industry giant LexisNexis points to one area above all: address verification.

In a recent interview with Multichannel Merchant, LexisNexis ecommerce chief Aaron Press points out that the biggest problem with international addresses is a lack of addressing standards between countries. “Postal codes have different formats, where you put the number, how the street is formatted. Normalizing all of that down to a set of parameters that can be published on an API is a huge challenge.”

This means that you need robust capabilities in any third-party solution that you choose to help verify international addresses. Some of the key things to look for include:

  • How many countries does the vendor support address formats for, and does this list include all of the countries where you do business?
  • Can the application handle multiple or nested municipality formats? For example, a customer may list the same location in Brazil correctly as Rio, Rio de Janeiro, Município do Rio de Janeiro – or even the sub-municipality of Guanabara Bay.
  • Will the application handle different spellings or translations for common areas? In the address above, for example, the country may be spelled as Brazil or Brasil. Likewise, the United Kingdom may also be referred to as England, British Isles, Karalyste, Birtaniya, United Kingdom of Great Britain and Northern Ireland, or even 英国 (Chinese for the United Kingdom, literally “England Kingdom”).
  • Can these capabilities can be implemented as an API within your ordering application? Or can it process addresses externally through batch processing?

In general, cross-border fraud prevention requires a multi-pronged effort involving all of the potential stress points in an international transaction, including international address verification, email validation, credit card BIN validation, IP address verification – even name validation, so you can flag orders addressed to Vladimir Putin or Homer Simpson. These are clearly capabilities that you outsource to a vendor, unless you happen to be sitting on hundreds of millions of global addresses and their country-specific formats. The good news is that in an era of inexpensive cloud-based applications, strong fraud protection is easily implemented nowadays as part of your normal order processing strategy.

How secure is your ‘Data at Rest’?

In a world where millions of customer and contact records are commonly stolen, how do you keep your data safe?  First, lock the door to your office.  Now you’re good, right?  Oh wait, you are still connected to the internet. Disconnect from the internet.  Now you’re good, right?  What if someone sneaks into the office and accesses your computer?  Unplug your computer completely.  You know what, while you are at it, pack your computer into some plain boxes to disguise it.   Oh wait, this is crazy, not very practical and only somewhat secure.

The point is, as we try to determine what kind of security we need, we also have to find a balance between functionality and security.  A lot of this depends on the type of data we are trying to protect.  Is it financial, healthcare, government related, or is it personal, like pictures from the last family camping trip.  All of these will have different requirements and many of them are our clients’ requirements. As a company dealing with such diverse clientele, Service Objects needs to be ready to handle data and keep it as secure as possible, in all the different states that digital data can exist.

So what are the states that digital data can exist in?  There are a number of states and understanding them should be considered when determining a data security strategy.  For the most part, the data exists in three states; Data in Motion/transit, Data at Rest/Endpoint and Data in Use and are defined as:

Data in Motion/transit

“…meaning it moves through the network to the outside world via email, instant messaging, peer-to-peer (P2P), FTP, or other communication mechanisms.” – http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf

Data at Rest/Endpoint

“data at rest, meaning it resides in files systems, distributed desktops and large centralized data stores, databases, or other storage centers” – http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf

“data at the endpoint, meaning it resides at network endpoints such as laptops, USB devices, external drives, CD/DVDs, archived tapes, MP3 players, iPhones, or other highly mobile devices” – http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf

Data in Use

“Data in use is an information technology term referring to active data which is stored in a non-persistent digital state typically in computer random access memory (RAM), CPU caches, or CPU registers. Data in use is used as a complement to the terms data in transit and data at rest which together define the three states of digital data.” – https://en.wikipedia.org/wiki/Data_in_use

How Service Objects balances functionality and security with respect to our clients’ data, which is at rest in our automated batch processing, is the focus of this discussion.  Our automated batch process consists of this basic flow:

  • Our client transfers a file to a file structure in our systems using our secure ftp. [This is an example of Data in Motion/Transit]
  • The file waits momentarily before an automated process picks it up. [This is an example of Data at Rest]
  • Once our system detects a new file; [The data is now in the state of Data in Use]
    • It opens and processes the file.
    • The results are written into an output file and saved to our secure ftp location.
  • Input and output files remain in the secure ftp location until client retrieves them. [Data at Rest]
  • Client retrieves the output file. [Data in Motion/Transit]
    • Client can immediately choose to delete all, some or no files as per their needs.
  • Five days after processing, if any files exist, the automated system encrypts (minimum 256 bit encryption) the files and moves them off of the secure ftp to another secure location. Any non-encrypted version is no longer present.  [Data at Rest and Data in Motion/Transit]
    • This delay gives clients time to retrieve the results.
  • 30 days after processing, the encrypted version is completely purged.
    • This provides a last chance, in the event of an error or emergency, to retrieve the data.

We encrypt files five days after processing but what is the strategy for keeping the files secure prior to the five day expiration?  First off, we determined that the five and 30 day rules were the best balance between functionality and security. But we also added flexibility to this.

If clients always picked up their files right when they were completed, we really wouldn’t need to think too much about security as the files sat on the secure ftp.  But this is real life, people get busy, they have long weekends, go on vacation, simply forget, whatever the reason, Service Objects couldn’t immediately encrypt and move the data.  If we did, clients would become frustrated trying to coordinate the retrieval of their data.  So we built in the five and 30 day rule but we also added the ability to change these grace periods and customize them to our clients’ needs.  This doesn’t prevent anyone from purging their data sooner than any predefined thresholds and in fact, we encourage it.

When we are setting up the automated batch process for a client, we look at the type of data coming in, and if appropriate, we suggest to the client that they may want to send the file to us encrypted. For many companies this is standard practice.  Whenever we see any data that could be deemed sensitive, we let our client know.

When it is established that files need to be encrypted at rest, we use industry standard encryption/decryption methods.  When a file comes in and processing begins, the data is now in use, so the file is decrypted.  After processing, any decrypted file is purged and what remains is the encrypted version of the input and output files.

Not all clients are concerned or require this level of security but Service Objects treats all data the same, with the utmost care and the highest levels of security reasonable.  We simply take no chances and always encourage strong data security.

Launching a New Ecommerce Site? Don’t Forget Data Quality Tools

Online commerce is huge nowadays – to the tune of over $400 billion dollars a year in the United States alone in 2017, at a growth rate up to three times that of retail in general. Barriers to entry are lower than ever, ecommerce platforms have become simpler to use and less expensive than ever, and the convenience of e-commerce has grown to encompass businesses of every size. Above all, purchasing goods online has become ubiquitous among today’s consumers.

Whether you are looking to launch a simple shopping cart using platforms like WordPress’ WooCommerce, Shopify or Magento, or an enterprise solution like Microsoft’s Commerce Server or IBM’s WebSphere Commerce, it can still be a minefield for the uninitiated. Here are some of the risks that every online seller takes every day:

Fraud. Filling orders from fraudulent sources costs you both revenue and time – and according to Javelin Research, identity fraud alone totals over $18 billion per year in the US. And the bad guys particularly love to target novice sellers.

Fulfillment. Every online order starts a chain of activities – from billing to shipment – that depend on the quality of your contact data. Credit card processing often requires accurate address data, and one misdirected shipment can wipe out the profit margin of many other sales – not to mention the reputational damage it can do.

Marketing. According to the Harvard Business Review, the cost of acquiring a new customer ranges from 5 to 25 times the cost of selling to an existing customer. This means that your contact database is the key to follow-on sales, brand awareness and long-term profitability. Which also means that bad contact data – and the rate at which this contact data decays– cuts straight to your bottom line.

Tax issues. Did you know that tax rates can vary from one side of a street to the other? Or that some states have passed or are considering an “internet tax” out-of-state sellers? Tax compliance, and avoiding the penalties that come with incorrect sales tax rates, is a fact of life for any online business.

The common denominator between each of these issues? Data quality. And thankfully, these problems can all be mitigated inexpensively nowadays, with tools that fit right in with your current contact management strategy. Some of the solutions available today from Service Objects include:

  • A suite of tools for fraud prevention, including address, email and telephone verification, lead validation that scores prospects on a scale of 0-100, credit card validation, and IP address validation – so you know when an order for a customer in Utah is placed from Uzbekistan.
  • Shipping address validation tools that verify addresses against up-to-date real-time data from the USPS and Canada Post, to make sure your products go to the right place every time.
  • Email verification capabilities that perform over 50 tests, including auto-correcting common domain errors and yielding an overall quality score – improving your marketing effectiveness AND preventing your mail servers from being blacklisted.
  • Real-time tax rate assessment that validates your addresses, and then provides accurate sales and use tax rates at any jurisdictional level.

Each of these capabilities are available in several convenient formats, ranging from APIs for your applications to batch processing of contact lists. Whichever form you choose, automated data tools can quickly make the most common problems of online commerce a thing of the past.

The Path to Data Quality Excellence

“In the era of big data and software as a service, we are witnessing a major industry transformation. In order to stay competitive, businesses have reduced the time it takes to deploy a new application from months to minutes.” – Geoff Grow, Founder and CEO, Service Objects

The big data revolution has ushered in a major change in the way we develop software, with applications webified and big data tools woven in. Until recently data quality tools that ensure data is genuine have not kept pace. As a result, developers have had little choice but to leave out data validation in their applications.

In this video, Geoff will show you why data validation is critical to reducing waste, identifying fraud, and maximizing operation efficiency – and how on-demand tools are the best way to ensure that this data is genuine, accurate, and up-to-date. If you develop applications with IP connectivity, watch this video and discover what 2,400 other organizations have learned about building data quality right into their software.

Looking Beyond Simple Blacklists to Identify Malicious IP Addresses

Using a blacklist to block malicious users and bots that would cause you aggravation and harm is one of the most common and oldest methods around (according to Wikipedia the first DNS based blacklist was introduced in 1997).

There are various types of blacklists available. Blacklists exist for IP addresses, domains, email addresses and user names. The majority of the time these lists will concentrate on identifying known spammers. Other lists will serve a more specific purpose, such as IP lists that help identify known proxies, TORs and VPNs or email lists of known honey pots or lists of disposable domains.

There are many different types of malicious activity that occur on the internet and there are various types of lists out there to help identify and prevent it; however, there are also various problems with lists.

The problem with Lists:

In order to first identify a malicious activity with a list, the malicious activity must first occur and then be reported and propagated. It is not uncommon for the malicious activity to stop by the time it has been reported and propagated. Not all malicious activities are reported. If you encounter the malicious activity before it is reported then you won’t be able to preemptively act on it.

IPs, Domains, Email Addresses and Usernames are dynamic and disposable. If a malicious user/bot gets blocked then they can easily switch to a different IP, domain etc.

Some lists offer warnings that blocking an IP address could affect thousands of users who depend on it in order to obtain crucial information that they would otherwise not have access to. So block responsibly.

Aggregating data to more effectively identify malicious activity:

Instead of looking at one list to perform a simple straightforward lookup, we can take advantage of multiple datasets to uncover patterns and relationships between seemingly disparate values. A simple example would be, relating user names to email addresses, email addresses to domains and domains to IP addresses, which allows us to view the activity of one value and compare it to behavior of other values. Using complex algorithms with machine learning to process large samples of data we can intelligently discern if a value is directly or indirectly related to a malicious activity.

How Service Objects keeps it simple for the user:

The DOTS IP Address Validation service currently has two flags to help its user deal with malicious IPs, ‘MaliciousIP’ and ‘PotentiallyMaliciousIP’. The ‘MaliciousIP’ flag indicates that the IP address recently displayed malicious activity and should be treated as such. The ‘PotentiallyMaliciousIP’’ flag indicates that the IP address recently displayed one or more strong relationships to a malicious activity and that it has a high likelihood of being malicious. Both flags should be treated as warnings with the ‘MalciousIP’ flag being scrutinized more severely.

The warning signs of online fraud are out there, but you need a means of discovering them. Our IP Validation service encompasses many of the identification strategies necessary to make split second decisions on would be attackers before any harm is done.

Fighting Fraud with Big Data

Fraud comes in many forms whether through misrepresentation, concealment or intent to deceive. Traditional methods of identifying and fighting fraud have relied on data analysis to detect anomalies which signal a fraud event has taken place. Detecting anomalies falls into two categories; known and unknown.

Known Fraud Schemes

Known fraud schemes can be easy to identify. They have been committed in the past and thus recognizably fit a pattern. Common known fraud schemes over the web include purchase fraud, internet marketing, and retail fraud. Methods to identify patterns for these types of fraud include tracking user activity, location, and behavior. One example for tracking location might be through IP, determining whether a user is concealing their identity, or is executing a transaction from a high-risk international location. A correlation can be made based on location if it is determined to be High Risk. Another case for location tracking is a physical address. In the past, fraudsters have used unoccupied addresses to accept delivered goods purchased through online and retail stores. Identifying an unoccupied address through DOTS Address Validation DPV notes provides real-time notification of vacant addresses which can be considered a red flag.

Identifying the Unknown

Unknown fraud schemes, on the other hand, are much more difficult to identify. They do not fall into known patterns making detection more challenging. This is starting to change with the paradigm shift from reactive to proactive fraud detection made possible through Big Data technologies. With Big Data, the viewpoint becomes much larger, analyzing each individual event vs sampling random events to attempt to identify an anomaly.

So What is Big Data?

Big Data is generally defined as datasets which are larger or more complex than traditional data processing applications ability to handle them. Big Data can be described by the following characteristics: Volume, Variety, Velocity, Variability, and Veracity.

Volume: The quantity of generated and stored data.

Variety: The type and nature of the data.

Velocity: The speed at which data is generated and processed.

Variability: Inconsistency of the data set.

Veracity: The quality of captured data varies.

Tackling Big Data

With the advent of distributed computing tools such as Hadoop, wrangling these datasets into manageable workloads has become a reality. Spreading the workload across a cluster of nodes provides the throughput and storage space necessary to process such large datasets within an acceptable timeframe. Cloud hosting providers such as Amazon provide an affordable means to provision an already configured cluster; perform data processing tasks, and immediately shut down, reducing infrastructure costs and leveraging the vast hardware resources available through Amazon’s network.

Service Objects Joins the Fight

More recently, Service Objects has been employing Big Data techniques to mine through datasets in the hundreds of terabytes range, collecting information and analyzing results to improve fraud detection in our various services. This ambitious project will provide an industry leading advantage in the sheer amount of data collected, validating identity, location and a host of attributes for businesses. Stay tuned for more updates about this exciting project.

Validating Online Transactions Plays Key Role as Cyber Monday Sets US Online Sales Record

Cyber Monday shattered previous online sales records and set a new all-time high, with consumers opening their wallets and spending $3.45 billion, marking a 12.1% jump over last year’s figure and earning its place in retail history.

The data, compiled by Adobe Digital Insights, surpassed initial estimates and dismissed fears that consumer shopping during the Thanksgiving weekend would hurt sales on Cyber Monday, which is historically the busiest day of the year for internet shopping. Adobe’s data measured 80 percent of all online transactions from the top 100 U.S. retailers.

The record-breaking online shopping put retailers’ data quality at the top of their priority list. Many smart retailers turned to Service Objects to help them make informed decisions about their customers, relying on Service Objects to validate over 1 million of their online transactions on Cyber Monday.

An increase in order volume impacts everything from a store’s inventory levels to brand reputation. By implementing data quality solutions like the ones Service Objects offers allows retailers to:

  • Greatly reduce the number of fraudulent orders by validating that a consumer is really who they say they are;
  • Ensure customers’ orders are delivered to the correct location, heading off customer service nightmares and stopping harmful customer horror stories from going viral on social media;
  • Save significant money by eliminating bad or incorrect address data and increase the percentage of successful package deliveries;
  • Eliminate the headache of dealing with credit card chargebacks caused by missed shipments; and
  • Gain a competitive advantage over the competition and increase customer loyalty.

Using a data quality solution is fundamental to turning your customer data into a strategic asset. Read more about the different business challenges that data quality can solve.

Using Geolocation Technology to Fight Fraud

Good news – someone wants to place a large online order for one of your company’s products, shipped to their business in the United States. But in reality, this person is a scammer from some boiler room halfway around the world. They are using a spoofed phone number, an address for an anonymous drop shipment point, and a stolen credit card number that will eventually get charged back to you.

Fraudsters can leverage the anonymity of the web to do everything from transferring money to purchasing valuable goods for resale on the black market. And the growth of online commerce and card-not-present (CNP) transactions has fueled online fraud as a lucrative industry. According to an annual report from CyberSource, as of 2016 companies lose nearly one percent (0.8%) of their revenues to fraud. It occurs almost equally across companies of all sizes, and 83% of them conduct manual reviews of orders to try and combat this fraud.

It is this latter area – manual verification – that often becomes a tough choice for businesses. Do you tighten up your screening process, and risk rejecting valid orders and losing customers? Or do you become more of an easy target for criminals? Either way, this manual verification, which can take several minutes per transaction checked, represents a substantial cost on top of any losses or chargebacks you endure because of fraud.

One of the key criteria for fraudulent transactions is the location of the purchaser. Common red flags for problem transactions can include.

  • A purchaser whose IP address is far from their delivery address – for example, someone in Asia orders something to be shipped to a business in Indiana
  • Anonymous or so-called “dark web” IP addresses designed to mask the user’s location, including proxy servers and virtual private networks (VPNs)
  • Orders from multiple locations over a short period of time

On the other hand, simple screening criteria such as rejecting orders from VPNs, proxy servers and distant locations are blunt instruments that can exclude legitimate customers, such as people traveling on business. Moreover, manual verification of these orders represents a substantial transactional cost that affects your organization’s margins.

This is where automated geolocation tools can make a real difference in fraud prevention. Using continually updated databases, and often working as an API directly from your web processes, these tools can automatically validate and cross-reference criteria such as mailing addresses, phone numbers and IP addresses for legitimacy. They can also validate the credit card itself, by using BIN number validation. More important, bundled tools for lead or order generation can perform multi-function verifications using composite criteria, returning a 0-100 quality score on the overall validity and authenticity of the customer.

Held up against the financial, merchandise and time losses associated with fraud, not to mention the potential loss of goodwill and market share among existing customers, automated geolocation tools can be an extremely cost-effective solution for a universal problem among businesses. Unfortunately fraud will always be with us, thanks to human nature, and these tools help you and your business stay one step ahead of the problem.

Protecting Yourself from High Risk IP Fraud

With the holiday season upon us, online sales surge with customers seeking to place orders with retailers. But not all orders, form submissions, and lead generation efforts are legitimate. Building fraud identification systems which can properly identify cases that are illegitimate can range from simple to complex, with the latter using such methods as tracking user behavior and performing complex authentication methods. Most, if not all, fraud identification strategies incorporate a fundamental step in identifying fraud which is through IP Validation.

IP Validation identifies the origin of an IP which is crucial for assessing whether an IP is legitimate or is considered High Risk. An IP is categorized as High Risk based on multiple factors including whether the IP origin is from a TOR Network exit node, behind an Anonymous/Elite proxy, has been blacklisted for suspicious/spam activity, or whether the IP origin is in a country that is considered High Risk for fraudulent activity.

Anonymous Proxies

A typical http request includes necessary header information which describes the origin of the request to return information to. Requests which emanate from an anonymous proxy hide the origin IP and only include the proxy IP. Anonymous proxies are available through either SOCKS or HTTP protocol. HTTP protocol is used for general HTTP/HTTPS requests as well as FTP in some cases, while SOCKS proxy provides support for any type of network protocol.

TOR Network

While detecting whether an http request was issued from behind a proxy may be detectable based on header information, this is not the case with a request emanating from a TOR client. TOR networks route requests through a series of participating nodes anonymizing where the origin of the request came from.

VPN Service

VPN or Virtual Private Network offers another method for fraudsters to conceal their identity. A VPN service provides a secure tunnel for users to connect to another host machine and execute requests appearing as though the requests are emanating from the VPN host machine.   VPN adds the additional security of encrypting traffic between the user and VPN host.

IP Blacklist

IP Reputation services and DNS-based blacklists track and monitor suspicious and spamming activities. Users which violate website /domain owner’s terms of service can have their IP blacklisted which terminates future activity from that IP. Website owners will check their own provided IP to ensure their website has not been used in spamming attacks or suspicious activities which could restrict their ability to operate. Accepting messages from an IP which has been blacklisted should be considered high risk.

BotNet

A Botnet is another method fraudsters can use to conceal identity. A botnet is a network of machines that are under control by the attacker. Hackers frequently use botnets for large scale attacks where a high number of concurrent requests are issued to take down a system. Botnets can originate from any network connected device. This was evidenced by a recent attack on a major DNS system provider which was executed by a network of connected home devices.

How to Protect Yourself

With all of the different methods of concealing identity available to fraudsters, the picture becomes much larger of the task to thwart would-be thieves from disrupting your systems. Thankfully DOTS IP Validation encompasses many of the identification strategies necessary to make split second decisions on would be attackers before any harm is done. From IP origin to Proxy/ TOR node detection, DOTS IP Validation has you covered.

Real-Time Email Validation and Your Sales Process

Have you ever been to gamil.com? Or gmial.com? Or gmali.com? Well, many of your prospects and customers have, without even knowing it. These are just a few of the misspellings of “Gmail” alone that pop up regularly when people enter their email addresses on your squeeze pages and signup forms – in fact, according to one direct marketer, Lucidchart.com, roughly three percent of their leads provided addresses that bounced. (Believe it or not, many people don’t even spell “.com” correctly!)

Unfortunately, losses like these can be just the tip of the iceberg. When you follow your human nature and ask potential leads to try and validate their own addresses by re-typing them – or worse, ask them to respond to a validation email – many people will simply throw up their hands and not bother, with no way of tracking these losses. According to Lucidchart’s Derrick Isaacson, the more bandwidth you add to your signup process, the less likely someone is to complete it. And the one lead you can never sell to is the one who doesn’t respond in the first place.

Then there are people who intentionally try to game the system. For example, you are offering a free gift to potential qualified prospects, and someone wants to get the goodie without receiving the sales pitch. So they enter a bogus address directed to nowhere, or perhaps to Spongebob Squarepants. Or worse, your next customer transaction is a scam artist trying to defraud your company.

Is there any way around this lose-lose scenario? Yes. And it is simpler and less expensive than you might think – particularly when held up against the cost of lost leads, data errors and fraud. The answer is real-time email validation. By using an API that plugs right into your email data entry process on the Web, you create a smoother experience for customers and prospects while gaining several built-in benefits:

Accurate address verification: A real-time email verification service can leverage numerous criteria to ensure the validity of a specific address. For example, Service Objects’ email validation API performs over 50 specific verification tests to determine email address authenticity, accuracy, and deliverability.

Auto-correction: The right interface not only catches typical spelling and syntax errors but can also suggest a corrected address.

Improved lead quality: The very best tools not only check email address validity but can calculate a composite quality score based on its assessment criteria, which in turn lets you accept or reject a specific address.

Less human intervention: The cost of processing an incorrect or fraudulent email address goes far beyond lost sales or revenue. The time you spend pursuing unattainable leads and processing bad data in your sales process add up to a real, tangible human cost that affects your profit margin.

Blacklist protection: Automated email validation protects your mail servers from being blacklisted by verifying authentic email addresses while filtering out spammers, vulgar or bogus email addresses, and erroneous data.

Real-world numbers bear out the value of using automated email validation. For example, Lucidchart.com’s Isaacson noted that an A-B test showed a 34% increase in product re-use and a 44% increase in paid customers among the automated validation group. On top of sales results like these, you can also add in the cost savings from reduced database maintenance, manual processing, and fraud when you deploy these tools across each of your prospect and customer touch points.

We now live in an e-commerce world that competes on making the prospect and customer’s experience as easy as possible. Automated email validation helps you compete better by reducing their bandwidth and your costs at the same time. It is a win-win situation for everyone, as well as your bottom line.

Why Fraud is Growing, And What You Can Do About It

Few industries or investments grow at a year-over-year rate exceeding ten percent nowadays. But one area that – unfortunately – has had bright growth prospects is retail fraud. Which means that one of the most important things you can do to protect your bottom line is to take reasonable precautions to prevent it.

According to the 2016 LexisNexis® The True Cost of FraudSM Study, the total cost of fraud as a percentage of revenues has risen over 11% in the past year, from 1.32% to 1.47%. This breaks down to record numbers of average monthly fraud attempts and successes (442 and 206, respectively, across the merchants they surveyed), as well as a substantial jump in the average monthly value of these successful fraud transactions ($146 versus $113 in 2015). All told, merchants lose an average of $2.40 per dollar of fraud losses as a result of chargebacks, fees, and merchandise replacement. It is truly a “growth industry.”

A big part of the problem is tied in with the growth of mCommerce, or commerce transacted through mobile devices, along with the broader area of card-not-present (CNP) transactions. In the former case, the percentage of successful fraud transactions taking place over mobile channels has grown year-over-year from 26% to 35% for larger merchants according to Lexis-Nexis. New technology is often a weak link for fraudsters to exploit, and in this case, the massive growth of mobile channel adoption, in general, has often run ahead of a concomitant investment in fraud prevention strategies.

Technology itself can also be part of the problem – for example, iPhone mCommerce apps are not allowed to collect a device’s Universally Unique Identifiers (UUIDs) to track which actual device is being used. In general, newer channels tend to have less infrastructure and fewer processes developed to combat fraud, and people take advantage of this gap.

So what can you do to prevent being a victim of retail fraud yourself? Here are three best practices:

  • Have a policy. Paying no attention to fraud makes you vulnerable as a retailer – and at the same time, over-reacting to individual fraud incidents can make it difficult for legitimate purchasers to complete transactions with you. Planning ahead with reasonable guidelines is the best strategy.
  • Validate and geolocate mobile device data. According to a recent white paper report on preventing mCommerce fraud, checking the phone number against your customer records and checking the GPS location of the transaction can help filter out questionable transactions . When a number doesn’t match, or a transaction is taking place from an unfamiliar location – such as in developing countries – you can flag these transactions for rejection or further verification.
  • Employ lead or order verification. No matter what sales channels you are using, real-time online services exist nowadays that can use multiple factors to assess order quality, while preserving customer experience.

Given the potential cost of fraud to your profit margin, it is generally a wise move to invest in a fraud prevention strategy. No one can eliminate retail fraud completely, but particularly as technology continues to grow, you can take steps to stay one step ahead of most of the bad guys. With the right strategy, both you and your customers can breathe easier as you grow your retail efforts across multiple channels.

Understanding VoIP – Fixed vs. Non-Fixed

If you aren’t already familiar with “Voice over IP” telephone services, or VoIP for short, you should be. It has become a popular and inexpensive form of telephony – and also one of the most common technologies used in committing retail and cyber fraud. Knowing how it works, and when to be cautious about it, is the first step to reducing your fraud exposure.

Of course, not every VoIP user is a cybercriminal – nearly 46% of Americans use VoIP as their primary phone line nowadays. Some of the largest global firms, including Google and Microsoft, are providers of VoIP services. Understanding VoIP also forms an important part of your contact data quality, particularly when it comes to maintaining compliance with current regulations on automated outbound telemarketing. Knowledge is power when it comes to fighting the small minority who intentionally misuse this technology AND knowing which contacts are safe to call.

What is VoIP?

VoIP, which stands for “Voice over IP” encompasses a group of technologies which provides delivery of voice communications over Internet Protocol (IP) networks. VoIP is available as a replacement to traditional phone services via public switched network (PSTN) in addition to subscribers using mobile phones, personal computers and other internet access devices. Note that VoIP does not bypass PSTN entirely; rather, it interfaces with a regular phone number but sends your voice data through the Internet using the same packet-switching technology that serves your email or YouTube videos, terminating at a software or hardware “phone.”

By using Internet telephony to bypass the infrastructure of traditional phone systems, the cost of these calls can be can be as low as zero, on top of the cost of your Internet service. Some of the benefits of VoIP services include low priced or free calling and number portability, while some of the drawbacks include lack of common phone services such as phone directory, 411 and in some cases 911 services.

How Does it Work?

There are several different methods to connect voice services over the internet including using an IP phone, an Analogue Terminal Adapter (ATA), or softphone which is an application installed on an internet connected device. Common examples of IP phones include the Cisco brand phones which can be used with any VoIP service provider, while Analogue Terminal Adapters may be tied to a specific carrier (i.e. MagicJack). A VoIP service provider will provide services that complete a phone call using broadband networks that are interfaced with PSTN (Public Switched Telephone Network).

Fixed vs. Non-Fixed VoIP

With respect to VoIP service providers, there are generally two types of VoIP services, Fixed and Non-Fixed. A client that is using a fixed VoIP service would be associated with a physical location and cannot be obtained from someone that is outside the country. Common Fixed VoIP providers include Vonage, BroadVoice, and Cox Communications.

Non-Fixed VoIP services, on the other hand, do not need to be associated with an address and are thus easily obtainable by individuals that are outside the country. Common Non-Fixed VoIP providers include Google Voice and Skype. Because VoIP numbers can be difficult to trace – particularly non-fixed numbers that can be obtained through a simple email signup – they are often a favorite of criminals who place orders using stolen or compromised credit cards or other fraudulent financial information, often operating from offshore locations. Fraudsters have also been known to hack other people’s VoIP installations for profit or anonymity.

Another issue with both types of VoIP is regulatory compliance. Strict laws exist for automated telephone and text message marketing, particularly to wireless phones, such as the US Federal Telephone Consumer Protection Act (TCPA). While the implications of TCPA for VoIP numbers remains murky, with at least one legal precedent ruling that it does not apply directly to at least free VoIP services, it is important to ensure that VoIP numbers have not been subsequently ported to cellular service and/or a new owner.

Prevent VoIP-Based Fraud and Maintaining Compliance

As you gain prospects or take orders, automated data quality tools can help you verify a contact’s phone line type and ownership. Identifying suspect phone numbers that belong to Non-Fixed VoIP providers early is an important first step in fraud prevention and protection, allowing you to flag potentially fraudulent transactions for further review. These same tools also help automate the process of verifying contact data for regulatory compliance.

Service Objects offers easy-to-implement tools for phone number validation and reverse lookup, as well as appending missing phone data to contact information. We also offer US/Canada and international lead validation services that provide a quantitative rating of lead quality using multidimensional analyses, as well as bundled lead enhancement services that combine validation with appending missing contact data. For more information on these tools or a no-obligation free trial, contact us and we’ll be happy to help!

 

How IP Validation Can Help Prevent Fraud

Have you ever been in a business with a sign that says, “We reserve the right to refuse service”? When doing business in person, merchants may be able to detect warning signs of potential fraud. Perhaps the name on a credit card is not the same as the name on the customer’s ID card. Maybe the customer appears overly nervous. Maybe the customer’s one hundred dollar bills seem too new or out of place. In order to protect themselves from fraud, these merchants may invoke that right and refuse to proceed with the transaction.

Though the warning signs of fraud are different when doing business online, you can protect your business by using IP validation.

What is IP Validation?

The DOTS IP Validation service is one of many tools to help prevent fraud. It does so by validating the IP address of online customers. IP addresses can reveal the general location of users. For example, if you use an Internet service provider (ISP) in Los Angeles, California, your IP address will indicate that you are in the Los Angeles area. This information is transmitted to websites as you use the Internet.

Most people have no reason to hide their IP addresses. In fact, most are unaware that they even have one.

How IP Validation Helps Prevent Fraud

Now, suppose you have an online customer who says that he is located in Los Angeles but is actually located in New Delhi, India — wouldn’t you want to know about this deceit?

With IP validation, you can compare the customer’s IP address with the address claimed. In the example above, you’d immediately discover a mismatch between New Delhi and Los Angeles — a sign of potential fraud. Since IP validation takes place in real time, you can immediately invoke your right to refuse service. In other words, the transaction can be halted before fraud can take place.

Ah, but fraudsters and malicious users know about IP validation, too — and they’re tricky. To escape detection, they often attempt to hide their true location from merchants by using network proxies.

The term proxy is defined as an entity that is used to represent the value of something else. Proxies are like substitutes, surrogates, or stand-ins. With these definitions in mind, a network proxy serves as a substitute for a user’s actual network IP address. It’s a fake.

Network proxy services are readily available around the world. While there are many legitimate reasons to use network proxies including corporate networking, access control, and security and privacy concerns, bad guys often use network proxies to obscure their locations.

Let’s revisit the user in New Delhi who claims to be in Los Angeles. He’s gotten smarter and is now hiding behind a proxy. His IP address no longer provides you with the crucial clue you need to detect the user’s actual location. Thus, IP validation won’t work — or will it?

DOTS IP Validation service can detect when an IP address is a part of a proxy network. Though the IP address and the claimed location may match, the fact that the customer is using a proxy is a red flag. It’s telling you that the user may be a fraudster or a malicious user and that caution is warranted.

While the user may or may not have a valid reason to use a proxy, wouldn’t you want to be alerted that something is awry before you do business?

Help protect your online business from potential fraud by using IP validation. The warning signs of online fraud are out there, but you need a means of discovering them. IP validation is one of those means.

How a Rise in Disposable Email Addresses Can Affect a Business’s Email Marketing

Disposable email addresses (DEAs) are nothing new, but for business owners, project managers and IT specialists, it can spell disaster for email marketing campaigns. Understanding what they are, why they are used and how they affect businesses can help leaders adjust their strategy when collecting addresses.

What Disposable Email Addresses Are All About

Nowadays, most people have personal and business email addresses they use regularly. As the Internet gained popularity, it brought with it a rise of issues. Websites that made use of discussion forums, newsletters and e-commerce started requiring sign-ups for access to content or special offers. This resulted in email owners being inundated with large numbers of emails on a daily basis; many of which were spam.

To combat this annoyance, and as an added measure of security against identity theft, email service providers began offering disposable email addresses free of charge. Disposable, one-time, instant, temporary or fake email addresses are just that; they are impermanent and only usable for a very short time.

How Disposable Email Addresses Affect Businesses

Although disposable email addresses work wonders for consumers wanting to keep their personal accounts safe and clean, their use can wreak havoc on a business’s email marketing campaigns. Some users have their emails forwarded to real email addresses where they can control what they receive and read. Others never read their emails or let their service provider expire them within 15 minutes to an hour after receiving them.

Disposable email addresses can drastically thwart efforts to reach potential customers—and it can also skew email list analytics. In other words, a business owner may have thousands of subscribers on his or her list with only a small percentage of them actually reading their emails. In this case, quantity over quality loses. Real emails rather than fake emails can be the difference between quality leads and worthless lists.

Ways to Combat Disposable Email Addresses

Fighting disposable email addresses isn’t always easy, but there are several ways to increase the likelihood of generating real email addresses from potential customers. For existing lists, email validation determines email address authenticity, accuracy, and deliverability, returning detailed information and error codes. The email validation API performs over 50 email address verification tests, calculates a quality score (accept or reject), auto-corrects common domain misspellings and syntax errors, and removes extraneous characters.

To prevent the continued collection of useless email addresses, encourage users to submit real ones. Providing valuable content is the proven way to keep the attention of those who sign up, whether they use a real or disposable address. Marketing managers can also inhibit the use of temporary emails by using online sign-up forms that make use of email validation in real time to determine if an email address is disposable and block it from being submitted.

Self-Learning Validation

Have you ever asked Siri to remind you to buy a certain product the next time you’re at the store, call your mom, or fetch the latest movie times? Technology that was once the realm of fantasy has made its way into your hands, and it’s getting smarter every day. Here at Service Objects, smart technology is integral to our business. Our validation services may not be as personable as Siri, but they’re even smarter.

Our email validation service currently keeps tabs on over 2 million domains each day, and that number continues to grow. The more data our email validation service collects, the smarter it becomes. We like to say that the service is “self-learning” because, with additional data, it can make better decisions about the integrity of an email address. Moreover, the email validation service can tap into this data to predict mail server behavior. 

For example, let’s say a large company obtains a new domain, example.com and begins issuing employee email addresses with that domain. When our email validation service first encounters an @example.com email address, it has minimal data to work with and will need to examine other data points as part of the email validation process. Once the example.com domain has been validated, future @example.com addresses can be processed more quickly. For example, if someone accidentally enters @exemple.com, our email validation service will have already learned the correct spelling of the domain and will be able to correct the spelling immediately.

Predicting mail server behavior is another area where our self-learning validation technology shines. For example, spammers often use disposable or temporary domains to spam mail forms in websites and mail servers directly. Spammers know that ISPs use sophisticated spam detection tools in an attempt to prevent spam from landing in their users’ inboxes. Thus, spammers obtain disposable IP addresses and domains, burning through them quickly as a means of circumventing spam detection. 

In theory, this would work. After all, new domains and IP addresses haven’t been blacklisted yet, allowing spammers’ messages to go through. Though the IP addresses and domains may change, the spammers’ behaviors, and other signature factors, often do not. As a result, even if a spammer uses a fresh IP and new domain, our self-learning validation service can promptly identify the spam attempt. 

All of this learning takes place behind the scenes — for your benefit.

 

3 Telltale Signs an Online Order is Fraudulent

contact-validation-fraud-prevention

Online fraud affects businesses of all sizes. According to The Nilson Report, in 2012, payment card issuers, merchants, and their acquiring banks lost over $11 billion to fraud. Whether you’ve already been hit by fraudulent orders or are concerned about the potential, online fraud prevention is a must. One of the best ways to prevent online fraud is to be aware of the following three telltale signs that an order is fraudulent. This awareness allows you to stop that transaction from taking place or implement other security measures.

 

  1. The IP address of the customer does not match the shipping or billing address entered or the IP address is from a high risk country.

    When users browse websites, their IP addresses provide valuable clues as to their physical locations. A quick IP address lookup can tell you which city or country an online customer is located in. If that location does not match the shipping or billing address, it could indicate online fraud. In addition, several countries such as Russia, Malaysia, and Ghana, are notorious countries of origin for many online fraudulent orders. If a customer’s IP address is from one of these high risk countries, the order could be fraudulent. What if the IP address is cloaked or it’s obvious that the user is using some sort of proxy? While many computer users use proxies for legitimate purposes, a cloaked IP address is another red flag to be aware of.

  2. BIN of the payment card indicates a country of origin that is inconsistent with where the customer says he/she is located.

    A Bank Identification Number (BIN) is a prefix on a credit card which identifies the issuing bank’s name, payment method, card type, and issuing country. If the BIN’s country of origin does not match the customer’s location, it could be a strong indicator that the order is fraudulent.

  3. Infidelity between the phone number owner and billing name.

    Another clue involves a mismatch between the billing name on a credit card and the customer’s entered phone number. For example, if the customer says his name is Bob Smith and uses Bob Smith’s credit card but enters a phone number that is not owned by Bob Smith, this could indicate online fraud.

Looking up IP addresses, BIN numbers, and phone numbers for each transaction is an effective means of online fraud prevention. However, doing it manually is generally not an option. Fortunately, DOTS Order Validation, which combines multiple DOTS services, automatically cross-validates customer information in real time at the point of purchase. DOTS Order Validation can instantly flag these telltale warning signs (and many others) so that you can prevent fraudulent orders from occurring.

contact-validation-trial

Preventing Online Fraud with Digital Fingerprinting

Every individual is unique; from DNA makeup to personality, even one’s online presence is particular and can’t be duplicated 100%. As experts in the space of contact data quality and contact data validation, we look at a unique contact record as that individual’s digital fingerprint. 

lead-validation-digital-fingerprintFingerprints are usually associated with forensic science, or the science of gathering and examining evidence of past events. Since every human being has a unique fingerprint, it is a surefire way to identify the exact people who were present at the scene of a crime. Using fingerprints for identification is not always this scandalous, however, and is sometimes a precautionary measure for prospective employers to verify that an applicant is really the person he or she claims to be on paper. 

Our composite fraud prevention tools employ a similar logic when validating contact data. They look at five specific data points which define each customer or contact –it’s like scanning their digital fingerprints. When we find that the user-supplied contact information doesn’t match the data points in our contact set, our APIs flag the contact for further investigation. In some exceptional cases, legitimate users may stray from a few components of their digital fingerprint; they may interact with your website from a foreign IP address while they’re traveling, or begin using a different email address if their old one got hacked. But most of the time, an unrecognized combination of contact data points is a red flag.

What exactly are the five pieces of information we consider to make up one’s digital fingerprint?

  1. Name. Every real, genuine online user has a name. One’s full name may be parsed into prefix, first, middle, last, and suffix, and each name will have a correct and particular spelling. More than one person can certainly share the same, exact name, but in conjunction with the other key data points, the name fortifies an individual’s digital fingerprint.
  2. Address. The shipping or billing address supplied by a user is a strong indicator of the contact record’s integrity. A valid address will give the location of an existing and occupied residence, business, or post office box.
  3. Phone Number. Phone numbers are registered to people and organizations, and therefore are associated with at least one contact. It is also important to note whether a phone number is still connected and in service, what line type it currently is, and if it’s been ported.
  4. Email Address. In many online activities and interactions, users must provide their email address. Especially in eCommerce, a valid and active email account is a vital part of the customer’s digital fingerprint. Online businesses need their users’ email addresses to maintain communications and the relationship, and without it, they don’t have the user’s complete digital fingerprint to verify.
  5. IP Address. The geolocation of an online user’s connection, via his or her IP address, is vital to fraud prevention. Identifying use of public or anonymous proxy servers can give you insight on that person’s genuineness and integrity. 

Any one user may engage with your website using various forms of his or her name, addresses, phone numbers, email addresses, or IP addresses. So an individual’s digital fingerprint may encompass multiple combinations of these datapoints; but any valid and verified combination of a name, address, phone number, email address, and IP address is sure to be attributed solely to one person. After all, even identical twins, who have indistinguishable DNA, have their own distinct fingerprints, both physically and virtually.

If you’d like to see how Lead Validation can help you verify the identity of your contacts by looking at their unique digital fingerprints, please request a demo, or start a free trial.