Fraud Protection
AI-Driven Pre-Onboarding Security & Fraud Detection.
Opportify Fraud Protection intercepts every form submission before it reaches your backend — combining a behavioral telemetry script, device fingerprinting, IP intelligence, and email risk signals into a single AI-powered risk score. You don't rewrite your forms — you point them to a secure endpoint, and every submission comes back pre-scored and ready to act on.
How it works
Your Web Page Opportify
───────────────────── ──────────────────────────────────────────
JS Script (loaded) ──▶ Session Init (device fingerprint, signals)
User fills form ──▶ Telemetry (typing speed, interaction)
User submits form ──▶ Risk Engine (score + enrichment)
└─▶ Form Submissions dashboard
└─▶ Email & IP Insights enrichment
└─▶ Alerts (email notification)
└─▶ Webhooks (export to your systems)
Every form submission flows through the same pipeline:
- Client-side collection — The JS Script collects device context, interaction signals, and bot detection results in the browser.
- Risk scoring — Opportify's backend combines the browser signals with email, IP, and message analysis to produce a risk score and risk level.
- Submission storage — The enriched submission is stored in the Form Submissions dashboard for your review.
- Alerting & export — Optionally, email alerts notify you of clean submissions, and webhooks push data to your CRM, Slack, or any HTTP endpoint.
Product components
JS Script
The entry point for every integration. A single <script> tag added to your page:
- Instruments every
<form>on the page automatically - Detects bots, automation tools, honeypot triggers, and suspicious typing patterns
- Injects cryptographic tokens into form submissions
- Optionally intercepts and proxies the POST so no backend changes are needed
Works on any platform — plain HTML, React, Angular, Vue, Next.js, Webflow, and more.
Domain Allowlist
Controls which websites are permitted to send submissions to your Opportify account. Any request originating from a domain not on your allowlist is rejected before scoring.
Why it matters: Prevents unauthorized sites from using your public key and consuming your quota.
Managed in: Admin Console → Fraud Protection → Allowed Websites
Form Endpoints
A Form Endpoint is the bridge between a specific form on your website and the Opportify risk engine. Each endpoint has:
- A unique Submit URL — set this as your form's
action - A name — so you can identify which form it belongs to (e.g. "Contact Page", "Sign-up Form")
- An associated public key
One endpoint can serve multiple forms. Create separate endpoints when you want to track submissions from different forms independently.
Managed in: Admin Console → Fraud Protection → Form Endpoints
Form Submissions Dashboard
Every processed submission appears here with full enrichment:
| Column | Description |
|---|---|
| Risk Level | Lowest / Low / Medium / High / Highest — colour-coded for quick triage |
| Risk Score | Numeric score (200–1000) — higher means more suspicious |
| Form Fields | The original data submitted by the user |
| Email Analysis | Validity, deliverability, disposable address check, domain age |
| IP Analysis | Geolocation, VPN/proxy/Tor detection, abuse reputation |
| Device Info | Browser, OS, device type, screen size, hardware concurrency |
| Session Context | Session ID, client ID, time on page, interaction provenance |
| Bot Signals | Which detection signals fired (honeypot, gibberish, automation tool, etc.) |
Submissions are filterable by risk level, date range, and form endpoint. The dashboard also shows webhook delivery status and email notification history per submission.
Managed in: Admin Console → Fraud Protection → Form Submissions
Risk Levels
| Level | Score range | Recommended action |
|---|---|---|
| Lowest | ≤ 300 | All signals clean, trusted device/network — allow |
| Low | 301 – 400 | Minor signals, generally safe — allow |
| Medium | 401 – 600 | Some concerning signals — review recommended |
| High | 601 – 800 | Multiple risk factors, likely suspicious — flag or challenge |
| Highest | > 800 | Strong fraud indicators — urgent review; challenge or restrict per your policy |
Alerts (Email Notifications)
Configure email alerts so you are notified when submissions arrive — without having to log in to the dashboard.
Configurable options:
| Option | Description |
|---|---|
| Notification email | The address to send alerts to |
| Frequency | Immediate (per submission) |
| Risk threshold | Only notify for submissions at or above a chosen risk level |
| Payload mode | How much data to include in the alert email: Alert Only / Form Fields Only / Fields + Risk Summary / Full Analysis |
Managed in: Admin Console → Fraud Protection → Settings
Webhooks
Push submission data to any external HTTP endpoint — your CRM, a Slack workflow, a data warehouse, or a custom backend. Webhooks are triggered per submission and support:
- Risk level filtering — only fire for submissions above a threshold
- Custom field mapping — choose which fields to include in the payload
- Custom headers — add authentication headers for your target endpoint
- Test mode — send a test payload before going live
- Delivery log — inspect every webhook attempt and its HTTP response
Managed in: Admin Console → Fraud Protection → Webhooks
Quick Start
The fastest way to get set up is the Quick Start wizard in the Admin Console:
- Add Your Website — allowlist the domain your forms live on
- Add the Script to Your Website — copy the
<script>tag and paste it into your page's<head> - Copy Your Endpoint URL & Update Your Forms — paste the Submit URL as your form's
action - Choose How Long to Keep Data & Set Up Alerts — configure retention and email notifications
→ Open Quick Start in the Admin Console
Integration guides
Choose the platform guide that matches your stack:
- Webflow — no-code setup via Webflow Designer
- React / Next.js — hook-based integration with TypeScript examples
- Angular — service-based integration
- Vue.js — Composition API integration
- HTML — plain HTML pages, no framework required
Data retention
Submissions are automatically deleted after a configurable number of days. The default is 120 days. You can set a shorter window for compliance reasons or a longer window if you need to retain data for analysis.
Managed in: Admin Console → Fraud Protection → Settings → Data Retention