Learning Objectives
- You will understand what TrustedForm Lead Matching is.
- You will see how the process compares live lead information with certificate-stored fingerprints.
- You will be able to explain its importance in lead validation and legal compliance.
- You will learn how to apply lead matching.
Overview
Summary:
TrustedForm Lead Matching helps you verify that the TrustedForm certificate you received actually belongs to the lead. As the consumer interacts with the form, TrustedForm fingerprints (detects, normalizes, and securely hashes) any email or phone values entered on the page.
When you later request the certificate, you provide the lead’s email and/or phone, and TrustedForm compares your values with those fingerprints to determine whether they match. This ensures the certificate truly documents the consumer who completed the form.
Why It Matters:
This matching is critical to ensuring that the lead data you receive is authentic, helps prevent lead fraud, and confirms that proper consent was documented—thereby reducing legal risks and improving data integrity.
How Matching Works
1. TrustedForm fingerprints contact information
As the consumer interacts with the page, TrustedForm:
- Detects email and phone numbers via regular expressions
- Captures values from form fields and from consent-tagged elements
- Normalizes those values (lowercases emails, strips phone formatting)
- Converts them to SHA1 hashes
- Stores fingerprints in the certificate
2. You supply the lead’s data in the certificate request
You can pass raw or SHA1-hashed values.
Via LeadConduit
- TrustedForm enhancement steps automatically match against fields like
emailandphone. - You may map custom values into Lead Email, Lead Phone 1/2/3.
Via TrustedForm API
Include one or more of the following:
emailphoneemail_sha1phone_sha1
Retain requires that at least one matching parameter be provided.
You cannot retain a certificate without attempting to lead match.
3. TrustedForm compares values and returns boolean results
Example:
"match_lead": {
"result": {
"success": true,
"email_match": true,
"phone_match": true
},
"email": "test@gmail.com",
"phone": "7111111111"
}
success: true → at least one of email_match or phone_match is true
success: false → no matches
Empty strings still count as attempted matching (and return false)
Certificate Match Statuses as seen on TrustedForm Home Dashboard
TrustedForm Certificates can have one of four possible statuses with regards to lead matching:
| Dashboard Label | Meaning |
|---|---|
| Matched | At least one match succeeded (success: true). This happens automatically for certificates generated from one of your verified domains as these are first party leads where the data source for the certificate and lead are the same. |
| Not Matched | Lead matching was performed but the lead data you supplied DID NOT match lead data found in the certificate. (success: false) |
| Match Not Possible | Certificate contains no fingerprints to compare |
| Match Not Attempted | Fingerprints exist, but no lead matching attempted. |
Technical Details of the Mechanics of Matching in TrustedForm
During the marketing process consumers are often taken to a page with a form for collecting their contact data. Here TrustedForm Certify runs in the background to create a TrustedForm certificate and begins checking for any email address or phone numbers. Regular expressions are used to search the source code and user interactions for patterns that match contact information.
This means any emails or phone numbers found on the the web page or entered into form fields should be found and will be converted into a SHA1 hash to be stored as part of the certificate.
In addition to using regular expressions to search for contact information, TrustedForm also leverages consent tags to capture phone numbers and email addresses from various form elements, including those outside of traditional form fields (such as in consent text). Any form elements tagged with consent-grantor-phone or consent-grantor-email will have their values captured as fingerprints, which can then be used in match lead requests to enhance the lead verification process, ensuring more comprehensive and accurate lead matching.
Normalization Rules
Before hashing, TrustedForm normalizes all detected emails and phone numbers to ensure consistent matching. Email addresses are fully downcased, and phone numbers have all formatting removed—including spaces, hyphens, parentheses, dots, and brackets—so that only digits remain. The same normalization process is applied both to the fingerprints stored in the certificate and to the values you provide in the match request. This guarantees that differences in formatting (such as “(512) 555-1234” vs “512-555-1234”) do not prevent a valid match.
Raw: (512) 555-1234
Normalized: 5125551234
SHA1: 60BFA1AD1B29521A7014B95157A2128DCD092E11
Qualifying Contact Values
Phone Numbers
A value qualifies as a phone number when:
- Field name does not reference zip/postal/IP/time
- Contains no alphabetic characters
- Contains 3+ consecutive digits
- Normalizes to 10 digits (or 11 with “1”)
- Passes NANP validation
Emails
- Any value with an @ and valid surrounding text (per regex) is fingerprinted.
Troubleshooting — Why Matches Can Fail
A mismatch does not always indicate fraud. Common causes include:
1. Consumer Data Differences
- Typos
- Autofilled secondary email/phone
- Consumer used a different contact method
2. Wrong Certificate Used
- Vendor attached a certificate from a different session
- Duplicate or recycled certificate
3. No Fingerprints Found
- Certify initialized too late
- Multi-step forms where PII appears after the script
- Dynamic forms replacing fields after load
4. Incorrect Request Values
- Typos
- Incorrect SHA1 generation
- Formatting differences not normalized on client side
Recommended Actions for Buyers
When no values match:
- Review the certificate’s session replay
- Confirm what data the consumer actually entered
- Contact the vendor and request valid certificates
- Reject or flag leads if patterns persist
- Ensure Certify loads before PII is displayed
Frequently Asked Questions (FAQ)
Q: What is TrustedForm Lead Matching?
A: It is the process of comparing the normalized, SHA1-hashed contact details from your lead with those stored in the TrustedForm certificate to confirm that they belong together.
Q: How does lead matching protect my business?
A: By ensuring that the certificate’s data aligns with the submitted lead information, it reduces the risk of fraud and provides documented proof of consumer consent, which is critical for legal compliance.
Q: Can formatting differences cause mismatches?
A: Yes. Variations such as extra whitespace, differences in capitalization, or formatting discrepancies (like punctuation differences in phone numbers) can lead to mismatches. Proper normalization helps minimize these issues.
Q: Is lead matching necessary for first‑party leads as well?
A: Absolutely. Whether the lead comes directly from your verified website or from a third-party source, verifying that the captured contact information accurately matches the certificate is essential.
Q: What should I do if a mismatch is detected?
A: Investigate the discrepancy by reviewing the data normalization rules and checking for data entry errors. In persistent cases, further manual review may be required to determine whether the lead is fraudulent.
Q: Does lead matching work on masked Certificates?
A: Yes. Lead matching works even when replay and event logs are masked.
Q: Can I hash values before sending?
A: Yes — TrustedForm accepts SHA1-hashed values in lead matching request.
Glossary
| Term | Definition |
|---|---|
| TrustedForm Certificate | A digital record that captures the consumer’s web session including consent and contact data, secured via hashing (fingerprinting). |
| Lead Matching | The process of verifying that the contact details provided with a lead (e.g., email, phone) match the SHA1-hashed values stored in a certificate. |
| Fingerprinting | The method of converting contact data into a unique SHA1 hash used to compare and verify data integrity. |
| Data Normalization | The process of standardizing data (e.g., trimming spaces, converting to lowercase, removing non-digit characters) to ensure accurate matching. |
| First‑Party Lead | A lead generated on your own verified website where you control the data capture process. |
| Third‑Party Lead | A lead obtained from an external vendor where additional verification is often required to confirm data accuracy. |
Comments
0 comments
Please sign in to leave a comment.