In a previous blog, we discussed the benefits of using DOTS Address Detective – International to detect a contact’s country. This blog will discuss some of the challenges surrounding country detection in more detail, as well as provide an overview on how we determine the best country from your data.

Contact Components

When trying to append a country to a contact, we have four main components to examine.

1. Address
2. Phone
3. IP Address
4. Email

Each component must be carefully evaluated on its own merit before it can be used to help identify a country for the contact.

Address Component

The Address component may represent a contact’s physical location or mailable address. It is the most diverse and complex of all the components. International addresses do not follow a singular format, language or standard. Each country has its own set of rules and standards, which can also make the storage of international addresses problematic for US-centric CRMs.

This also means that is common for a contact’s address to be incorrect and/or incomplete. Additionally, some businesses are not always interested in capturing a mailable address and only wish to store a contact’s region. Depending on who is entering the contact address and how it is being stored, it would not be unreasonable to expect this data to be flawed in more ways than one.

Knowing the country is critical to processing most addresses. It determines the address format, which is needed to identify individual address elements, which in turn are needed to identify a locality, postal code or region. With that said, our sophisticated data-driven algorithms are not dependent on completeness and allow for a wide variety of formats and languages.

If you think you can identify a country’s address, take our fun, short Country Quiz.

Similar to the DOTS Address Validation International service, the address component consists of Address Lines 1-8, Locality, Admin Area and Postal Code. The address can be entered entirely in lines 1-8 or in combination with the Locality, Admin Area and Postal Code fields. Address line order does not matter, and common mistakes like putting an address value into the wrong address field are detected and handled.

Not all countries follow the US city-state pairing format or the equivalent locality admin area pairing. Many international addresses do not include an admin area, which can make country detection difficult since many localities from around the world can often share names. Take Venice, for example, which can be found in separate locations of three different countries.

Locality	Admin Area	Country
Venice	Venice	Italy
Venice	Alberta	Canada
Venice	California	USA
Venice	Florida	USA

If no other address information besides the name Venice was made available, one would be left having to choose between these three countries. However, by making use of other contact data such as a phone number, IP address and/or email, the service can cross reference various datasets to better determine which country is the best match. Then again, if the locality was entered as Venezia, the Italian endonym for Venice, there would be less ambiguity and the country Italy would be the clear choice.

Phone Component

The phone component consists of a contact’s phone number(s). The format of a phone number is dictated by its country’s numbering plan. Some countries have their own numbering plan, while others share one. The USA and Canada, for example, share the North American Numbering Plan (NANP), whereas the UK and its crown dependencies share the UK National Telephone Numbering Plan. Most countries conform to the E.164 International Telecommunication Numbering Plan, which is published by the International Telecommunication Union (ITU).

The E.164 Numbering Plan
The E.164 currently provides five number structures (numbering plans) for international phone numbers:

1. International ITU-T E.164-number for geographic areas.
2. International ITU-T E.164-number for global services.
3. International ITU-T E.164-number for Networks.
4. International ITU-T E.164-number for groups of countries.
5. International ITU-T E.164-number for trials.

Each structure has its own set of rules and requirements, but telephone numbers that conform to E.164, in general, will adhere to the following:

• The recommended maximum length for a telephone number is 15 digits.
• Telephone numbers will begin with a Country Code (CC).
• Telephone numbers will not include Prefixes and Suffixes

Country Codes
Country calling codes are published by the Telecommunication Standardization Bureau (TSB). Depending on which E.164 structure is being used the country code (CC) may vary between 1 to 3 digits or may be fixed to 3 digits. Country codes are followed by the destination number in accordance with the E.164 numbering plan. When storing a country code or an international (E.164) number, the number is commonly prefixed with a plus symbol (+) to indicate that when dialing the number, one must first dial the appropriate international call prefix to complete the call.

Prefixes
International call prefixes (also known as call out codes, dial out codes, exit codes or international access codes) are used to make a call from one country to another. The Prefix is dialed before the country code (CC) and the destination telephone number. Prefixes are not a part of the E.164 numbering plan and it is recommended to not include them as they can interfere with country code identification.

Making the Call
Suppose you have a contact in the UK with the following number saved in your CRM, ‘+44 123 456 7890 Ext. 123’, and you wanted to call this person from within the USA. To call them, you would dial 011441234567890, and then after you have been successfully connected you would next dial your contact’s extension of 123.

The table below shows how the prefix and suffix are not a part of an international number.

Prefix	International Number		Suffix
	Country Code	Destination Number
011	44	1234567890	Ext. 123

Now suppose that you wanted to call this contact again, but this time you are in Sweden and not in the USA. Instead of dialing the 011 prefix, which is shared by all countries in the North American Numbering Plan (NANP), you would dial 00 which is the prefix used by many countries in Europe.

At Service Objects, we understand that not all phone numbers will conform to an E.164 numbering plan and that many numbers will have missing country codes, which why our services make use of a wide variety of datasets and are flexible enough to intelligently identify a country.

IP Address Component

Not all companies capture a contact’s IP address, but when they do they are most likely capturing it via the web form the contact used to submit their information. The captured IP address and the location for that IP is often for the registered owner of the IP, so if the contact filled out a web form from their home computer then it is likely that the IP is for their Internet Service Provider (ISP). If they filled it out from their office computer, then the IP address may belong to the business or to the business’s ISP. IP based geolocation systems will commonly return a general location for the owner of the IP, which in most cases is the end user’s ISP.

There is often a misconception that IP based geolocation services will always return an end user’s exact location. For example, that the IP address assigned to a mobile smartphone can alone be used to pinpoint and track the phone’s exact location. This is simply not true. In most cases, IP based geolocation services will return the city and/or the metropolitan area for where the IP address is commonly served. Subscribers will generally be located within the serviceable area of their ISP, and so the IP based location can be used in confidence to identify the region of the end user.

Identifying Anonymous Users
If a contact used a Virtual Private Network (VPN) or Proxy connection, such as a Tor network, when filling out a form then that means that the end user’s true IP address was masked and it was not captured. Some users will make use of methods such as these to try and remain anonymous and prevent others from capturing their true IP address. These methods are not only used to mask a user’s true location, but they can also be used to make a user appear to be from somewhere they are not. This is commonly done to circumvent region locked sites and services, however not all VPN and proxy connections are used for this purpose. Many businesses make use of VPN and proxy connections to connect their employees, sites and services from various regions, including remote employees.

A service like DOTS IP Address Validation is capable of identifying proxy related IP addresses as well as IP addresses associated with malicious activity. By leveraging this data, the country detection algorithm can determine if the IP is trustworthy and if the IP based location is genuine.

Email Component

The email address component uses the contact email address to identify where in the world the mail servers are located. The location of the mail server should not be confused with the location of the mail sender; after all, one of the benefits of email is that you can send and receive it from just about anywhere an internet connection is available. This means that a contact may not necessarily be anywhere near where the mail server is located and could potentially reside in an entirely different country. It’s also worth noting that the domain name, including the Top Level Domain (TLD), can be misleading.

For example, let’s suppose we have an email with a domain that consists of Spanish words and the TLD country code for Spain (ES), like: ejemplo@una_palabra_espanola.es

While the above example email address may appear to be for a contact for Spain, the company could instead be hosted or even located in another country, such as the USA. Another possibility is that the company is located in one country and has their email handled by a provider in another. It is quite common for businesses to outsource email duties to specialized email providers.

Some domains have mail servers located in multiple countries and regions and are not tied to a single location. So, email addresses alone cannot be used to accurately and confidently identify a contact’s country, as doing so would be too far-reaching. However, the country or countries for the email component can be used in some cases to help identify a single country when used in combination with other contact data.

Which Country is Best

As you can see, each contact component is carefully analyzed to the point where a country may be singled out for each one, but the next step is to now determine which country best represents the overall contact. By taking the countries that are related for each component and carefully weighing their relevance as well as cross-examining them we can in many cases successfully identify the single best country that best exemplifies the contact.

As previously mentioned, contact components like the Address and Email can result in more than one country. The country detection algorithm takes all possible countries into account, so even though a single component may not have a clear country winner, a best match can be found between all the components. Some components have a stronger influence than others. For example, the IP address and email address components do not have as much influence as the address and phone components since they are not always directly related to where a contact resides.

In general, the more complete the contact information is, the more the country detection algorithm will have to work with, choosing a best overall country. However, even when a few contact components are available, the service will still be able to make do with the information it receives.

Some things are just better together. Like milk and cookies. Or peanut butter and jelly. Or, if you do online sales and marketing, ecommerce platforms and data validation services.

Integrating live, real-time validation services right into your ecommerce platform is easy to do, and gives you a whole host of benefits including promoting sales, preventing fraud and ensuring top-notch customer service and product delivery. This article explores a rich smorgasbord of benefits you can engineer into your own shopping cart platform – adding any of them will make your life easier:

Localize the online shopping experience

Even before a customer has a chance to look at your online store, you can curate its contents based on their location, using IP Address Validation to see where they are coming from. Detect their region or country and customize the language, currency and taxes for your online store to match. Or use their location to offer a ski sale for Colorado and surfboards for Hawaii. Geolocation can also be used to change your product mix to match local regulations and sensibilities. Another use we have seen is presenting customers with the appropriate terms of use and privacy policy based on their location, helping you maintain privacy compliance.

Keep online fraud at bay

Our IP Address Validation tool also lets you detect the location of a visitor to implement additional security rules for high risk countries, such as only allowing certain types of payment or restricting sales to high-fraud destinations. You can also compare the location of the IP address against the billing and shipping address, and flag discrepancies for further review.

Other tools to help reduce online fraud and chargebacks include:

• Using BIN Validation to identify high risk cards like prepaid and gift cards, especially for multi-payment and membership products and services. This tool can also help you compare the issuing bank and country with the billing and shipping location.
• Using Email Validation to flag questionable or fraudulent email addresses.
• Using GeoPhone Plus to match the address for a customer’s phone number against their billing and shipping details.

Finally, our advanced Order Validation tool is a comprehensive and composite service for fraud monitoring, performing multi-function verifications including address validation, BIN validation, reverse phone lookup, email validation, and IP validation. Our proprietary algorithm performs over 200 tests and returns a 0-100 quality score on the overall validity and authenticity of the customer, flagged for pass, review or fail.

Get accurate sales tax information

For customers in the United States and Canada, our FastTax product can provide you with up-to-date sales tax rates, as well as identify the correct tax jurisdiction and boundaries based on location. In some jurisdictions tax rates even vary on different sides of the same street, and we can catch this!

Ensure deliverability

By checking addresses, you can ensure cost-saving delivery rates, avoid returned shipments, and ensure customer satisfaction by getting their order to the right place on time.

Our flagship Address Validation services for the United States, Canada and international addresses validate and correct addresses in real-time to ensure customers have entered a correct (and deliverable) address for the USPS, FedEx and UPS. Our US service is CASS certified and includes Delivery Point Validation (DPV) to verify an address is deliverable, Residential Delivery Indicator (RDI) to identify residential versus business addresses, and SuiteLink (SLK) to add secondary suite information for businesses.

For Canada, we can validate and correct addresses whether they are in English or French, with an output that meets Canada Post standards. For international addresses, we can instantly correct, standardize and append addresses for over 250 countries, adapted to each country’s postal formats and cultural idiosyncrasies. You can also use our address validation tools to create an address suggestion tool that includes validation.

Use the right delivery approach

Another use for US address verification is that it can identify general delivery address (i.e. PO boxes). Some sellers choose not to deliver to PO boxes, present different shipper options, or ask the buyer for a different address. Conversely, it can also detect incorporated areas versus unincorporated areas where the USPS will not deliver, allowing you to create logic that doesn’t present the USPS as a delivery option for these types of addresses.

In addition to improving deliverability, these verifications can also improve your bottom line by keeping more orders in your online shopping cart: a frequent customer complaint is being told that they cannot order from a site because USPS-only verification logic says their address is undeliverable. UPS and FedEx can normally deliver to most US doorsteps, and our capabilities can help you close these sales as well.

Ensure accurate email addresses

Our Email Validation service helps make sure that you capture the correct email address at the time of entry, ensuring that all future communications reach the customer. It catches common typographical errors (like gmial.com instead of gmail.com) as well as bogus email addresses. And when accounts are created using the customer’s email address as the primary key or account id, this tool helps ensure that you can catch mistakes while they are still easy to correct.

Improve your customer service and marketing

The benefits of integrated data validation don’t stop when an order goes out the door. Regular validation and cleaning of your contact data, for customers and prospects, will streamline your future marketing efforts – not to mention helping you comply with consumer protection and privacy regulations. And our customer insight and demographics tools can help you leverage this contact data as a valuable asset for serving your customer base even better.

For each of these capabilities, it is easy to integrate our services into almost any ecommerce platform. Most of these systems offer a plugin, RESTful API, or exposed interface to integrate with our services, including cloud connectors and web hooks, and any application that can call a web service can obtain output from our services in either XML or JSON formats. And we recognize that not all shopping carts are built alike, with needs varying from mom-and-pop online stores to full-scale enterprise level platforms, so take advantage of our extensive documentation and support to get you going.

Of course, our tools also stand alone, with convenient batch processing options for cleaning up legacy data in list form as well as quick lookup capabilities. But if you have an automated solution for your ecommerce capabilities, our services can power up the accuracy, quality and productivity of your marketing and sales efforts. Learn more on our website, or contact us anytime to learn more!

Do we support your ecommerce system? Yes we do!

Here is a list of many of the popular ecommerce systems that we interface with.

2Checkout (formerly Avangate)	LemonStand	Spark Pay
3D Cart	Magento (recently acquired by Adobe)	Squarespace
Big Cartel	Microsoft Commerce Server	SuiteCommerce
BigCommerce	Miva	Symphony Commerce
CloudCraze	OpenCart	Systum
CommerceHub	Oracle Commerce Cloud	Volusion
Demandware	osCommerce	VTEX
Drupal Commerce	Paddle	WebSphere Commerce (WCS) (IBM)
Ecwid	Prestashop	Weebly
FastSpring	Salesforce Commerce Cloud	Wix
InfusionSoft	SAP Hybris Commerce	WooCommerce (WordPress plugin)
Kibo	Shopify	X-Cart

And new interfaces are coming online all the time, so if you don’t see yours on the list, talk to us!

 

 

Using a blacklist to block malicious users and bots that would cause you aggravation and harm is one of the most common and oldest methods around (according to Wikipedia the first DNS based blacklist was introduced in 1997).

There are various types of blacklists available. Blacklists exist for IP addresses, domains, email addresses and usernames. The majority of the time these lists will concentrate on identifying known spammers. Other lists will serve a more specific purpose, such as IP lists that help identify known proxies, TORs and VPNs or email lists of known honeypots or lists of disposable domains.

There are many different types of malicious activity that occur on the internet and there are various types of lists out there to help identify and prevent it; however, there are also various problems with lists.

The problem with lists

In order to first identify a malicious activity with a list, the malicious activity must first occur and then be reported and propagated. It is not uncommon for malicious activity to stop by the time it has been reported and propagated. Not all malicious activities are reported. If you encounter the malicious activity before it is reported then you won’t be able to preemptively act on it.

IPs, Domains, Email Addresses and Usernames are dynamic and disposable. If a malicious user/bot gets blocked then they can easily switch to a different IP, domain etc.

Some lists offer warnings that blocking an IP address could affect thousands of users who depend on it in order to obtain crucial information that they would otherwise not have access to. So block responsibly.

Aggregating data to more effectively identify malicious activity

Instead of looking at one list to perform a simple straightforward lookup, we can take advantage of multiple datasets to uncover patterns and relationships between seemingly disparate values. A simple example would be, relating usernames to email addresses, email addresses to domains and domains to IP addresses, which allows us to view the activity of one value and compare it to the behavior of other values. Using complex algorithms with machine learning to process large samples of data we can intelligently discern if a value is directly or indirectly related to a malicious activity.

How Service Objects keeps it simple for the user

The DOTS IP Address Validation service currently has two flags to help its user deal with malicious IPs, ‘MaliciousIP’ and ‘PotentiallyMaliciousIP’. The ‘MaliciousIP’ flag indicates that the IP address recently displayed malicious activity and should be treated as such. The ‘PotentiallyMaliciousIP’’ flag indicates that the IP address recently displayed one or more strong relationships to malicious activity and that it has a high likelihood of being malicious. Both flags should be treated as warnings with the ‘MalciousIP’ flag being scrutinized more severely.

The warning signs of online fraud are out there, but you need a means of discovering them. Our DOTS IP Address Validation service encompasses many of the identification strategies necessary to make split-second decisions on would be attackers before any harm is done.

Good news – someone wants to place a large online order for one of your company’s products, shipped to their business in the United States. But in reality, this person is a scammer from some boiler room halfway around the world. They are using a spoofed phone number, an address for an anonymous drop shipment point, and a stolen credit card number that will eventually get charged back to you.

Fraudsters can leverage the anonymity of the web to do everything from transferring money to purchasing valuable goods for resale on the black market. And the growth of online commerce and card-not-present (CNP) transactions has fueled online fraud as a lucrative industry. According to an annual report from CyberSource, as of 2016 companies lose nearly one percent (0.8%) of their revenues to fraud. It occurs almost equally across companies of all sizes, and 83% of them conduct manual reviews of orders to try and combat this fraud.

It is this latter area – manual verification – that often becomes a tough choice for businesses. Do you tighten up your screening process, and risk rejecting valid orders and losing customers? Or do you become more of an easy target for criminals? Either way, this manual verification, which can take several minutes per transaction checked, represents a substantial cost on top of any losses or chargebacks you endure because of fraud.

One of the key criteria for fraudulent transactions is the location of the purchaser. Common red flags for problem transactions can include.

• A purchaser whose IP address is far from their delivery address – for example, someone in Asia orders something to be shipped to a business in Indiana
• Anonymous or so-called “dark web” IP addresses designed to mask the user’s location, including proxy servers and virtual private networks (VPNs)
• Orders from multiple locations over a short period of time

On the other hand, simple screening criteria such as rejecting orders from VPNs, proxy servers and distant locations are blunt instruments that can exclude legitimate customers, such as people traveling on business. Moreover, manual verification of these orders represents a substantial transactional cost that affects your organization’s margins.

This is where automated geolocation tools can make a real difference in fraud prevention. Using continually updated databases, and often working as an API directly from your web processes, these tools can automatically validate and cross-reference criteria such as mailing addresses, phone numbers and IP addresses for legitimacy. They can also validate the credit card itself, by using BIN number validation. More important, bundled tools for lead or order generation can perform multi-function verifications using composite criteria, returning a 0-100 quality score on the overall validity and authenticity of the customer.

Held up against the financial, merchandise and time losses associated with fraud, not to mention the potential loss of goodwill and market share among existing customers, automated geolocation tools can be an extremely cost-effective solution for a universal problem among businesses. Unfortunately fraud will always be with us, thanks to human nature, and these tools help you and your business stay one step ahead of the problem.

With the holiday season upon us, online sales surge with customers seeking to place orders with retailers. But not all orders, form submissions, and lead generation efforts are legitimate. Building fraud identification systems which can properly identify cases that are illegitimate can range from simple to complex, with the latter using such methods as tracking user behavior and performing complex authentication methods. Most, if not all, fraud identification strategies incorporate a fundamental step in identifying fraud which is through IP Validation.

IP Validation identifies the origin of an IP which is crucial for assessing whether an IP is legitimate or is considered High Risk. An IP is categorized as High Risk based on multiple factors including whether the IP origin is from a TOR Network exit node, behind an Anonymous/Elite proxy, has been blacklisted for suspicious/spam activity, or whether the IP origin is in a country that is considered High Risk for fraudulent activity.

Anonymous Proxies

A typical HTTP request includes necessary header information which describes the origin of the request to return information to. Requests which emanate from an anonymous proxy hide the origin IP and only include the proxy IP. Anonymous proxies are available through either SOCKS or HTTP protocol. HTTP protocol is used for general HTTP/HTTPS requests as well as FTP in some cases, while SOCKS proxy provides support for any type of network protocol.

TOR Network

While detecting whether an HTTP request was issued from behind a proxy may be detectable based on header information, this is not the case with a request emanating from a TOR client. TOR networks route requests through a series of participating nodes anonymizing where the origin of the request came from.

VPN Service

VPN or Virtual Private Network offers another method for fraudsters to conceal their identity. A VPN service provides a secure tunnel for users to connect to another host machine and execute requests appearing as though the requests are emanating from the VPN host machine.   VPN adds the additional security of encrypting traffic between the user and VPN host.

IP Blacklist

IP Reputation services and DNS-based blacklists track and monitor suspicious and spamming activities. Users which violate website /domain owner’s terms of service can have their IP blacklisted which terminates future activity from that IP. Website owners will check their own provided IP to ensure their website has not been used in spamming attacks or suspicious activities which could restrict their ability to operate. Accepting messages from an IP which has been blacklisted should be considered high risk.

BotNet

A Botnet is another method fraudsters can use to conceal identity. A botnet is a network of machines that are under control by the attacker. Hackers frequently use botnets for large scale attacks where a high number of concurrent requests are issued to take down a system. Botnets can originate from any network connected device. This was evidenced by a recent attack on a major DNS system provider which was executed by a network of connected home devices.

How to Protect Yourself

With all of the different methods of concealing identity available to fraudsters, the picture becomes much larger of the task to thwart would-be thieves from disrupting your systems. Thankfully DOTS IP Validation encompasses many of the identification strategies necessary to make split-second decisions on would be attackers before any harm is done. From IP origin to Proxy/ TOR node detection, DOTS IP Validation has you covered.

Have you ever been in a business with a sign that says, “We reserve the right to refuse service”? When doing business in person, merchants may be able to detect warning signs of potential fraud. Perhaps the name on a credit card is not the same as the name on the customer’s ID card. Maybe the customer appears overly nervous. Maybe the customer’s one hundred dollar bills seem too new or out of place. In order to protect themselves from fraud, these merchants may invoke that right and refuse to proceed with the transaction.

Though the warning signs of fraud are different when doing business online, you can protect your business by using IP validation.

What is IP Validation?

The DOTS IP Validation service is one of many tools to help prevent fraud. It does so by validating the IP address of online customers. IP addresses can reveal the general location of users. For example, if you use an Internet service provider (ISP) in Los Angeles, California, your IP address will indicate that you are in the Los Angeles area. This information is transmitted to websites as you use the Internet.

Most people have no reason to hide their IP addresses. In fact, most are unaware that they even have one.

How IP Validation Helps Prevent Fraud

Now, suppose you have an online customer who says that he is located in Los Angeles but is actually located in New Delhi, India — wouldn’t you want to know about this deceit?

With IP validation, you can compare the customer’s IP address with the address claimed. In the example above, you’d immediately discover a mismatch between New Delhi and Los Angeles — a sign of potential fraud. Since IP validation takes place in real time, you can immediately invoke your right to refuse service. In other words, the transaction can be halted before fraud can take place.

Ah, but fraudsters and malicious users know about IP validation, too — and they’re tricky. To escape detection, they often attempt to hide their true location from merchants by using network proxies.

The term proxy is defined as an entity that is used to represent the value of something else. Proxies are like substitutes, surrogates, or stand-ins. With these definitions in mind, a network proxy serves as a substitute for a user’s actual network IP address. It’s a fake.

Network proxy services are readily available around the world. While there are many legitimate reasons to use network proxies including corporate networking, access control, and security and privacy concerns, bad guys often use network proxies to obscure their locations.

Let’s revisit the user in New Delhi who claims to be in Los Angeles. He’s gotten smarter and is now hiding behind a proxy. His IP address no longer provides you with the crucial clue you need to detect the user’s actual location. Thus, IP validation won’t work — or will it?

DOTS IP Validation service can detect when an IP address is a part of a proxy network. Though the IP address and the claimed location may match, the fact that the customer is using a proxy is a red flag. It’s telling you that the user may be a fraudster or a malicious user and that caution is warranted.

While the user may or may not have a valid reason to use a proxy, wouldn’t you want to be alerted that something is awry before you do business?

The warning signs of online fraud are out there, but you need a means of discovering them. Help protect your online business from potential fraud by using IP validation. Try it out now with a free trial key.

Last week our DOTS IP Address Validation web service received an exciting new feature enhancement – the ability to detect Tor network users within the anonymous proxy warning.

Using the Tor Network or similar anonymous proxies to hide one’s IP address allows fraudsters to easily conceal their true geographic location, enabling them to create potentially bogus transactions. Orders made with stolen credit cards create havoc for retailers, especially during the crucial holiday shopping season.

Customers using IP address validation can now uncover real-time location and network information about the IP address linked to the user, warning them of contacts utilizing anonymous and public proxies. This information empowers companies to make informed decisions about the risks associated with these types of online transactions.

The addition of this enhanced anonymous proxy feature has produced an interesting, and somewhat controversial conversation on Slashdot. Find out what others are saying here.

For more information about DOTS IP Address Validation and how to defend against online fraud, click here.