Certificate of Authenticity

TrustedForm issues a unique Certificate of Authenticity for every lead generated on a form hosting the TrustedForm JavaScript. The certificate exposes the following information about a consumer's visit to the hosting page:

  • the URL of the page that hosts the offer form
  • the URL of the framing page, if the form was framed
  • the time and date the consumer visited the form
  • the consumer's public IP address
  • the consumer's browser version
  • the consumer's operating system
  • a full snapshot of the HTML, images, CSS and other page assets of the offer form as seen by the consumer
  • an alphanumeric ID that uniquely identifies the certificate

How do I receive a certificate for a lead?

Certificates are only generated for leads that were collected on forms that host the TrustedForm JavaScript. So getting the JavaScript on the form page is the first step.

The script inserts a special hidden field into the form when a consumer visits the page. The field contains the URL to the certificate generated for that specific page visit. Then when the form is submitted by the consumer, the URL to the certificate is included alongside the consumer's contact information.

When you receive a lead with a certificate URL field, you can open the certificate URL in your browser to see the information that we collected about the consumer's page visit.

It's important that you store the certificate URL in your database or CRM with the consumer's other data because the certificate URL is the sole key to retrieving any TrustedForm certificate. We are unable to retroactively marry lead data with the certificate ID. The best way to ensure you can easily pull up a certificate for an individual lead is to store all the lead data together with the certificate id.

Who has access to a Certificate of Authenticity for a lead?

Historically, TrustedForm Certificates had been viewable during the initial 72 hour claiming period by any party with access to the TrustedForm Certificate URL. As of Wednesday, July 15, 2020, TrustedForm certificates will only be visible to customers who have claimed the certificate.

Are certificates available indefinitely?

TrustedForm Certificates have a standard claim period of 72 hours. TrustedForm clients can claim the certificate which retains a copy of the certificate in the client account. The default retention period for TrustedForm accounts is 5 years.

For TrustedForm clients who sell leads to other TrustedForm clients and need more than 72 hours to claim a certificate, the vendor's account can be set to extend the claim period from 3 days to 90 days, as long as the vendor claims the certificate within the standard claim period (72 hours).

For clients who don't have the capability to make an authenticated API call when receiving a lead, ActiveProspect offers LeadConduit, which can be easily configured to automatically claim certificates.

We charge a small fee to claim each certificate and to store claimed certificates beyond 30 days.

What is the benefit of claiming a certificate?

Claiming a certificate will allow you to view the certificate, verify its legitimacy, confirm it's a real certificate, view it online, access its data via our API, programmatically scan the webpage that generated the certificate for required or forbidden language, and share a masked certificate with another party.

Certificates are great insurance against consumer complaints. They give you third-party verification of exactly where and when the consumer signed up, their IP address, the kind of browser they used, and even what the form looked like when the consumer landed on the offer page.

Who can claim a certificate?

Anyone with a TrustedForm account and who has the TrustedForm Certificate URL can claim any certificate.

This means that a certificate may be claimed more than once by one or more accounts. Each claimant will have access to the certificate for the duration of their account's storage agreement.

The same account can claim a certificate more than once.

Each claim specifies its own optional parameters such as required or excluded text.

Why would more than one account want to claim the same certificate?

For example, a lead's buyer and vendor may each want to ensure their own TrustedForm protection. If only the buyer claims the certificate, the vendor will have to depend on the buyer for access to the full certificate.

What information is not available on the certificate?

In-memory information submitted by the consumer will not appear in the certificate. Other information about the consumer's visit to the page — such as the referrer — that is not listed above is not available on the certificate.

As an impartial, publisher-neutral and advertiser-neutral third-party our goal is to operate with 100% transparency with regard to the information we expose in our certificates. We recognize the value of, and therefore are committed to protecting, proprietary information accessed during the course of our duties.

The TrustedForm script accesses some information that many publishers would consider sensitive, however, that information is never exposed to anyone. For example, our script reads the referrer property in the HTML DOM, but that value is not exposed in the certificate or anywhere else. It is used as part of our fraud detection algorithm but never sees the light of day. You'll also notice that we hide the query string of all page URLs just in case they contain personally identifiable information or search keywords. Your proprietary information belongs to you, and our TrustedForm EULA back up our claim.

If your questions or concerns have not been addressed here, or if have any further questions about the data we retain, please send an email to support. We'll get down to the bottom of it and keep this page updated.

Was this article helpful?
3 out of 3 found this helpful
Have more questions? Submit a request


You must be logged in to comment.