A users interaction on a website and in particular eCommerce website can be described as a series of events. Whenever a user does something like sign in, register, request a password reset link, add an item to their basket etc. an event occurs. Webhooks are a way of responding to these events.
With age verification becoming increasingly more regulated, it is important to make sure your website, if it sells age restricted products, is designed to check a customer is over 18. This can be achieved with webhooks and the T2A method age_verification. Most eCommerce solutions (e.g. WooCommerce) will provide webhooks that you can use. For WooCommerce you could set your Topic as “Customer created”, “Order created”, “Order updated” and then run the T2A age verification to check the customer information against our extensive UK people data sources to see if the user is over 18. Alternatively, you could select Action as your topic field and create a webhook that fires after a particular WooCommerce action occurs e.g. “woocommerce_after_checkout_validation”.
Another use for webhooks is to check customer information to prevent fraudulent card transactions. Stripe, Braintree and other merchant account providers will provide webhook interaction which you can use by checking customer input against our person_verify method. This could be a first step in flagging a transaction that needs further investigation. Our person_verify method checks a name and address against our 48+ million data set of UK people and indicates whether they exist in our data.
As well as verification you could use webhooks and T2A to improve your customer database.
We have substantial information on UK people and businesses. Using a “Customer created” webhook you could use our person_search method to enhance the customer record. The person_search method returns telephone numbers, mobile numbers and links the person to associated companies if they are a company director. Alternatively, if you are dealing with a UK business you could get further information on the company using our business_search, company_details, company_credit_report and director_details methods. Our business data includes telephone numbers, company website, company appointments, credit reports and information on directors. This appended customer information could help with marketing, profiling, order fulfillment and other customer service requirements.
Alternatively, if you don’t need to update customer records on the fly during webhooks you can take advantage of the bulk telephone number appending API method.
The last use case in this post is the tps_full method. Again using a “Customer created” webhook you could check if the customers telephone number is on the TPS or Corporate TPS register and flag the record accordingly. You could also periodically check all your records with the bulk tps checking method tps_bulk (though this would not be during a webhook).
Try before you buy!
We have added free demos of our person searching methods so that you can test our data coverage, of UK people, before purchasing credits.
You can try them here:
Free API test mode
Remember you can always use the free test mode to assist your T2A integration development. This allows you to simulate calls to any method and receive “dummy” data (formatted the same as responses you would receive from live API calls) without using any credits.
If your business accepts Card Not Present card payments (e.g. an eCommerce website) you are probably aware of the built in checks provider by your merchant services provider: *AVS, CVV, MasterCard SecureCode / Verified by Visa and Fraud Screening.
*Brief description of built in checks
- Address Verification Checks – checks the numerical characters of the transactions billing address and postcode against the details held by the card issuer. (This is not widely used by non-UK cards)
- Card Verification Value (CVV) – Checks the transactions inputted CVV against the value held by the card issuer.
- MasterCard SecureCode / Verified by Visa – services created by the Card Schemes to protect you and your customers.
- Fraud Screening – your merchant provider provides a score indicating the likelihood a transaction is fraudulent, they also highlight anomalies with the transaction (e.g. transaction billing address country does not match value held by the card issuer).
There is however additional checks you can make to help avoid a fraudulent transaction.
- Check the customer emails address – proceed with caution with free email address like Yahoo, Hotmail or Gmail as these are more likely to result in fraud. Subscription email addresses like ‘BTConnect’ or ‘Virginmedia’ are usually safer. Or if the email address is the domain of a company website go to that domain and see if it is an established website, if it’s just a parking page the transaction is less safe. You should also check the name in the email address. Does it make sense when comparing it to the card holder name? Checking the email address should be a part of your overall checking as many of your honest customers may use free email addresses.
- Is the order too good to be true? Be aware if you have an order that is a higher value than your normal orders. Also be aware if you get several orders from the same customer in a short space of time. Have a look at your statistics, how frequently do you get orders from the same customer, if you best honest customer is buying from your website once a month and someone purchases from you 3 days in a row, something might be fishy.
- Is it unusual in another way? Is there anything else you can think of that doesn’t match your normal customers.
- Check the IP address of the transaction and see where it originates from. Compare this with the billing address. Be aware that fraudsters can use proxy IP addresses.
- Where possible ask customers for a land line telephone number which can be checked using Directory Enquiries (unless they are ex-directory). You can also check the supplied name and address details against the details on the Edited Electoral Roll. This is not a guarantee as it is possible to opt out of having your details published. Try ukphonebook.com people search OR the T2A API search for a person and find a residential telephone number methods.
- Have a look at all the transactions occurring on your website not just the successful ones. Was the customer declined several times before they were successful? You shouldn’t immediately think its fraud as sometimes people mistype things, but you should investigate further.
- When you do get a fraudulent transaction or charge-back – investigate the details of the transaction and see if there are any clues to help further improve your fraud screening.
These checks can help you when you are reviewing your transactions but you may want to consider building your own solution that uses a combination of these checks against each transaction before they are submitted to protect yourself further.