According to Javelin’s 2017 report on the impact of online fraud, a baffling 75% of merchants’ primary authentication tool is the weak combo of username and password. Following behind is device identification (27%). It’s a good start, but not enough.
Today we’ll see why device fingerprinting can only get you that far, and why email analysis is must-have for online businesses who want to successfully reduce their fraud rates.
Device Fingerprinting: Efficient, But Increasingly Easy to Bypass
Device fingerprinting, which gathers data about hardware and software used by your website visitors, is a fantastic tool to get an idea of how visitors access your pages. We’ve written in the past about all its positives, and the tremendous amount of data it can glean to paint a full picture of devices, and by extension – its users.
It’s only downside? Device fingerprinting has been around a long time. In fact, the technology used today to track basic browser configuration is the same that’s been around for at least a decade, helping online businesses implement basic, but efficient fraud-reduction measures.
Unfortunately, the world of online fraud is fast-paced, innovative, and resourceful. This means fraudsters have had plenty of time to prepare, test and implement ways to bypass device fingerprinting.
For instance, one technique we’re seeing more and more these days, is sellers on questionable marketplaces who offer platform login details combined with portable browser cache and cookies.
In other words: fraudsters are getting smarter. Which means businesses are left straddling behind in this constant game of cat and mouse. Our suggestion? Building a strong portfolio of fraud prevention tools that, used together, create an stronger line of defense against any kind of attack, infiltration, or abuse.
And one of the most powerful and innovative tools we’ve developed in recent years is email analysis.
Email Analysis – Enriching a Simple Datapoint for Maximum Power
“email addresses provide data that is a lot more specific and unique than that from a widely-available browser or mass-produced smartphone”
Profiling customers based on their email address is a fresh trend that is proving to be highly effective. Opening an account anywhere online is virtually impossible without an email address. And they provide data that is a lot more specific and unique than that from a widely-available browser or mass-produced smartphone.
Moreover, innovations in data enrichment also means that an email address is more than a name and domain. Using the right tools, an email address can tell even more about a user than an IP or device can. Specifically, we can see:
- Is the address real? Using SMTP check, we can ping the email server and return a basic answer: does it exist or not?
- Is the address regularly used: we can check if the domain is one offered by temporary email services. If it is, risk score should increase.
- What kind of domain are we dealing with? Is it free? When was it created? Does it require SMS or any other verification to open it? How about recent updates? Just a number of data points that can give great insights into an email address validity.
- Does it look like one the user might have created? Using string analysis, we can compare it to the user name and get a pretty good guess on whether the name makes sense, or if it’s gibberish.
- Is it likely to have been stolen? A simple cross check against emails that were part of data breaches can reveal a lot.
- Has it been blacklisted before? Likewise, it’s easy to see if the email address belongs to someone who has outstayed their welcome on another platform.
And last but not least, we can see if the email address has been used for social media accounts. According to our own SEON Intelligence insights, we found that, in the lending industry, email addresses with zero social media presence may be as high as 76% in the group of defaulting consumers.
This is an extremely high correlation, which fraud managers in every industry can now leverage to calculate their risk scores – and the precision increases with every other datapoint available.
Companies are still very much focused on limited methods for identifying their users. Fraudsters are therefore at an advantage, because they’re constantly on the lookout for loopholes and new innovative ways to defraud these merchants.
In short, fraud prevention must also evolve. And at the minute, an email email address, which is synonymous with a global unique identifier on the internet is one of the strongest data points you can check to increase your fraud prevention efforts.
The SEON Intelligence tool is specifically designed to offer a combination of features that reduce fraud, including a powerful email profiling tool. It’s also a modular solution, which means you can add it to your existing fraud prevention method to get the final boost it needs.