Form Fraud Protection

Fraud Detection for Forms and Lead Pipelines.

Opportify Fraud Protection intercepts every form submission before it reaches your backend, combining a behavioral telemetry script, device fingerprinting, IP intelligence, and email risk signals into a single AI-powered risk score. You don't rewrite your forms; you point them to a secure endpoint, and every submission comes back pre-scored and ready to act on.

Two ways to use Fraud Protection

Form Fraud Protection (this guide) uses a JavaScript snippet added to your frontend. It protects any HTML form without backend changes. Perfect for marketing sites, landing pages, registration and contact flows. Risk scores, enrichment, and alerts are managed entirely through the Opportify dashboard.

Fraud Protection API is a synchronous REST endpoint for backend integration. Call it from your sign-up handler, checkout service, or any server-side flow to receive a full risk score inline, before the submission touches your database. No JS script required.

Both tap into the same email, IP, and content intelligence signals. Choose the one that fits your architecture, or combine both for layered coverage.

How it works

Your Web Page                 Opportify
─────────────────────         ──────────────────────────────────────────
  JS Script (loaded)   ──▶    Session Init (device fingerprint, signals)
  User fills form      ──▶    Telemetry (typing speed, interaction)
  User submits form    ──▶    Risk Engine (score + enrichment)
                              └─▶ Form Submissions dashboard
                              └─▶ Email & IP Insights enrichment
                              └─▶ Alerts (email notification)
                              └─▶ Webhooks (export to your systems)

Every form submission flows through the same pipeline:

Client-side collection — The JS Script collects device context, interaction signals, and bot detection results in the browser.
Risk scoring — Opportify's backend combines the browser signals with email, IP, and message analysis to produce a risk score and risk level.
Submission storage — The enriched submission is stored in the Form Submissions dashboard for your review.
Alerting & export — Optionally, email alerts notify you of clean submissions, and webhooks push data to your CRM, Slack, or any HTTP endpoint.

Product components

JS Script

The entry point for every integration. A single <script> tag added to your page:

Instruments every <form> on the page automatically
Detects bots, automation tools, honeypot triggers, and suspicious typing patterns
Injects cryptographic tokens into form submissions
Optionally intercepts and proxies the POST so no backend changes are needed

Works on any platform: plain HTML, React, Angular, Vue, Next.js, Webflow, and more.

→ JS Script documentation

Domain Allowlist

Controls which websites are permitted to send submissions to your Opportify account. Any request originating from a domain not on your allowlist is rejected before scoring.

Why it matters: Prevents unauthorized sites from using your public key and consuming your quota.

Managed in: Admin Console → Fraud Protection → Allowed Websites

Form Endpoints

A Form Endpoint is the bridge between a specific form on your website and the Opportify risk engine. Each endpoint has:

A unique Submit URL — set this as your form's action
A name — so you can identify which form it belongs to (e.g. "Contact Page", "Sign-up Form")
An associated public key

One endpoint can serve multiple forms. Create separate endpoints when you want to track submissions from different forms independently.

Managed in: Admin Console → Fraud Protection → Form Endpoints

Form Submissions Dashboard

Every processed submission appears here with full enrichment:

Column	Description
Risk Level	`Lowest` / `Low` / `Medium` / `High` / `Highest` — colour-coded for quick triage
Risk Score	Numeric score (200–1000) — higher means more suspicious
Form Fields	The original data submitted by the user
Email Analysis	Validity, deliverability, disposable address check, domain age
IP Analysis	Geolocation, VPN/proxy/Tor detection, abuse reputation
Device Info	Browser, OS, device type, screen size, hardware concurrency
Session Context	Session ID, client ID, time on page, interaction provenance
Bot Signals	Which detection signals fired (honeypot, gibberish, automation tool, etc.)

Submissions are filterable by risk level, date range, and form endpoint. The dashboard also shows webhook delivery status and email notification history per submission.

Managed in: Admin Console → Fraud Protection → Form Submissions

Risk Levels

Level	Score range	Recommended action
Lowest	≤ 300	All signals clean, trusted device/network — allow
Low	301 – 400	Minor signals, generally safe — allow
Medium	401 – 600	Some concerning signals — review recommended
High	601 – 800	Multiple risk factors, likely suspicious — flag or challenge
Highest	> 800	Strong fraud indicators — urgent review; challenge or restrict per your policy

Alerts (Email Notifications)

Configure email alerts so you are notified when submissions arrive, without having to log in to the dashboard.

Configurable options:

Option	Description
Notification email	The address to send alerts to
Frequency	Immediate (per submission)
Risk threshold	Only notify for submissions at or above a chosen risk level
Payload mode	How much data to include in the alert email: Alert Only / Form Fields Only / Fields + Risk Summary / Full Analysis

Managed in: Admin Console → Fraud Protection → Settings

Webhooks

Push submission data to any external HTTP endpoint: your CRM, a Slack workflow, a data warehouse, or a custom backend. Webhooks are triggered per submission and support:

Risk level filtering — only fire for submissions above a threshold
Custom field mapping — choose which fields to include in the payload
Custom headers — add authentication headers for your target endpoint
Test mode — send a test payload before going live
Delivery log — inspect every webhook attempt and its HTTP response

Managed in: Admin Console → Fraud Protection → Webhooks

Quick Start

The fastest way to get set up is the Quick Start wizard in the Admin Console:

Add Your Website — allowlist the domain your forms live on
Add the Script to Your Website — copy the <script> tag and paste it into your page's <head>
Copy Your Endpoint URL & Update Your Forms — paste the Submit URL as your form's action
Choose How Long to Keep Data & Set Up Alerts — configure retention and email notifications

→ Open Quick Start in the Admin Console

Integration guides

Choose the platform guide that matches your stack:

Webflow — no-code setup via Webflow Designer
React / Next.js — hook-based integration with TypeScript examples
Angular — service-based integration
Vue.js — Composition API integration
HTML — plain HTML pages, no framework required

Data retention

Submissions are automatically deleted after a configurable number of days. The default is 120 days. You can set a shorter window for compliance reasons or a longer window if you need to retain data for analysis.

Managed in: Admin Console → Fraud Protection → Settings → Data Retention

How it works​

Product components​

JS Script​

Domain Allowlist​

Form Endpoints​

Form Submissions Dashboard​

Risk Levels​

Alerts (Email Notifications)​

Webhooks​

Quick Start​

Integration guides​

Data retention​