By Steve Rafferty, CEO of ActiveProspect

In the lead generation industry, we’ve talked for years about the growing problem of bots. Bot-submitted leads are another form of lead fraud. While these non-human submissions quietly erode the performance of your campaigns, the biggest risk is the compliance risk. The problem is that you don’t have prior express written consent if the form wasn’t completed by a human.  

So, every bot-submitted lead you call is a TCPA compliance risk and can cost you $1,500 per violation. To understand the full extent of this risk, you need to know how many of the leads you are buying and calling were submitted by bots.

Breaking down the misconception about bot-submitted leads

There is a common misconception that bot-generated leads are basically junk leads that won’t convert. Marketers assume these can be weeded out with standard validation and verification filters. The truth is that bot-submitted leads are typically submitted with real consumer data. This means that they will pass all of your filters because it is real contact information. This also means these leads may still convert in your sales process, just at a lower conversion rate. It is effectively like cold calling a purchased list versus calling an opt-in lead that requested your call.

Where does this data come from? In some cases, it might be purchased on the dark web via data breaches or it could be purchased as low cost aged co-registration data. Regardless of the actual source, the fact is that it is inexpensive to obtain real consumer contact information. 

However, opt-in leads are expensive. That is the arbitrage opportunity being exploited by the fraudsters who are employing bots to submit forms. Buying a record for pennies that you can sell for $50 is a very tempting business model.

The bot detection challenge for purchased leads

There are a number of excellent fraud detection services on the market that can detect bot traffic on your website. These services rely on you installing their script on your website that will analyze your traffic to make a real-time determination if it is fraudulent or not. This is effective for the leads you generate on your own website, but what about the leads you purchase from partners?  How can you determine if the leads you are buying were actually submitted by bots?  

For years we have recommended that you capture the IP address and user agent via a TrustedForm Certificate, and send that data to the API of a fraud detection service so they can assess whether it is fraudulent. While this is still a good approach, the challenge is that the IP address and user agent is very limited information for these tools to make that assessment. They need a lot more information to be really effective.

The TrustedForm approach

Since the TrustedForm script is present on the forms where leads are generated, it is able to look at information about the site visitor and how they interact with the form and determine if it was submitted by a bot. Since TrustedForm captures every user event including mouse movements, clicks, and form inputs, we have access to a rich and unique dataset for analyzing bot activity. We make this assessment in real time so that you can check if a lead was generated by a bot before you actually buy it.

We provide the bot detection data point as part of our TrustedForm Insights offering. This means you can use the TrustedForm API (on ping or post) to find out if a lead was generated by a bot. If you are buying leads in a real-time (ping-post) auction, we strongly recommend checking for bots on the ping so that you can avoid buying them, versus rejecting on post.  

How effective is TrustedForm at detecting bots?

We have been investing in this area for a couple of years now. When we identify a bot, we are 100% confident that it was a bot. So we are confident there will be no false positives and are willing to guarantee that. However we also know that we are not catching all of them. We continue to invest in this area and the service will continue to improve. We don’t share our actual methods for detecting bots for obvious reasons – if that was public knowledge, the fraudsters would simply adjust their methods. It is an endless game of cat and mouse.

If you are already using a fraud detection service, we don’t recommend replacing it. We recommend using both. When comparing our results with other fraud detection services, we have found that we detect things that they don’t, and vice versa. You should use all effective weapons at your disposal in this battle

How can you verify you are identifying the bot leads?

Given that bot-generated leads will sometimes convert, you can’t rely on conversion rates. The best way to confirm if the lead was generated by a bot is to ask the consumer directly if they submitted that form.

This is where a TrustedForm Certificate can be very helpful in the sales outreach process. Your sales rep can reference the site name captured by TrustedForm in the call script. For example, your sales outreach should include a more personalized outreach like: “We are calling you because you requested that we contact you by submitting a form on XYZ website. Is that correct?” If the answer is no, the form was either completed by a bot or a different person (using their information). 

Working with your vendor partners

If you buy a lead that was generated by a bot, your first reaction might be to immediately blame the vendor that sold you the lead. Please, don’t do that.

The lead generation ecosystem is complex with many layers of relationships. The company that sold you the bot-generated lead might also be a victim of fraud. Just because the lead was submitted on their website, doesn’t mean they were involved with the fraud. Website owners work with lots of companies to drive traffic to their website. These providers are typically getting paid on a performance basis, so they have financial incentive to engage in nefarious activities. It is best to have an open discussion with your partners. A good partner will want to eliminate these bot-generated leads

On a few websites we have seen almost 100% bot-submitted leads. In these cases, the website owner must be aware of the activity. Again, we recommend having an open discussion with the vendor about how they generate leads. 

The reward

It is always a little scary to limit the number of leads you are buying. However, it is worth it. Eliminating bot-submitted leads will dramatically reduce your TCPA compliance risk. The added bonus is that you should see an improvement in performance as well.

CTA_demo1

Stay in the loop! Subscribe to the recAP email list to get our latest updates and insights.