Data enrichment widgets
Updated on 03.03.23
6 minutes to read
Use the Transaction Details page to review all the information SEON has collected about any user action you sent us. The comprehensive page details everything you need to know about a transaction, separated into smaller, user-friendly chunks called widgets. Learn about the widgets that house the results of SEON's data enrichment tools on this page, including social media and digital platform checks.
The Transaction Details page houses more than just widgets. Its four tabs help fraud analysts and risk managers evaluate transactions quickly and efficiently.
You'll see the Applied Rules widget at the top of the page. This widget will showcase which rules the transaction has triggered. It will also display the overall fraud score, category scores, and the Blackbox Fraud probability score.
Scroll down to find the widgets that house the detailed information that SEON used to calculate the fraud score.
Email Information widget
Uncover everything you need to know about your customer's email address. The Email Information widget houses the information returned by SEON's Email API.
At a glance, the widget will tell you if an email address can receive emails, the number of data breaches it's been part of, and the sites it's been registered on.
Check the Domain field to uncover technical details about an address and its domain. Review SEON's email string analysis to discover trends in email addresses.
Expand any field for more details by clicking on the arrows on the right side of the widget.
Email Risk Scoring
SEON determines the risk associated with each email address based on the rules enabled in your account. As a result, you can customize fraud scores and effectively counter fraud threats unique to your business. If you choose not to customize SEON, you can always rely on our Default Rules and Machine Learning tools. The Email Score is based on SEON's default rules. We recommend that you consider an email score of 8 or higher risky.
Check this field to see if the email address has been involved in any historical data breaches. At first glance, you'll see the number of data breaches we've found the address in and the date of the earliest incident.
You can use data breaches for two things:
- Prove how widely someone has used their email address on the web. SEON monitors over 50 social media sites and digital platforms, but you can also use data breaches to infer if an email address is known on the web and learn its history.
- Calculate the minimum estimated age of an email address: An address has to be used online to be part of a data breach. That means you can use the earliest data breach an email address was involved in to calculate its minimum age.
Registered Online Profiles
SEON checks over 40 social and digital platforms for accounts created with the email address.
When SEON finds a profile, the site's logo will be colored green. For certain services, you'll find further details about the account. You'll also see any additional public profile information from accounts SEON finds. This can include the profile picture, description, and location details.
Sites marked grey indicate that SEON did not find an associated account. Red logos indicate that a specific search timed out – that is, SEON did not get a response in the timeframe you set for data enrichment.
SEON divides email domains into three categories:
- Free domains are email addresses handled by free email service providers, such as Gmail or Outlook. These domains are low or high-risk categories based on whether they require a valid phone number to use or not.
- Disposable domains are especially high-risk throwaway emails created by online sites offering single-use or dummy email addresses. By default, SEON assigns disposable emails a fraud score of 80, well above the DECLINE threshold for transactions.
- Custom domains indicate that a company, university, or other organization likely issued the email address. Use secondary characteristics, like when the domain was registered and whether there is a website at the address, to determine whether custom email domains are safe.
If you think the domain category is incorrect, let our team know by clicking the Report button.
Expand the Domain Analysis field for detailed insight into the domain in question:
- Creation Date: Pinpoint the age of the domain name. The older the registration, the less risky the domain.
- Registrar Name: The person or entity who registered the domain. Fraudsters sometimes try to register domains to pose as legitimate companies.
- Registered to: The company that the domain name was registered through.
- Accept All: If there is an "accept all" policy on the domain, then the risk is increased as the mailbox may not be unique and could be used by multiple people. (It may also indicate that several aliases are tied to the same address.)
- DMARC/SPF Strict: These are both anti-spam features added to the DNS records of a domain name. They identify the domain and show that it is set up correctly, reducing risk slightly.
- Valid MX: If valid MX records exist for a domain, the domain can receive emails. If these are not set then the domain is risky.
- TLD Suspicious: the SEON Email API validates whether the TLD (e.g., .com, .io) is favored by fraudsters
- Website Exists: A live website increases trust in a domain, due to the effort required to set one up.
Even when the data seemingly checks out, it's worth keeping a close eye on it. If the email is similar to the cardholder name, has a digital presence, and you can't see any strange user behavior, you may be facing family fraud. SEON's data can be useful and serve as evidence in any chargeback dispute process.
Our Email API identifies the number of times the email address has been seen across the entire SEON database.
Email String Analysis
The email string analysis identifies various metrics associated with the structure of the email address.
Clicking on the API Runner button will resubmit the email data to the Email API in order to refresh and update the information available.
Phone Information widget
Deep dive into the details of your customers' phone numbers to counter fraud. The phone information widget shows you all the data SEON's Phone API uncovers about a number.
At a glance, the Phone Information widget will tell you the fraud score calculated for the number, whether it can actually receive calls, and if it's listed as disposable.
You can also uncover more information about the carrier or provider behind the number and access the CNAM and HLR check results if these are turned on for your account.
Phone risk scoring
You can check the risk connected to a phone number based on the rules enabled in your account. If you choose to, you can completely customize SEON to counter threats unique to your site. But don't fret. You can always rely on our Default Rules and Machine Learning tools if you don't dive into the details.
Phone number details
The top of the widget displays additional technical information about the phone number.
SEON divides phone numbers into several types that help you determine the nature and goal of a number at a glance, regardless of whether it's connected to a mobile, VOIP, or a call center:
- Fixed line: Also known as a landline, it's just a regular phone number that relies on physical wires to enable voice calls.
- Mobile: A personal number associated with a single user.
- Premium rate: These numbers charge callers higher rates for select services, including information and entertainment. A portion of the call fee is paid to the service provider, making premium calls an additional source of revenue for businesses.
- Toll free: Toll-free numbers are telephone numbers with distinct three-digit codes that can be dialed from landlines at no charge to the person placing the call.
- Shared cost: Used in the UK, Australia, Germany, Switzerland, France, Portugal, and the Netherlands, by businesses and other institutions. Shared cost numbers are charged at a higher rate than regular numbers.
- Voip: When you sign up for a VoIP (Voice over Internet Protocol) service, you are assigned a digital phone number. While these work the same as traditional numbers, calls are often received by a PC.
- Personal number: (UK only) Personal numbering is the name of the virtual telephone number service in the UK. The service provides a flexible virtual telephone number routed to any other number, including international mobiles. For example, the UK number +44 70 0585 0070 might route to an Inmarsat satellite phone number, allowing the user to have a UK number while roaming globally.
- Pager: A number used to communicate with traditional pagers
- Uan: (India only) Members of the EPFO (Employees Provident Fund Organisation) must have a registered mobile number for them to be issued a UAN (Universal Account Number) or EPF Passbook.
- Voicemail: A number that directly connects to a voicemail.
- Unknown: We can't share any information about this number.
Below the phone number type, you'll find a collection of useful data points that can help you.
- Possible: Check this field to see if the phone number can actually accept calls.
- Disposable: Companies provide single-use disposable phone numbers for various reasons. Don't trust transactions placed with these numbers.
- Valid: A simple check to determine whether the phone number provided follows a valid format (country code, area code, number of digits, etc.).
- Phone Carrier: The name of the carrier that serves the provided number. Our AI tools have shown that in some countries, certain carriers are used more often by fraudsters than others.
- Country: The country in which the phone number is registered.
Registered online profiles
Fraudsters rarely take the time to create a trail of digital breadcrumbs for their throwaway details. It's simply not economical for them. That's why SEON references over ten social media sites and digital platforms to check for accounts that include the phone number provided.
Used alongside our email address profile checks, SEON looks at over 50 online sites to determine if a customer is legit or not.
Results are color-coded following the same logic used ion the Email Information widget: green indicates an existing account, and grey means no account was found. Finally, red shows that the check timed out.
SEON offers Home Location Register (HLR) and Caller Name Delivery (CNAM) database checks as additional features charged separately. You can contact our team if you want these checks turned on for your account.
Use the HLR check to uncover the detailed history of a telephone number. See whether it's been transferred between providers and which company originally registered it. You can also see the current roaming status of the number.
Check the CNAM field to uncover the name registered as the owner of the number. Remember that the CNAM Directory is only used in the United States and will only work with US phone numbers.
Check how many times the phone number has been seen across the entire SEON database and how many different SEON customers have encountered it.
You can also uncover info about when it was first and last seen. These checks can also help you determine the age of a phone number and how much it has been used online.
IP Information widget
Make informed risk decisions with more information about your customer's connection and IP address. Learn whether an IP address is trustworthy in seconds from data about the internet service provider (ISP), connection characteristics (VPN, open ports), and spam lists.
IP risk scoring
SEON identified suspicious IP addresses using the rules enabled on your profile. You can customize rules anytime in the Scoring Engine or rely on our Default Rules and Machine Learning tools to defend your bottom line.
You'll find details about a customer's location, their ISP, and technical details about their connection on the widget.
Location and ISP
Just like physical addresses, you can use IP addresses to learn where your customer is in the world. Correlate this data with address information provided with an order, or bank card data to counter fraud.
- Location: The geolocation of the provided IP address helps you cross reference the physical location of a connection with other transaction location information, such as billing and shipping addresses.
- Country: Use country information to set up rules that correlate location information. Check, for example, if the IP address and payment card country match.
- IP type: Identify whether the user is using a residential internet connection or something potentially higher risk.
- ISP - Residential Internet
- MOB - Mobile/cellular network
- DCH - Server or Data Center
- ISP: Checking the exact name of the Internet Service Provider (ISP) can be useful for transaction investigation and clone detection, as many fraudsters tend to stick to the same ISP.
- Open ports: Open HTTP ports can identify if the client is running any kind of web or other servers (like an RDP) through their IP. Proxies will have some ports open to let other computers join, so several open ports can be risky.
Fraudsters will often take steps to hide their real connection and device in an effort to mask their identity. Some technical solutions are especially high-risk when it comes to fraud fighting.
- TOR: If we identify the IP address as a Tor node, we'll flag it here. The Tor network can be accessed through the Onion browser and is used when someone wants (or has to) stay anonymous online. However, honest customers will rarely connect to a service through Tor.
- VPN: VPNs are a network security solution often used to protect browsing traffic when someone uses an unsafe public network. However, they can also be used to mask someone's geolocation and real IP address. It's best to view them as a source of risk.
- Public Proxy: Public proxies function similarly to VPNs but without the security benefits. They serve as a "quick and dirty" solution to hiding an IP address.
- Web proxy: Similar to VPNs and Public proxies, Web Proxies are simpler and do not operate at the IP address or port level.
- Datacenter proxy: Similar to other proxies, a user purchases/installs the proxy's gateway software, and the device first connects to the data center, where it is assigned an available IP from one of their servers.
Around the world, companies, NGOs, and individuals work to compile lists of suspicious IP addresses used in cyber-attacks and other nefarious activities. Listed IP addresses are a serious fraud risk as well.
- SPAM blacklists: This blacklist indicates whether the IP address has been marked as a spam source on any of the 60+ Domain Name System-based Blackhole lists SEON scans. Three or four spam blacklists indicate high risk. One or two entries are generally okay.
- Harmful IP: Harmful IPs are IPs that we know are used for SSH brute force attacks, hacking attempts, malicious IPs, Postfix/IMAP scans, Telnet scans, and spam hosts. These are automatically assigned higher risk scores.
As with email addresses and phone numbers, our IP API will check the SEON database to see how many times an IP address has turned up in the entire SEON database. See when the first and more recent hits occurred.
Card Information Widget
The Credit Card widget shows all data related to any payment card details passed to SEON.
Credit card risk scoring
SEON won't assign cards a risk score automatically. Add the data fields of the Card Information widget to custom rules and these data points will influence your overall fraud score.
Payment card details
The widget helps you review all important data connected to the card used in a transaction. We'll collect the following for you:
- Bank – The field will reveal which bank issued the card (e.g., Natwest, Citi Group, DBS)
- Brand – The card issuer whop provided the bank the card (e.g., VISA, MasterCard, Maestro, American Express).
- Type – What kind of account the card is connected to (e.g., debit or credit).
- Level – How the card draws its funds (e.g. gift card, prepaid, debit card).
- Country – The country in which the payment card was issued. In the case of banks that operate in several countries, this data is based on the card itself.
- Website – The local website of the financial institution that issued the card.
- Phone – A phone number for contacting the issuing bank.
- Card expiration – When the payment card used in the transaction will expire or expired.
- Valid – Is the card currently a valid payment method or has it expired or been blocked.
A single widget to check all addresses and location information connected to a transaction. See locations of interest pinpointed on Google Maps, to quickly correlate location information.
Address Risk Scoring
SEON does not calculate risk scores based on addresses by default. However, you can set up custom rules to monitor discrepancies in the data.
The widget will display all applicable location information connected to the transaction, including
- Customer Address: The address provided by your customer on their profile.
- Billing Address: The address entered during the checkout process for invoicing.
- Shipping Address: Where any physical items ordered in the transaction will be shipped to.
- IP geolocation: The location uncovered by our IP API checks.
- Card country: The country where the bank that issued the card used for payment is registered.
You can check the street view image of each location to get a better picture of the type of address provided (e.g., home, office, etc.).
The addresses dropped on an embedded map view. You can also quickly check the distance between each location.