Digital Footprint Analysis: SEON 2022 Findings

Just how useful is digital footprint analysis for fraud prevention? Immensely, if you want to be efficient and keep your customers happy.

Today, we’re going to look at how a digital footprint helps us fight fraud.

We’ve also prepared a breakdown of some of SEON’s most telling insights into the world of online fraud in 2022 sourced from our recent fraud prevention data with digital footprint analysis.

What Is a Digital Footprint?

The term refers to the information – the “footprint” – we each leave behind as we spend time on the internet. This is sometimes thought of as, and called, a “digital shadow” that a user casts, knowingly or not.

This ranges from registered accounts on various websites and services to our social media accounts and public posts, to upvotes or downvotes on reviews, and so on – including content on all sorts of digital platforms, from ads to forum comments.

These traces we leave online amass over time as we use the web, throughout our lives. And, with 4.55 billion social media users today (58.8% of the global population), there is a lot of such information out there.

One thing to keep in mind is that digital footprints are not linked directly to individuals in the sense of a real person or a full name, but to an aspect of their online identities. For example, there is a digital footprint associated with your current IP address. There is a digital footprint associated with your email handle. These often overlap and, in as much detail as possible, allow someone to know as much about whether we are a legitimate person as possible.

This is why we can use digital footprints to assess someone’s intentions by enriching data starting with the email address they’ve provided, or their phone number. SEON sources digital footprint information from 50+ social and digital platforms starting with just an email, a phone number or IP address.

A digital footprint is a valuable source of information for background checks, as it can tell us a lot about a person without having to speak to them, giving us an idea of who they are and whether they are trustworthy.

Types of Digital Footprint

In general terms, there are various types of digital footprint, which depend on what aspect of it we’re focusing on and how the footprint is left behind – such as passive, active and private footprint. Let’s take a closer look.

• Active digital footprint: The primary distinction between active vs passive digital footprint. An active digital footprint comprise all the actions they intentionally make online – e.g. a tweet, a comment on Facebook, or a review on Tripadvisor
• Passive digital footprint: Everything else – everything not created by a user’s actions and/or not intentionally shared with the organization doing the footprinting. For example, the pages you visit more often on a eshop, or whether you’ve been to a website before.

People tend to speak of other types of digital footprints too, such as:

• Anonymous: Data left behind by anonymous users are sometimes called anonymous digital footprints. This is still valuable to several stakeholders – for example, information on a website visitor’s cursor movements can show a company which parts of their home page are more appealing.
• Eponymous/personally identifiable: If, for any reason, you use your full name online, part of your digital footprint can be eponymous – linked to your real, full name. This is, for example, generated when you are signed in online accounts which use this name. For example, when you use LinkedIn logins to access third-party websites.
• User input: All data originating from the user’s own input, including clicks, forms filled and other deliberate actions. There is a lot of overlap with an active digital footprint, but they are not identical.
• Sensor data footprint: When they use mobile devices, which come with accelerator sensors, GPS, etc, a user’s digital footprint includes data from these sensors.

Digital Footprint Examples

Examples of what makes up a digital footprint include things like public comments on forums, their social media posts and uploads, any places where their email address has shown up inadvertedly or not (e.g. on mailing lists, if made public), etc.

Here is an example of the digital footprint linked to an email address:

• Facebook profile registered with address
• Skype profile registered with address & public name, handle, shared information (see image below)
• Google profile exists
• Gravatar profile exists, and its username
• OK.ru profile exists, and date registered.
• and so on.

As we’ll see below, for purposes of fraud prevention, the absence of a digital footprint is as important as its existence, as it isn’t easy for a fraudster to mimic a real, good customer in this way.

Who Uses Digital Footprint Analysis? 

Almost everyone has a digital footprint.

Since this data is freely available, it can provide insights into who we are and what we like – as well as help risk and fraud prevention professionals, HR and law enforcement as part of screening or investigation processes. 

Combined with in-house data, it can give companies a fuller picture of the individual we’re looking at, providing incredibly useful real-world context.

Fighting Fraud with Digital Footprint Technology

Fraud detection and prevention is an industry as old as ecommerce itself, going as far back as 1984 – the dawn of online commerce. The battle between cybercriminals and fraud prevention is ever-evolving, with innovation on one side driving the other.

In the past decade, cybercrime has exploded with the help of darknet markets, cryptocurrencies and specialist groups offering everything needed to commit fraud to would-be criminals.

Estimates put global losses to fraud at $5.38 trillion a year today.

SEON’s innovation lies in finding the weak spot in how fraudsters operate. We know it’s trivially easy for them to acquire the personal information and credit card details of any victim, and they are relentless in scaling their attacks with whatever information they have at hand.

What is much more difficult and time-consuming for a fraudster is replicating the organic digital footprint that every legitimate consumer leaves behind. 

When you or I make a purchase online, we do so with honest, good intent, providing our email as registration information – a sign of trust towards the business. When a fraudster attempts the same, provided they don’t have access to our email, they register a convincing throwaway account. 

In fact, we’ve calculated that 98% of fraudsters will create a new free email account to match the stolen card details they are attempting to use.

The difference between the two is obvious: My email address is associated with dozens of social media accounts, while a throwaway isn’t registered or active anywhere. For SEON, that’s a massive red flag.

How to Catch Fraud Using Digital Footprint Analysis

Digital footprint analysis through data enrichment from 50+ sources is a core part of SEON’s fraud detection and prevention’s strategy.

Because it starts with just an email, phone number and/or IP address, the process is virtually frictionless, takes place behind the scenes, and does not impact the customer journey, despite making a significant difference in keeping the business safe.

This is how it works:

1. Someone attempts an action on a commercial website – e.g. registers a new account on an eshop.
2. When doing so, they provide the merchant with their email and/or phone number, while the software also detects their IP address.
3. SEON’s engine takes one or more of these primary data points and enriches it with information from 50+ online and social platforms.
4. The result is a comprehensive profile of this customer that includes any breaches their email was part of, their public-facing social media accounts, any instant messenger apps they are registered on, whether they have a Netflix profile, etc.
5. This profile can be manually assessed by a human fraud analyst to figure out whether the user is legitimate. As we’ll see below, real people have a number of social profiles associated with their email addresses, while a fraudster will rarely have more than a couple, if any.
6. Further, this profile can also generate a fraud score, and the fraud prevention software can take automatic actions based on this. For example, we can set it so anyone with a risk rating of over 30 out of 100 is automatically blacklisted.
7. Good users deemed legitimate continue with their purchase and/or browsing completely uninterrupted. Bad or suspicious users can be blocked or further scrutinized, in a strategy that SEON calls “dynamic friction“, which applies extra steps only when necessary, letting good users enjoy a frictionless shopping journey.

Digital Footprinting: Key Findings from SEON’s Internal Data 2022

At SEON, we have loads of data that can help us discern what fraudsters are doing to try to trick organizations in 2022, because this insight is such a key part of how we stop them in their tracks.

For this guide, we looked at our internal transactional data in three different sectors – ecommerce, online lending and iGaming – representing SEON’s defense systems in live environments.

What we found is telling…

1. IP Addresses Are Linked to the Most Triggered Rules 

Across different sectors, the majority of rule triggers are related to IP addresses with high risk scores. Why? Fraudsters use proxies and VPNs for two purposes:

• Operational security: They don’t want to get traced and caught. 
• To mimic their victims: To match the online presence of their victims, who are often in other, sometimes richer, countries. 

Accordingly, our statistics show that 52% of rule triggers in iGaming and 65% in ecommerce were related to IP addresses. This means that transactions and user actions were flagged because the IP they were using was considered high risk – showing the popularity of VPNs and proxies among cybercriminals as their weapon of choice.

This is why it’s key to have good device fingerprinting and proxy detection in place. It acts as your first line of defense against fraud.

2. More Accounts = Safer to Approve

Next, we looked at transactions that were approved, declined or flagged for manual review. 

How many profiles can we find for each email address, and how many data breaches was that address involved in?

For example, in ecommerce, approvals are certainly linked to a wider presence online. These legitimate users have 5.68 social media/online platform accounts on average. 

On the contrary, declined transactions only had 2.89 of these accounts on average. As for those sent for manual review, they are in between these, at 3.37 social accounts.

The iGaming industry and online lending sector demonstrate a similar trend, with 4.34 vs 1.26 average profiles for the former and 5.45 vs 1.02 for the latter.

In simple terms, this means that in online lending, the average applicant who gets approved has an online presence that spans between 5 and 6 online profiles (social media, review websites, crowdsourcing platforms, messaging apps, etc.). 

On the other hand, the people who were rejected only had 1 or 2 digital profiles on average. Considering how some free email providers auto-populate certain social profiles with your address as soon as you sign up, this number is very small – and suspicious.

3. More Data Breaches = Safer to Approve

The digital footprinting picture is similar when we look at the number of data breaches in which the email address was involved.

This is done through the lookup module, which will search known lists of leaked emails, using the haveibeenpwned data breach API. We also take into account when the breach is from, because this is evidence the email account existed at the time.

The results once again show how potent digital footprinting is in assessing user intent. 

In ecommerce, “good” users who were approved automatically had been involved in 2.44 data breaches on average. Fraudster addresses were only at 0.68 on average.

In iGaming, the average legitimate account had been involved in 1.26 data breaches in the past. Suspicious accounts were similar to ecommerce, at 0.65.

As for loan applications, the difference is also impressive: 1.02 vs 0.15 breaches.

Considering how the biggest data breaches in history were massive, it goes without saying that most people’s email addresses will have appeared in some. For the record, Yahoo’s in 2014 exposed 3 billion accounts, and the 2020 incident at Marriott leaked the data of 505 million guests.

Digital Footprinting for Fraud: Key Takeaways

Tellingly, across industries the pattern holds true: Approved transactions have in general triple the number of digital profiles associated with them than blocked ones. 

This is also true for the number of hits in data breaches. 

This means that our bet was right: Fraudsters are relatively lazy and will settle for throwaway addresses with virtually no online presence. As such, social KYC verification act as a strong second line of defense, thwarting the efforts of fraudsters.

We were also curious about how this pattern evolves over time. What we found is not necessarily indicative of fraudster behavior, but rather how our clients learn to trust our system and adjust their risk thresholds. 

Over time they learn to trust the digital footprint signals more and more, accepting more transactions that they would initially consider risky – and thus gaining more revenue without increasing the risk of chargebacks or other losses.

To read more about how we fight fraud at SEON, head to our products page or choose your industry from our use cases. 

Sources

• Datareportal: Global Social Media Stats
• Crowe: The financial cost of fraud 2021
• Tech Jury: 27+ Biggest Data Breaches In History
• Internal SEON data