What is DOTS IP Address Validation? First, it helps to understand what an IP address is.

IP addresses are like a mailing address, but for devices on the internet. It is a 32-bit number that uniquely identifies a device and their network. An IP address is typically written in decimal digits, formatted as four 8-bit fields separated by periods. Each 8-bit field represents a byte of the IP address. This form of representing the bytes of an IP address is often referred to as the dotted-decimal format. The bytes of the IP address are further classified into two parts: the network part and the host part.

So what is IP Address Validation and what does it do?  It is a real-time API service that analyzes IP addresses to determine their quality while returning key details like location and device type. These details can be used in a number of different ways, from helping fight fraud to geo-targeting your marketing message for better campaign performance.

The service is simple to integrate and only requires two inputs: an IP address and the license key. From there, our algorithms take over and compile its findings into the following output fields.

Output fields from IP Address Validation

Certainty

This is an overall score given to the body of the outputs with respect to the accuracy of the results provided. This number may vary based on several underlying factors, including data source. The score can range from 0 to 100, and with typical results in the high 90’s.

City

The city location of the IP address.

Region

The state, province or region (depending on the country) location of the IP address.

Country

The country location of the IP address. With this information, our customers can flag countries that have unique compliance or regulatory rules, like the EU’s General Data Protection Regulation (GDPR) as an example. Other customers have used this in their call centers to ensure the customer service representatives assigned to the customer can speak the native language(s) of the country flagged.

CountryISO2/ CountryISO3

Two and three letter abbreviations CountryISO2 and CountryISO3 respectively, which can easily be programmed against, among other things.

Country, along with the other location data points, can be used to identify where your traffic is coming from and how to serve up information to people in different countries or areas. It can also be used to exclude countries or areas as well: for instance, if there is a particular country that does not make sense to do business with based on your business model or product type, you could exclude those IP addresses from participation on parts of your web site, or even exclude them from submitting forms and serve up different content.

PostalCode

The US postal code of the IP address (US only).

StateFIPS

The state Federal Information Processing Standards code for the IP address. This code is used to uniquely identify states (US only).

CountyFIPS

The County Federal Information Processing Standards code for the location of the IP address. This code is used to uniquely identify counties throughout the US (US only).

Designated Market Area (DMA)

This is also a US only data point. It represents a media market or broadcast (television or radio) market, also known as a media region where people in that area will get the same broadcasts. Think advertising and getting your message across to a group of people in the same market. This data point also works well for customizing internet advertising and offerings.

MetroCode

This is tied directly to the Designated Market Area (DMA) and the code for the market DMA (US only).

Latitude/Longitude

The latitude and longitude coordinates for the IP address. Among other things, you can plot these coordinates on a map, or find distances between IP addresses, as well as, the distance between you and the IP address. Or even better, the distance between your warehouse and the IP address. These come back as separate fields in the output for easy processing.

IsProxy/ProxyType

IsProxy is a true or false flag that indicates if the IP is a known proxy. ProxyType describes the type of proxy it is. These will also come back in the validation response in separate fields. Proxy servers are like middlemen that all your web traffic runs through, essentially hiding your actual IP address and potentially filtering content coming and going through the proxy. You may want to handle varying proxies in different ways, such as not processing any records coming from an anonymous proxy or deliver different content to users behind a satellite proxy. These are the types of proxies we flag for:

PossibleMobileDevice

As you may have guessed from the name of this field, it indicates if the IP address is believed to be coming from a mobile device. Again, this can be used to deliver content differently. It can also help with analysis of your user base to gain better a understanding of how your web site is being accessed or what group of users tend to respond better to your offering.

ISP

The Internet Service Provider (ISP) that assigns the IP address.

NetblockOwner

The network owner to which the IP address is allocated. These usually fall into a range of IP addresses that are typically owned by an ISP or data center.

HostNames

The hostname associated with the IP address. Hostnames are labels assigned to devices on a network so they can be distinguished from each other. If more than one hostname is found then the names will be returned in a comma delimited list.

IPNotes/IPNoteCodes

IPNotes and IPNoteCodes reveal any notes about the IP that the system was able to determine and the associated code for ease of processing. Currently, we have two notes, but more can be added in the future as the operation expands:

A quick note on malicious IP addresses

The two codes noted above deal with identifying malicious IP addresses. Due to how often an IP address can be reassigned, an IP address that was once detected as malicious may stop being malicious later and vice-versa. How you handle IP addresses that get flagged with either of these codes is important. Some organization may ban them altogether. As part of your data hygiene strategy, we recommend re-validating IP addresses periodically rather than making a permanent designation.

More to IP Address Validation

For this blog, I pulled some of the main outputs from the table in our IP Address Validation developer guide and expanded on how they could be helpful in your business. By no means does this cover all the instances that IP Address Validation can be used, but it should give you a pretty good idea of its capabilities. By appending the related IP address data our service provides, you can develop strategic insights, flag potential fraud and create effective business logic that creates efficiencies and improves performance.

We are happy to share some of the best practices we have seen using IP Address Validation, just give us a shout.

How good are your leads? DOTS Lead Validation, Service Objects’ most popular composite service, is designed to measure lead quality – helping our clients reduce fraud, increase conversions and enhance incoming leads, web orders and customer lists.

Lead with Certainty

Lead Validation blends the strengths of our Name, Address, Phone, Email and IP Address validation services to provide authoritative details and return a Certainty score from 0-100. Marketing teams can use the results to assess the quality of incoming leads in real time, sales teams can prioritize their leads based on quality, and companies, in general, can make sure their CRM and other customer databases are kept clean, accurate and as up-to-date as possible.

Lead Validation verifies leads in real time for the United States and Canada. Our DOTS Lead Validation – International service works in a very similar fashion, adding the capabilities of validating global leads to the mix while including the strength of our core services for validating leads from the US and Canada. In this blog, we are focused on the components of Lead Validation and how it helps our clients.

Our Lead Validation service contains six primary components:

• Name
• Address
• Phone
• Email
• IP address
• Business

Each of these components are discussed in greater detail below.

Name component

The name component is built on the strength of our DOTS Name Validation service to validate names, verify accuracy, parse out name components, return gender information and more. It gives you insight into the name, looking for similar names and nicknames to improve matching, and flags questionable things like names that seem to contain vulgar words, match well-known celebrities, or appear to be fabricated garbage names such as random keystrokes. Name Validation also has access to names from all over the world, giving it the ability to handle leads with names that are less common in North America.

Lead Validation compares the name to other data points such as the phone number, email and address to determine how the name connects to the rest of the lead. Red flags found, such as those listed above, factor into the scoring,  returning a quality score that indicates the reliability of the given name, both by itself and as part of the lead. Unusual or unknown names are not necessarily failed. Generally, names can be considered good, unknown or bad. However, to get the “bad” designation, we expect to see that the name fails in at least one of the red flag categories mentioned above.

Address component

The address component uses DOTS Address Validation – US, DOTS Address Validation Canada, and DOTS Address Detective to correct, standardize and validate addresses in the United States and Canada, as follows.

• Address Validation – US uses our top of the line address validation engine and the USPS dataset to validate the given address, identify it as a business or residence, and determine if it is a mailable location, among other things.
• Address Validation – Canada parses, cleanses and validates Canadian addresses in English and French.
• Address Detective uses tools to deal with extremely messy addresses, from address information all appearing on a single line to jumbled inputs such as the street address being assigned to the city or the state being assigned to the postal code. Address Detective also has access to addresses not available in the USPS dataset to help with more challenging address inputs.

Lead Validation uses the results of these services, along with comparisons against other results like phone number and IP address, to build a component score that reflects both the quality of the component and its relation to the lead as a whole. Other Lead Validation specific tests look for things like hotels, prisons, intentionally bad data, post office boxes, CMRAs and more that also influence the component score.

Phone component

The phone component uses primarily DOTS Geophone Plus to gather contact, provider and location data for up to two phone numbers. Other important pieces of information are also collected. Is the number a landline, wireless or VOIP line? Is it a residential or business number? Does it appear to be a Google or Skype number? Is it connected? Can we detect patterns in the number that might signify that it is just randomly typed in numbers?

Lead Validation compares the resulting contact and location data back to the initially given name, business name, address, email, and IP address inputs to determine any connections that can be made between data points. These influence the component score along with the basic question: does it appear to be a good number?

The additional data points collected from the phone number also provides additional insights. Did a business lead provide a residential phone number, a personal email address or was a wireless line used? Dozens of tests create a component score that reflects the quality of the given phone number and its connection to the lead. If two numbers are given, the analysis is done on both numbers and the better fit for the lead is chosen as the primary one for comparison purposes.

Email component

The email component uses our DOTS Email Validation service to perform a step by step process that attempts email correction to fix common mistakes, syntax checks to make sure the address is both syntactically valid for email and that it conforms to the rules of the given domain, a DNS check to make sure the domain exists, an SMTP check to find the presence of a valid mail server and other various integrity checks. It tests that an email server is operational and accepting mail as well as if a specific mailbox is valid. Other data points collected include; if the email seems to be bogus, vulgar, garbage, disposable, an alias, a spam trap, is associated with a bot, is a free or business email and more.

Lead Validation compares email to other data points like name, business name, IP address and phone number to see if they can be connected. That combined with whether the mailbox is good, seems to be connected to the user and considerations for any red flags found while testing the email, lead to a component score that considers how valid the email address is and its likelihood of being a part of the lead.

IP address component

The IP address component uses primarily the DOTS IP Validation service to identify if the IP address is a good one, its country of origin or more accurate location, whether or not it belongs to a known proxy and if it appears to belong to a mobile device. The service can identify harmful proxies to determine if the lead is attempting to hide their location or check if the IP address has been linked to malicious behavior. Other pieces of information are returned as well to identify the internet service provider (ISP) or link the IP address to a business.

Lead Validation will compare IP address to address, phone, email and business to determine if any positive or negative connections can be made. Lead Validation will assess any high-risk countries along with the consideration of malicious and proxy IP addresses to determine the quality of the IP component and how it fits in with the lead.

Business component

The business component is unique from the other components. While the other components work for all leads, the business component is designed to work only with leads designated as business leads. This designation is controlled by TestType (i.e. TestType=business or TestType=businessonly) as users can decide if their leads are business, residential or perhaps a bit of both. This component also does not rely on existing services to gather core data.

Lead Validation performs its own internal tests and checks against our business datasets. Data points found can be compared to business names, addresses, IP addresses, phone numbers, and emails to look for connections. Other checks look for red flags in the given business name such as vulgarities and potential bogus submissions. All of these checks combine to create a business component score that reflects its validity and how it fits in with the lead as a whole.

Conclusion

Each of the components described above return their own 0-100 certainty score and a quality recommendation (i.e. Review, Review or Reject). Generally, high scores indicate the component score itself is good, while a low one indicates that it is bad. However, each component also has scoring based on cross-comparisons built in as well. For example, a given phone number might be perfectly valid but during the cross-examination phase, we find that it seems to belong to a person not indicated by the input lead. This would likely lead the phone component to a poor score because while the number is technically a “good” number, it is not good for the lead.

Hopefully, this gives you a strong overview of our Lead Validation service, as well as provide some insight into how the components are tested and how they relate to the overall lead. If you would like to learn more about Lead Validation, please visit our product page and developer guide.

In a previous blog, we discussed the benefits of using DOTS Address Detective – International to detect a contact’s country. This blog will discuss some of the challenges surrounding country detection in more detail, as well as provide an overview on how we determine the best country from your data.

Contact components

When trying to append a country to a contact, we have four main components to examine.

1. Address
2. Phone
3. IP Address
4. Email

Each component must be carefully evaluated on its own merit before it can be used to help identify a country for the contact.

Address component

The Address component may represent a contact’s physical location or mailable address. It is the most diverse and complex of all the components. International addresses do not follow a singular format, language or standard. Each country has its own set of rules and standards, which can also make the storage of international addresses problematic for US-centric CRMs.

This also means that is common for a contact’s address to be incorrect and/or incomplete. Additionally, some businesses are not always interested in capturing a mailable address and only wish to store a contact’s region. Depending on who is entering the contact address and how it is being stored, it would not be unreasonable to expect this data to be flawed in more ways than one.

Knowing the country is critical to processing most addresses. It determines the address format, which is needed to identify individual address elements, which in turn are needed to identify a locality, postal code or region. With that said, our sophisticated data-driven algorithms are not dependent on completeness and allow for a wide variety of formats and languages.

If you think you can identify a country’s address, take our fun, short Country Quiz.

Similar to the DOTS Address Validation International service, the address component consists of Address Lines 1-8, Locality, Admin Area and Postal Code. The address can be entered entirely in lines 1-8 or in combination with the Locality, Admin Area and Postal Code fields. Address line order does not matter, and common mistakes like putting an address value into the wrong address field are detected and handled.

Not all countries follow the US city-state pairing format or the equivalent locality admin area pairing. Many international addresses do not include an admin area, which can make country detection difficult since many localities from around the world can often share names. Take Venice, for example, which can be found in separate locations of three different countries.

Locality	Admin Area	Country
Venice	Venice	Italy
Venice	Alberta	Canada
Venice	California	USA
Venice	Florida	USA

If no other address information besides the name Venice was made available, one would be left having to choose between these three countries. However, by making use of other contact data such as a phone number, IP address and/or email, the service can cross reference various datasets to better determine which country is the best match. Then again, if the locality was entered as Venezia, the Italian endonym for Venice, there would be less ambiguity and the country Italy would be the clear choice.

Phone component

The phone component consists of a contact’s phone number(s). The format of a phone number is dictated by its country’s numbering plan. Some countries have their own numbering plan, while others share one. The USA and Canada, for example, share the North American Numbering Plan (NANP), whereas the UK and its crown dependencies share the UK National Telephone Numbering Plan. Most countries conform to the E.164 International Telecommunication Numbering Plan, which is published by the International Telecommunication Union (ITU).

The E.164 Numbering Plan

The E.164 currently provides five number structures (numbering plans) for international phone numbers:

1. International ITU-T E.164-number for geographic areas.
2. International ITU-T E.164-number for global services.
3. International ITU-T E.164-number for Networks.
4. International ITU-T E.164-number for groups of countries.
5. International ITU-T E.164-number for trials.

Each structure has its own set of rules and requirements, but telephone numbers that conform to E.164, in general, will adhere to the following:

• The recommended maximum length for a telephone number is 15 digits.
• Telephone numbers will begin with a Country Code (CC).
• Telephone numbers will not include Prefixes and Suffixes

Country codes

Country calling codes are published by the Telecommunication Standardization Bureau (TSB). Depending on which E.164 structure is being used the country code (CC) may vary between 1 to 3 digits or may be fixed to 3 digits. Country codes are followed by the destination number in accordance with the E.164 numbering plan. When storing a country code or an international (E.164) number, the number is commonly prefixed with a plus symbol (+) to indicate that when dialing the number, one must first dial the appropriate international call prefix to complete the call.

Prefixes

International call prefixes (also known as call out codes, dial out codes, exit codes or international access codes) are used to make a call from one country to another. The Prefix is dialed before the country code (CC) and the destination telephone number. Prefixes are not a part of the E.164 numbering plan and it is recommended to not include them as they can interfere with country code identification.

Making the Call

Suppose you have a contact in the UK with the following number saved in your CRM, ‘+44 123 456 7890 Ext. 123’, and you wanted to call this person from within the USA. To call them, you would dial 011441234567890, and then after you have been successfully connected you would next dial your contact’s extension of 123.

The table below shows how the prefix and suffix are not a part of an international number.

Prefix	International Number		Suffix
	Country Code	Destination Number
011	44	1234567890	Ext. 123

Now suppose that you wanted to call this contact again, but this time you are in Sweden and not in the USA. Instead of dialing the 011 prefix, which is shared by all countries in the North American Numbering Plan (NANP), you would dial 00 which is the prefix used by many countries in Europe.

At Service Objects, we understand that not all phone numbers will conform to an E.164 numbering plan and that many numbers will have missing country codes, which why our services make use of a wide variety of datasets and are flexible enough to intelligently identify a country.

IP address component

Not all companies capture a contact’s IP address, but when they do they are most likely capturing it via the web form the contact used to submit their information. The captured IP address and the location for that IP is often for the registered owner of the IP, so if the contact filled out a web form from their home computer then it is likely that the IP is for their Internet Service Provider (ISP). If they filled it out from their office computer, then the IP address may belong to the business or to the business’s ISP. IP based geolocation systems will commonly return a general location for the owner of the IP, which in most cases is the end user’s ISP.

There is often a misconception that IP based geolocation services will always return an end user’s exact location. For example, that the IP address assigned to a mobile smartphone can alone be used to pinpoint and track the phone’s exact location. This is simply not true. In most cases, IP based geolocation services will return the city and/or the metropolitan area for where the IP address is commonly served. Subscribers will generally be located within the serviceable area of their ISP, and so the IP based location can be used in confidence to identify the region of the end user.

Identifying anonymous users

If a contact used a Virtual Private Network (VPN) or Proxy connection, such as a Tor network, when filling out a form then that means that the end user’s true IP address was masked and it was not captured. Some users will make use of methods such as these to try and remain anonymous and prevent others from capturing their true IP address. These methods are not only used to mask a user’s true location, but they can also be used to make a user appear to be from somewhere they are not. This is commonly done to circumvent region locked sites and services, however not all VPN and proxy connections are used for this purpose. Many businesses make use of VPN and proxy connections to connect their employees, sites and services from various regions, including remote employees.

A service like DOTS IP Address Validation is capable of identifying proxy related IP addresses as well as IP addresses associated with malicious activity. By leveraging this data, the country detection algorithm can determine if the IP is trustworthy and if the IP based location is genuine.

Email component

The email address component uses the contact email address to identify where in the world the mail servers are located. The location of the mail server should not be confused with the location of the mail sender; after all, one of the benefits of email is that you can send and receive it from just about anywhere an internet connection is available. This means that a contact may not necessarily be anywhere near where the mail server is located and could potentially reside in an entirely different country. It’s also worth noting that the domain name, including the Top Level Domain (TLD), can be misleading.

For example, let’s suppose we have an email with a domain that consists of Spanish words and the TLD country code for Spain (ES), like: ejemplo@una_palabra_espanola.es

While the above example email address may appear to be for a contact for Spain, the company could instead be hosted or even located in another country, such as the USA. Another possibility is that the company is located in one country and has their email handled by a provider in another. It is quite common for businesses to outsource email duties to specialized email providers.

Some domains have mail servers located in multiple countries and regions and are not tied to a single location. So, email addresses alone cannot be used to accurately and confidently identify a contact’s country, as doing so would be too far-reaching. However, the country or countries for the email component can be used in some cases to help identify a single country when used in combination with other contact data.

Which country is best

As you can see, each contact component is carefully analyzed to the point where a country may be singled out for each one, but the next step is to now determine which country best represents the overall contact. By taking the countries that are related for each component and carefully weighing their relevance as well as cross-examining them we can in many cases successfully identify the single best country that best exemplifies the contact.

As previously mentioned, contact components like the Address and Email can result in more than one country. The country detection algorithm takes all possible countries into account, so even though a single component may not have a clear country winner, a best match can be found between all the components. Some components have a stronger influence than others. For example, the IP address and email address components do not have as much influence as the address and phone components since they are not always directly related to where a contact resides.

In general, the more complete the contact information is, the more the country detection algorithm will have to work with, choosing a best overall country. However, even when a few contact components are available, the service will still be able to make do with the information it receives.

Some things are just better together. Like milk and cookies. Or peanut butter and jelly. Or, if you do online sales and marketing, ecommerce platforms and data validation services.

Integrating live, real-time validation services right into your ecommerce platform is easy to do, and gives you a whole host of benefits including promoting sales, preventing fraud and ensuring top-notch customer service and product delivery. This article explores a rich smorgasbord of benefits you can engineer into your own shopping cart platform – adding any of them will make your life easier:

Localize the online shopping experience

Even before a customer has a chance to look at your online store, you can curate its contents based on their location, using IP Address Validation to see where they are coming from. Detect their region or country and customize the language, currency and taxes for your online store to match. Or use their location to offer a ski sale for Colorado and surfboards for Hawaii. Geolocation can also be used to change your product mix to match local regulations and sensibilities. Another use we have seen is presenting customers with the appropriate terms of use and privacy policy based on their location, helping you maintain privacy compliance.

Keep online fraud at bay

Our IP Address Validation tool also lets you detect the location of a visitor to implement additional security rules for high risk countries, such as only allowing certain types of payment or restricting sales to high-fraud destinations. You can also compare the location of the IP address against the billing and shipping address, and flag discrepancies for further review.

Other tools to help reduce online fraud and chargebacks include:

• Using BIN Validation to identify high risk cards like prepaid and gift cards, especially for multi-payment and membership products and services. This tool can also help you compare the issuing bank and country with the billing and shipping location.
• Using Email Validation to flag questionable or fraudulent email addresses.
• Using GeoPhone Plus to match the address for a customer’s phone number against their billing and shipping details.

Finally, our advanced Order Validation tool is a comprehensive and composite service for fraud monitoring, performing multi-function verifications including address validation, BIN validation, reverse phone lookup, email validation, and IP validation. Our proprietary algorithm performs over 200 tests and returns a 0-100 quality score on the overall validity and authenticity of the customer, flagged for pass, review or fail.

Get accurate sales tax information

For customers in the United States and Canada, our FastTax product can provide you with up-to-date sales tax rates, as well as identify the correct tax jurisdiction and boundaries based on location. In some jurisdictions tax rates even vary on different sides of the same street, and we can catch this!

Ensure deliverability

By checking addresses, you can ensure cost-saving delivery rates, avoid returned shipments, and ensure customer satisfaction by getting their order to the right place on time.

Our flagship Address Validation services for the United States, Canada and international addresses validate and correct addresses in real-time to ensure customers have entered a correct (and deliverable) address for the USPS, FedEx and UPS. Our US service is CASS certified and includes Delivery Point Validation (DPV) to verify an address is deliverable, Residential Delivery Indicator (RDI) to identify residential versus business addresses, and SuiteLink (SLK) to add secondary suite information for businesses.

For Canada, we can validate and correct addresses whether they are in English or French, with an output that meets Canada Post standards. For international addresses, we can instantly correct, standardize and append addresses for over 250 countries, adapted to each country’s postal formats and cultural idiosyncrasies. You can also use our address validation tools to create an address suggestion tool that includes validation.

Use the right delivery approach

Another use for US address verification is that it can identify general delivery address (i.e. PO boxes). Some sellers choose not to deliver to PO boxes, present different shipper options, or ask the buyer for a different address. Conversely, it can also detect incorporated areas versus unincorporated areas where the USPS will not deliver, allowing you to create logic that doesn’t present the USPS as a delivery option for these types of addresses.

In addition to improving deliverability, these verifications can also improve your bottom line by keeping more orders in your online shopping cart: a frequent customer complaint is being told that they cannot order from a site because USPS-only verification logic says their address is undeliverable. UPS and FedEx can normally deliver to most US doorsteps, and our capabilities can help you close these sales as well.

Ensure accurate email addresses

Our Email Validation service helps make sure that you capture the correct email address at the time of entry, ensuring that all future communications reach the customer. It catches common typographical errors (like gmial.com instead of gmail.com) as well as bogus email addresses. And when accounts are created using the customer’s email address as the primary key or account id, this tool helps ensure that you can catch mistakes while they are still easy to correct.

Improve your customer service and marketing

The benefits of integrated data validation don’t stop when an order goes out the door. Regular validation and cleaning of your contact data, for customers and prospects, will streamline your future marketing efforts – not to mention helping you comply with consumer protection and privacy regulations. And our customer insight and demographics tools can help you leverage this contact data as a valuable asset for serving your customer base even better.

For each of these capabilities, it is easy to integrate our services into almost any ecommerce platform. Most of these systems offer a plugin, RESTful API, or exposed interface to integrate with our services, including cloud connectors and web hooks, and any application that can call a web service can obtain output from our services in either XML or JSON formats. And we recognize that not all shopping carts are built alike, with needs varying from mom-and-pop online stores to full-scale enterprise level platforms, so take advantage of our extensive documentation and support to get you going.

Of course, our tools also stand alone, with convenient batch processing options for cleaning up legacy data in list form as well as quick lookup capabilities. But if you have an automated solution for your ecommerce capabilities, our services can power up the accuracy, quality and productivity of your marketing and sales efforts. Learn more on our website, or contact us anytime to learn more!

Do we support your ecommerce system? Yes we do!

Here is a list of many of the popular ecommerce systems that we interface with.

2Checkout (formerly Avangate)	LemonStand	Spark Pay
3D Cart	Magento (recently acquired by Adobe)	Squarespace
Big Cartel	Microsoft Commerce Server	SuiteCommerce
BigCommerce	Miva	Symphony Commerce
CloudCraze	OpenCart	Systum
CommerceHub	Oracle Commerce Cloud	Volusion
Demandware	osCommerce	VTEX
Drupal Commerce	Paddle	WebSphere Commerce (WCS) (IBM)
Ecwid	Prestashop	Weebly
FastSpring	Salesforce Commerce Cloud	Wix
InfusionSoft	SAP Hybris Commerce	WooCommerce (WordPress plugin)
Kibo	Shopify	X-Cart

And new interfaces are coming online all the time, so if you don’t see yours on the list, talk to us!

 

 

Using a blacklist to block malicious users and bots that would cause you aggravation and harm is one of the most common and oldest methods around (according to Wikipedia the first DNS based blacklist was introduced in 1997).

There are various types of blacklists available. Blacklists exist for IP addresses, domains, email addresses and usernames. The majority of the time these lists will concentrate on identifying known spammers. Other lists will serve a more specific purpose, such as IP lists that help identify known proxies, TORs and VPNs or email lists of known honeypots or lists of disposable domains.

There are many different types of malicious activity that occur on the internet and there are various types of lists out there to help identify and prevent it; however, there are also various problems with lists.

The problem with lists

In order to first identify a malicious activity with a list, the malicious activity must first occur and then be reported and propagated. It is not uncommon for malicious activity to stop by the time it has been reported and propagated. Not all malicious activities are reported. If you encounter the malicious activity before it is reported then you won’t be able to preemptively act on it.

IPs, Domains, Email Addresses and Usernames are dynamic and disposable. If a malicious user/bot gets blocked then they can easily switch to a different IP, domain etc.

Some lists offer warnings that blocking an IP address could affect thousands of users who depend on it in order to obtain crucial information that they would otherwise not have access to. So block responsibly.

Aggregating data to more effectively identify malicious activity

Instead of looking at one list to perform a simple straightforward lookup, we can take advantage of multiple datasets to uncover patterns and relationships between seemingly disparate values. A simple example would be, relating usernames to email addresses, email addresses to domains and domains to IP addresses, which allows us to view the activity of one value and compare it to the behavior of other values. Using complex algorithms with machine learning to process large samples of data we can intelligently discern if a value is directly or indirectly related to a malicious activity.

How Service Objects keeps it simple for the user

The DOTS IP Address Validation service currently has two flags to help its user deal with malicious IPs, ‘MaliciousIP’ and ‘PotentiallyMaliciousIP’. The ‘MaliciousIP’ flag indicates that the IP address recently displayed malicious activity and should be treated as such. The ‘PotentiallyMaliciousIP’’ flag indicates that the IP address recently displayed one or more strong relationships to malicious activity and that it has a high likelihood of being malicious. Both flags should be treated as warnings with the ‘MalciousIP’ flag being scrutinized more severely.

The warning signs of online fraud are out there, but you need a means of discovering them. Our DOTS IP Address Validation service encompasses many of the identification strategies necessary to make split-second decisions on would be attackers before any harm is done.

Good news – someone wants to place a large online order for one of your company’s products, shipped to their business in the United States. But in reality, this person is a scammer from some boiler room halfway around the world. They are using a spoofed phone number, an address for an anonymous drop shipment point, and a stolen credit card number that will eventually get charged back to you.

Fraudsters can leverage the anonymity of the web to do everything from transferring money to purchasing valuable goods for resale on the black market. And the growth of online commerce and card-not-present (CNP) transactions has fueled online fraud as a lucrative industry. According to an annual report from CyberSource, as of 2016 companies lose nearly one percent (0.8%) of their revenues to fraud. It occurs almost equally across companies of all sizes, and 83% of them conduct manual reviews of orders to try and combat this fraud.

It is this latter area – manual verification – that often becomes a tough choice for businesses. Do you tighten up your screening process, and risk rejecting valid orders and losing customers? Or do you become more of an easy target for criminals? Either way, this manual verification, which can take several minutes per transaction checked, represents a substantial cost on top of any losses or chargebacks you endure because of fraud.

One of the key criteria for fraudulent transactions is the location of the purchaser. Common red flags for problem transactions can include.

• A purchaser whose IP address is far from their delivery address – for example, someone in Asia orders something to be shipped to a business in Indiana
• Anonymous or so-called “dark web” IP addresses designed to mask the user’s location, including proxy servers and virtual private networks (VPNs)
• Orders from multiple locations over a short period of time

On the other hand, simple screening criteria such as rejecting orders from VPNs, proxy servers and distant locations are blunt instruments that can exclude legitimate customers, such as people traveling on business. Moreover, manual verification of these orders represents a substantial transactional cost that affects your organization’s margins.

This is where automated geolocation tools can make a real difference in fraud prevention. Using continually updated databases, and often working as an API directly from your web processes, these tools can automatically validate and cross-reference criteria such as mailing addresses, phone numbers and IP addresses for legitimacy. They can also validate the credit card itself, by using BIN number validation. More important, bundled tools for lead or order generation can perform multi-function verifications using composite criteria, returning a 0-100 quality score on the overall validity and authenticity of the customer.

Held up against the financial, merchandise and time losses associated with fraud, not to mention the potential loss of goodwill and market share among existing customers, automated geolocation tools can be an extremely cost-effective solution for a universal problem among businesses. Unfortunately fraud will always be with us, thanks to human nature, and these tools help you and your business stay one step ahead of the problem.

With the holiday season upon us, online sales surge with customers seeking to place orders with retailers. But not all orders, form submissions, and lead generation efforts are legitimate. Building fraud identification systems which can properly identify cases that are illegitimate can range from simple to complex, with the latter using such methods as tracking user behavior and performing complex authentication methods. Most, if not all, fraud identification strategies incorporate a fundamental step in identifying fraud which is through IP Validation.

IP Validation identifies the origin of an IP which is crucial for assessing whether an IP is legitimate or is considered High Risk. An IP is categorized as High Risk based on multiple factors including whether the IP origin is from a TOR Network exit node, behind an Anonymous/Elite proxy, has been blacklisted for suspicious/spam activity, or whether the IP origin is in a country that is considered High Risk for fraudulent activity.

Anonymous Proxies

A typical HTTP request includes necessary header information which describes the origin of the request to return information to. Requests which emanate from an anonymous proxy hide the origin IP and only include the proxy IP. Anonymous proxies are available through either SOCKS or HTTP protocol. HTTP protocol is used for general HTTP/HTTPS requests as well as FTP in some cases, while SOCKS proxy provides support for any type of network protocol.

TOR Network

While detecting whether an HTTP request was issued from behind a proxy may be detectable based on header information, this is not the case with a request emanating from a TOR client. TOR networks route requests through a series of participating nodes anonymizing where the origin of the request came from.

VPN Service

VPN or Virtual Private Network offers another method for fraudsters to conceal their identity. A VPN service provides a secure tunnel for users to connect to another host machine and execute requests appearing as though the requests are emanating from the VPN host machine.   VPN adds the additional security of encrypting traffic between the user and VPN host.

IP Blacklist

IP Reputation services and DNS-based blacklists track and monitor suspicious and spamming activities. Users which violate website /domain owner’s terms of service can have their IP blacklisted which terminates future activity from that IP. Website owners will check their own provided IP to ensure their website has not been used in spamming attacks or suspicious activities which could restrict their ability to operate. Accepting messages from an IP which has been blacklisted should be considered high risk.

BotNet

A Botnet is another method fraudsters can use to conceal identity. A botnet is a network of machines that are under control by the attacker. Hackers frequently use botnets for large scale attacks where a high number of concurrent requests are issued to take down a system. Botnets can originate from any network connected device. This was evidenced by a recent attack on a major DNS system provider which was executed by a network of connected home devices.

How to Protect Yourself

With all of the different methods of concealing identity available to fraudsters, the picture becomes much larger of the task to thwart would-be thieves from disrupting your systems. Thankfully DOTS IP Validation encompasses many of the identification strategies necessary to make split-second decisions on would be attackers before any harm is done. From IP origin to Proxy/ TOR node detection, DOTS IP Validation has you covered.

Have you ever been in a business with a sign that says, “We reserve the right to refuse service”? When doing business in person, merchants may be able to detect warning signs of potential fraud. Perhaps the name on a credit card is not the same as the name on the customer’s ID card. Maybe the customer appears overly nervous. Maybe the customer’s one hundred dollar bills seem too new or out of place. In order to protect themselves from fraud, these merchants may invoke that right and refuse to proceed with the transaction.

Though the warning signs of fraud are different when doing business online, you can protect your business by using IP validation.

What is IP Validation?

The DOTS IP Validation service is one of many tools to help prevent fraud. It does so by validating the IP address of online customers. IP addresses can reveal the general location of users. For example, if you use an Internet service provider (ISP) in Los Angeles, California, your IP address will indicate that you are in the Los Angeles area. This information is transmitted to websites as you use the Internet.

Most people have no reason to hide their IP addresses. In fact, most are unaware that they even have one.

How IP Validation Helps Prevent Fraud

Now, suppose you have an online customer who says that he is located in Los Angeles but is actually located in New Delhi, India — wouldn’t you want to know about this deceit?

With IP validation, you can compare the customer’s IP address with the address claimed. In the example above, you’d immediately discover a mismatch between New Delhi and Los Angeles — a sign of potential fraud. Since IP validation takes place in real time, you can immediately invoke your right to refuse service. In other words, the transaction can be halted before fraud can take place.

Ah, but fraudsters and malicious users know about IP validation, too — and they’re tricky. To escape detection, they often attempt to hide their true location from merchants by using network proxies.

The term proxy is defined as an entity that is used to represent the value of something else. Proxies are like substitutes, surrogates, or stand-ins. With these definitions in mind, a network proxy serves as a substitute for a user’s actual network IP address. It’s a fake.

Network proxy services are readily available around the world. While there are many legitimate reasons to use network proxies including corporate networking, access control, and security and privacy concerns, bad guys often use network proxies to obscure their locations.

Let’s revisit the user in New Delhi who claims to be in Los Angeles. He’s gotten smarter and is now hiding behind a proxy. His IP address no longer provides you with the crucial clue you need to detect the user’s actual location. Thus, IP validation won’t work — or will it?

DOTS IP Validation service can detect when an IP address is a part of a proxy network. Though the IP address and the claimed location may match, the fact that the customer is using a proxy is a red flag. It’s telling you that the user may be a fraudster or a malicious user and that caution is warranted.

While the user may or may not have a valid reason to use a proxy, wouldn’t you want to be alerted that something is awry before you do business?

The warning signs of online fraud are out there, but you need a means of discovering them. Help protect your online business from potential fraud by using IP validation. Try it out now with a free trial key.

Last week our DOTS IP Address Validation web service received an exciting new feature enhancement – the ability to detect Tor network users within the anonymous proxy warning.

Using the Tor Network or similar anonymous proxies to hide one’s IP address allows fraudsters to easily conceal their true geographic location, enabling them to create potentially bogus transactions. Orders made with stolen credit cards create havoc for retailers, especially during the crucial holiday shopping season.

Customers using IP address validation can now uncover real-time location and network information about the IP address linked to the user, warning them of contacts utilizing anonymous and public proxies. This information empowers companies to make informed decisions about the risks associated with these types of online transactions.

The addition of this enhanced anonymous proxy feature has produced an interesting, and somewhat controversial conversation on Slashdot. Find out what others are saying here.

For more information about DOTS IP Address Validation and how to defend against online fraud, click here.