This is a guest POV from our industry-leading partners at BriteVerify.
As a marketer, your goal is to collect valuable data from people who are interested in what your company is selling. But what if bad actors hijack that process for their own purposes? We, at BriteVerify, have followed a clear trend in the way marketers are managing the quality of their email acquisition processes to avoid bad and fraudulent data. And more often than not, marketers are increasingly forced to take measures to ensure not only the validity of data originating from their various channels but also the humanity of that data. As online Web Forms, POS systems and lightboxes become smarter components in your marketing strategy, the question arises: Are you speaking to a person or a bot when you collect information?
There are a few key things to consider for savvy marketers today as you protect your ecosystem while also engaging with real customers:
Are you a robot?
The simplest way to ensure the humanity of the data you’re collecting online is to use Google’s ReCAPTCHA. It’s much easier for a user to verify their humanity with a simple checkbox. While it requires some coding on the back-end to validate the user’s response, it’s easy to implement for even the newbiest of web developers, and plugins are offered on most form builders and blog platforms.
Another technique to help reduce automated signups is called a “honeypot field.” This field looks like a normal field on your web form if you look at the HTML code. However, if you view the form using a web browser, the field doesn’t show up on screen at all. So if you encounter any sign-ups that populate this field, you know that only a bot could have done it and you can reject the submission out-of-hand. A human would not even notice it’s there, so there’s no inconvenience to the user.
Are you suspicious?
Even if a user isn’t a robot it doesn’t mean their intentions are honorable. At BriteVerify, we encounter real people doing suspicious things on a daily basis. Some users sign up repeatedly just to verify if stolen credit cards are still active (this is called Credit Card Stacking). Or they sign up under false identities with stolen credit cards to steal services, leaving us to deal with the repercussions.
IP Address / Device Tracking
This is a no-brainer and the first thing that should be done when looking for both bad bots and bad people. By keeping track of how many requests are originating from a given IP during a given time period, one can detect potential bad actors and either challenge them to confirm their identity or lock them out altogether.
It’s no secret that a lot of malicious behavior online originates from a few key countries. So it can be helpful to weigh the location of the user when weighing their threat level. The IP address is the first place to start or even the user-supplied address since most bad actors won’t go through the bother of proxying their IP address to appear to be in another country.
However, the best way to determine location is to use the geolocation API available in all modern browsers. This is incredibly accurate as it uses other elements than just the IP address to determine the location of the user. It also has the benefit that the user must accept a prompt, so automating that acceptance or rejection is nearly impossible. Even if the user does not choose to share their location, the act of denying it in itself is very helpful in determining if it’s a human actor.
Verifying Identity with Social
Once we have determined that a user is suspect we then need to challenge them to confirm their identity. Using online services like Linkedin, Google, Facebook, Yahoo, or Twitter can be extremely helpful because temporarily authorizing access to one of these services opens up a world of information and allows you to augment your fraud prevention efforts with those of some of the world’s best online services.
Connecting with Real People
We started BriteVerify to ensure the validity and ultimately the deliverability of email addresses entered online. Over time, just knowing that the email was real wasn’t enough; we needed to know the person entering it was real as well. We developed tools to identify suspicious behavior and then solutions to allow suspicious actors to confirm their identities rather than just blocking them outright.
Eventually, we started offering this technology to our customers but there are many basic techniques companies can use depending on their needs that can prevent much of the most basic bot based fraud.
As we all do more of our business online, the need to secure our digital walls is part of living and doing business in this digital world.
James McLachlan is a founder at BriteVerify. BriteVerify provides real-time email verification solutions that improve email data quality, Inbox deliverability and email marketing ROI. With offices in the U.S. and the U.K., BriteVerify helps over 35,000 organizations in 150 countries collect better email data and send smarter campaigns.
Tipping the innovation scale by partnering with technology leaders. Find a list of Trendline’s industry-leading partners here.