Phone verification and fraud-prevention features

2 months 3 weeks ago #2097
Topic Author
VALENTINA Daneo's Avatar
Posts: 3
Phone verification and fraud-prevention features

Hello,
we are preparing for a new competition; last year we received plenty of votes from server farms across the globe and we'd like to mitigate this.
Besides requiring user registration (which may not be accepted by our client) I would like to add:
Recaptcha v3 score as a field in the form (so I can keep all submissions, but know the score after the competition ends);
Phone text message verification: sending an extra message to the user's phone asking to type the code
Are these feasible? Can you please advise on how to achieve it? Should these features require extra products, do let us know.
Thank you in advance,
Riccardo

2 months 3 weeks ago #2098
Eugene's Avatar
Posts: 516
Phone verification and fraud-prevention features

Hello Riccardo,

Thank you for your question.
We are working on improving the protection from unfair votes and now we implementing fingerprintjs (is a technique of anonymously identifying a web browser with the accuracy of up to 94%) which will be included in the next version of NorrCompetition. It will allow a site administrator to detect users who do the best to make anonymous votes.
So, this technique will help with determining unfair votes and then the administrator can react.

As for ReCaptcha v3 - it is not implemented in Joomla yet. I'd like to note NorrCompetition uses standard Joomla ReCaptcha plugin in submit forms. Since ReCaptcha v.3 is a script which must be loaded on all pages, we expect to see this version to be included in the core Joomla plugin. Otherwise, there should be a special plugin that will include ReCaptcha v3 script on all pages.

Phone verification. There is a similar task in our roadmap: to make integration with SMS service allowing users to pay for the vote. It will let the site owners earn on contests. it is not the same as just a free verification via the SMS, however, maybe it will be even better for you?


Like our extensions and support?
Add your voice to the JED listing with a 5 score review:: bit.ly/2ciJBqC
Thanks!

2 months 3 weeks ago #2099
Topic Author
VALENTINA Daneo's Avatar
Posts: 3
Phone verification and fraud-prevention features

Hello,

this is all going to be very useful. Since our competition starts in a few weeks, could you please share the roadmap so we can assess if we have time to wait for the features?
Thank you
Riccardo

2 months 3 weeks ago #2100
Eugene's Avatar
Posts: 516
Phone verification and fraud-prevention features

Hi Riccardo,
The roadmap is not public information, sorry. We are planning to release new features during the 2nd quarter of this year.

What is expected to release according to our conversation above:
- Finterprintjs (protect contests from fraud votes)
- Integration with SMS service (we are choosing which service to use, maybe you have some idea?)


Like our extensions and support?
Add your voice to the JED listing with a 5 score review:: bit.ly/2ciJBqC
Thanks!

2 months 3 weeks ago #2103
Topic Author
VALENTINA Daneo's Avatar
Posts: 3
Phone verification and fraud-prevention features

Hi Eugene,
as a Joomla developer myself, I would advise against integrating a specific text provider, as that would limit your market one way or another: no service is global and convenient; and some companies may already have their own provider.
I would rather use a custom plugin type, such as "NorrFraudPrevention"; you would then implement the chosen sms service as a plugin i.e. NorrFraudPrevention/smsVerizon.
In the Joomla component you would then trigger the onValidate() method, passing along a standard structure with a variable part such as:
{
action: "validate",
returnUrl: " example.com/index.php?option=com_norrcom...1&task=vote.validate ",
voteId: 7321,
voteParams: {
userId: -1,
email: This email address is being protected from spambots. You need JavaScript enabled to view it.,
ipAddress: 105.204.7.128,
phoneNumber: "+12325558484",
extra: {
someExtraOptionalParams: someValue,
}
}
}

In the plugin, you would need to store the user's sms service credentials (api key, token, whatever the provider requires).
the onValidate() function would then store into the session the passed data, generate a random code to send the user for validation and invoke the sms provider; then based on the chosen workflow (immediate validation or delayed) you would show the input box to let the user enter the sms code. Upon validating it, you would read the expected result from the session, then redirect to the returnUrl to let the user know their vote was validated.

You will need some extra methods though, handling cases such as: resending the code, changing the phone number etc.

This approach would be awesome because other developers could join in, and implement their preferred sms service.
Moreover, it would support creation of non-sms based plugins. I would write an app to install on a dedicated phone to implement it via whatsapp for example.

I hope this helps. If you want to see it in action, many JED extensions implement this approach for payments, shipping, tax, extension: extensions such as virtuemart, quick2cart, xmap, k2, ...

Kind regards,
Riccardo

2 months 3 weeks ago #2105
Dmitry's Avatar
Posts: 622
Phone verification and fraud-prevention features

Hi Riccardo.

Sure it will be based on plugins. Some abstract methods will be implemented to interact with plugins.

Best regards,
Dmitry


Like our extensions and support?
Add your voice to the JED listing with a 5-score review: bit.ly/2ciJBqC
Thanks!

You can get our help: Monday - Friday / 09:00 to 17:00 (GMT+2). but not limited. Our staff will be pleased to provide Premium support to every paid subscriber asap, but sometimes you should be ready to wait for our reply for up to 3 days. In case of free extensions we do the best to develop and maintain them either, but their support is not necessary.

Product Latest Update