The Budget Drain Problem

Lending applications in Kazakhstan are barraged daily by "junk" submissions: bots, test inputs, and users typing completely fictional national IDs (IINs) and phone numbers. When a form hits the Thank You page, traditional analytics implementations blindly fire a purchase or lead conversion to Google Ads and Meta. Firing conversion pixels on junk leads teaches algorithmic Smart Bidding models to target the wrong users, driving up Customer Acquisition Cost (CAC) significantly. The solution: validate the IIN and phone against the authoritative Kazakhstan Republic GovTech API synchronously before the GTM event fires. Real-time Lead Validation Business Impact

The Validation Architecture

We designed a middleware Node.js proxy to intercept, validate, and parse submissions instantly.

User Submits Application Form
Frontend issues POST /api/validate-lead (IIN + Phone)
Node.js Proxy Engine:
1. Regex & Checksum Math checking (0ms)
2. Redis cache check (TTL: 24h)
3. GovTech API Call (External, ~250ms)
Frontend Receiver:
If valid=true → Execute window.dataLayer.push(EVENT)
If valid=false → Halt conversion tracking, prompt user error

Format & Checksum Algorithm

Before hitting the external API (which costs money and time), we run the IIN through the official mathematical checksum algorithm locally. A 12-digit number is not necessarily an IIN; it must pass the mod 11 check.

function validateIINFormat(iin) {
if (!/^\d{12}$/.test(iin)) return { valid: false };
const weights1 = [1,2,3,4,5,6,7,8,9,10,11];
const weights2 = [3,4,5,6,7,8,9,10,11,1,2];
const digits = iin.split('').map(Number);
let sum = weights1.reduce((acc, w, i) => acc + digits[i] * w, 0);
let check = sum % 11;
if (check === 10) {
sum = weights2.reduce((acc, w, i) => acc + digits[i] * w, 0);
check = sum % 11;
}
return check === digits[11] ? { valid: true } : { valid: false };
}

The Fail-Open Strategy

Third-party APIs will go down. If the GovTech server returns a 5xx error or times out beyond 3 seconds, we Fail Open. We never block legitimate user flow due to our analytics pipelines. If the API is unreachable, we log a warning, register the application, and fire the pixel conditionally flagged as validation_status: 'api_timeout'.

Business Impact

On a typical daily volume of 1,000 application submissions:

  • ~15–20% were blocked immediately due to checksum-failed algorithmic IIN format errors (mostly bots/junk).
  • ~5–8% passed the format check but were rejected by GovTech databases (fictitious active citizens). By halting the dataLayer.push() on these events, we ceased polluting advertising networks with false signals. Over 20% of wasted conversion budget was reclaimed, and the bidding model learned to target users who actually fulfilled proper document requirements.

Further Reading & Deeper Dive

Data validation as a firewall against algorithmic degradation is an advanced UA tactic.