One of my favourite parts about my role at Emailage is discussing the unique fraud prevention industry with my peers. Having a common enemy in organized fraud rings incentivizes the sharing of knowledge and intelligence, sometimes even among competitors.
One commonality I’ve noticed in recent conversations is a focus on creating an effective yet streamlined way to verify customer identity for digital orders. In this piece, I’m going to share a bit more about some trends and how we fit into the conversation.
As we all know, massive data breaches imply theres a lot of personal data for sale on the dark web, making digital identity validation and transaction risk assessment increasingly difficult.
Here, we move into a tough reality: what happens when all the data appears to match, yet the person using it to transact isnt the true owner?
Two fresh fraud trends weve observed
In cases where stolen data – such as name, address, SSN or phone number – is used in a fraud attempt, we generally don’t see fraudsters taking the extra step of gaining access to the victim’s email account. Why? Because it’s not easy to gain control of an email account without the victim knowing it. Fraudsters work at scale. A one-off attempt to get a password via phishing or malware is time consuming. Fraudsters skip this step in favour of creating a new email address and attempting to pass it off with the rest of the stolen data.
In an account takeover scenario involving a compromised email address, the trend differs. Here, fraudsters attempt to exploit the existing consumer accounts associated with a breached email address. Once fraudsters are in, they run scripts to identify accounts linked to the email address. Exploiting and monetizing those accounts then only requires a simple password reset, a much faster path to cash than farming new accounts.
It should be noted that this process happens at scale, with automation playing a big role. Very concerning at a time when it seems like each week brings new headlines about a major data breach.
At Emailage, we’re observing a trend toward specialized tools to combat these types of fraud. I recently spoke to a company rolling out a very specific set of solutions which target synthetic ID fraud. It’s a space to watch, as we all know how quick fraudsters are to adapt, and the data breaches just keep coming.
A look into how we fight back
The email address is our core data element for predictive fraud risk scoring. We connect over 200 other data elements to the standard name, address, phone, IP and device. Our consortium-style Global Identity Intelligence Network allows Emailage to cross-validate history and patterns for millions of emails, creating a clear picture of how a real email ‘behaves’ across the web.
This process gives a holistic view of whether the person behind that transaction is who they claim to be. As this data evolves, emails lacking salient pieces of information, or whose identity simply doesnt add up, are easy to identify. The result is greatly enhanced hit rates for card-not-present fraud, chargebacks and synthetic ID fraud in a scalable manner.
However, at Emailage, people are our greatest asset. Every day, our decision scientists engage with our customers, instead of keeping them locked in a side office. We are constantly seeking frontline feedback, advising around modelling or suggesting rules.
Together with our fraud specialists, decision scientists refine our predictive risk scoring to be the best it can be for each customer’s specific use case and business model. This layered approach allows us to build individual models that fight back at the growing threat posed by todays fraudsters.
In closing
The email address will always remain at the core of how we fight back against online fraud. But several other elements, such as enhanced machine learning and behaviour analytics, are already providing robust digital identity validation for our customers. As a result, we’ve been asked to play a much bigger role in a wider variety of use cases.
Two years ago, we were a key part of the conversation around online fraud prevention. Now, we are being discussed in terms of digital identity validation, brand protection, content abuse and much more. We’ve worked very hard to provide a solution which reduces the risk of fraud while allowing for business expansion, so this is a very exciting time for us.
Yet, there’s no silver bullet for fraud prevention. These trends need a more sophisticated approach to predicting and assessing risk. We must all be vigilant and work together. I look forward to doing so alongside my fellow fraud prevention professionals.
About Amador Testa
Amador is a fraud prevention expert with extensive experience in leading product management and strategy to combat fraud. He is an industry leader in online fraud, identity theft mitigation and cybercrime investigations.
About Emailage
Founded in 2012 and with offices in Phoenix, London and Sao Paulo, Emailage is a leader in helping companies significantly reduce online fraud. Through key partnerships, proprietary data, and machine-learning technology, Emailage builds a multi-dimensional profile associated with a customer’s email address and renders a predictive risk score.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now