The latest technique in fraud prevention is called email risk assessment – but how does it work, and why is it so efficient?
An email address is a lot more than a tool to receive messages these days. It’s veritably the closest thing we have to an online passport.
We use it to register to pretty much every online account, and it’s required at the login and transaction stage too.
In short: email addresses are increasingly considered authentication solutions, in the same way an ID document scan, financial details, or fingerprint biometrics can help prove your identity.
Easy to Create, Easy to Fake
The main problem with using email handles as user authentication is that it’s too easy to acquire them. Fraudsters can use hundreds of online solutions designed to:
- Create free, unlimited addresses
- Use disposable addresses with suspicious domain names
- Buy real, mature email addresses in bulk from legitimate services such as Gmail or Hotmail on darknet/clearnet marketplaces
This gives fraudsters a lot of control, as they can still receive emails from your business, without attaching any real ID or financial details to the account.
Moreover, it makes it easy to create an address where the name matches the one on the stolen credit card whose details they have acquired. If they come across a stolen card number that belongs to James Berkley, it’s easy enough to create firstname.lastname@example.org and to send emails from there to avoid suspicion.
So how do you ensure the address points towards a real user versus a fraudster?
Enter email risk assessment technology.
Why Check Email Addresses for Risk Analysis
In the world of fraud detection, the more data you have about your users, the better. This is exactly why you need to focus on every single possible data point you can gather to make informed management decisions.
Here’s how getting more information can help your business:
- Reduce chargebacks: you can block fraudsters before they purchase goods and services on your website with stolen credit card details.
- Protect your users: is someone changing their email address in your system? It could be a fraudster trying to perform an ATO attack, or account takeover. You can flag them if the email address appears suspicious.
- Curb bonus abuse: too many bad users abusing your promotional codes and referral programmes for new signups? It’s time to stop them at the registration stage.
- Block fake users: bad agents who want to join your site with fake IDs and synthetic IDs (a mix of fake and real user data) won’t be able to register.
- Improve your KYC processes: the information you get from an email address can contribute to better KYC checks, which helps prevent fines from regulators and ensures smoother management.
The key point here is that the earlier you block fraudsters, the less damage they can cause to your business.
Real-Time Results, Zero Friction
On top of all the above, email address analysis is near-instant. This has tremendous advantages for businesses who want to reduce churn and customer friction as much as possible.
For instance, SEON returns results in a fraction of a second, which means you can then automate your fraud detection mechanisms at scale. Gather all the right email data, feed it into your fraud prevention engine, and immediately approve or block signups from new users with complete peace of mind.
What It Can Tell You
With the right solutions, you’ll be able to analyze an email address and return important information about the user. For instance:
Is the email address valid? The assessment tool will perform what’s called a SMTP check to ping the domain server and let you know if the address is true or not.
Is it disposable? A clear red flag pointing towards fraud, we can check if the address was created with a service that offers disposable addresses.
Domain Information: was it created with a free domain? Are there any obstacles to creating it? One good example here would be Gmail. Anyone can create an email address with Google’s mailing domain (which would increase risk), but there is now a phone verification step (which makes it less risky), meanwhile, on Outlook there isn’t.
How old is it? Freshly created email addresses tend to increase the risk factor. Addresses that have been in operation for a while pointing to legitimate use.
Found on a blacklist? An email address that has been flagged as fraudulent by other companies can end up on a blacklist. Your assessment tool should be able to check these lists to let you know if there is a risk there.
Found on data breach? An email address that has previously been leaked can point to a mature one, which has legitimately been created and used by a user. This could actually make it less risky.
Does the name look ok? String analysis is a great solution that will look at the actual name of the address. Does it have too many numbers? Or a jumble of characters that look out of place? And does the name match one of the cardholders for a transaction?
Social Media Profiling Rounds Up The Picture
Another powerful analytics help comes in the form of social media profiling. Put simply, it checks if the address has been used to register with a number of social networks, such as LinkedIn, Twitter, Facebook, Instagram, etc…
This becomes a terrific feature for what is known as data enrichment. Firstly, an email address that’s never been used on social media networks should increase the risk.
In fact, SEON statistics show that 76% of people who had borrowed money from online loaning companies and had no social media account ended up defaulting on their loans.
But there’s more: if you can find a connection between the email address and social media handles, your fraud management team can then gather information such as a user picture, last login, and posting location.
The legality of The Process
The good news is that these kinds of analytics are fully legal. Our solution, for instance, is even GDPR compliant, as we only look at open databases to aggregate personal information.
It’s worth noting that not all email profiling tools are created equal in that respect. Always ensure your solution is compliant with local data protection laws to avoid hefty fines.
Ready to Protect Your Business With the Right Tools?
At SEON, we’ve pioneered an innovative email risk assessment tool that works in real-time, directly from your Chrome browser. Simply paste the email address and get all the personal info you need about your user.
But of course, you can integrate this powerful email module technology as part of a full end-to-end fraud prevention solution.
Best of all, you can get started today with a free trial to witness first-hand how powerful an email analysis solution can be to help you block fraudsters and grow your business with full peace of mind.