For each dollar of fraud, retailers typically spend $3.13 in transaction fees, interest, merchandise replacement and redistribution. Learn how email risk assessment strategies can reduce online fraud.
Just a few months into 2020, online fraud estimates topped $12 billion. For retailers, the cost can be staggering. For each dollar of fraud, retailers typically spend more than three dollars in transaction fees, interest, merchandise replacement and redistribution.
It's caused many merchants to be much more careful in the type of orders they take. As they become more restrictive due to fraud, they're losing customers and revenue. False declines account for as much as $13 billion annually for U.S. retailers. In reality, the losses are far greater – more than one-third of customers say they'll never shop with merchants again after a false decline.
When you consider that online fraud can reduce the average e-commerce seller's revenue by 5%, reducing fraud is crucial to managing the bottom line.
An emerging trend in prevention is email risk assessment. As part of an effective online fraud prevention strategy, it can be an effective way to mitigate risk.
What is email risk assessment?
Email risk assessment is the practice of validating a potential customer's email address against information about that person that exists online. There's a wealth of data available that’s associated with an email address. This information can be used to validate a customer's identity and even evaluate their reputation.
Scammers can fake identities using stolen information. Email risk assessment uses data, such as name matching, email address validity, and validating social media profiles to make better decisions about accepting orders. You can also check whether a particular email address is on a blacklist for fraudulent transactions.
This process builds a profile for each email being used to complete a transaction at an e-commerce retailer. These profiles can then be analyzed in real time to determine an email risk score. These scores (or reputation) provide the email risk assessment tools the ability to allow the transaction or decline it on the spot.
Reverse email lookup
It's almost impossible to create an account online today without having an email address. This makes email addresses incredibly valuable to you and to fraudsters. If an email gets hijacked, fraudsters can use it to gain access to your online accounts by impersonating your identity, making purchases and even stealing your identity.
For e-commerce retailers, these fraudulent emails create a significant threat to their business. This is where reverse email lookup comes in.
Email background checks, also known as reverse email lookup, let you check personal information about customers by searching public databases and social networks for links. Among the things you can find are:
- When an email address was first seen online
- Whether it is registered on social media
- Whether it uses a free domain provider
- Whether the email address is valid or deliverable
- Whether the email address has been included in a data breach
This information helps businesses evaluate the legitimacy of an email being used to make a purchase or create an account.
How reverse email lookup helps reduce online fraud
Here are some of the ways reverse email lookup helps reduce online fraud:
1. It verifies whether the provided email address is real or not.
The first step in email risk analysis is to determine if an email address is real or not. An SMTP check is a reliable way to check that. A query is sent to the listed domain, such as @yahoo.com or @gmail.com, to find out if the email address actually exists. This is done by pinging the mail server and receiving back a message telling you whether the email exists and can receive emails.
2. It assesses the type and quality of the domain.
Not all domains are created equal. Some are more trustworthy than others. For example, mail.com seems like it would be reputable, but it’s free and easy to create an account with them, making it a target for fraudsters. Other email service providers require verification processes, like SMS verification, to create an account. The more verification steps an email service provider requires when creating a new email address, the less likely that service will be used by fraudsters.
In addition, with custom domains, you can easily check if the domain exists and how long it's been registered. A domain or email that's newly created could be used for a disposable email, which carries much higher risks. Domain quality is, therefore, a very good indicator of whether an email is trustworthy or likely a fraudulent actor.
3. It can verify the person's identity by matching it with known social media profiles.
Probably one of the most effective ways to validate an email address is to see if it's been used to create social media profiles, also known as social media profiling. Social media profiling can attempt to match email addresses with social profiles on platforms such as Facebook or LinkedIn. This can help verify identities.
Data such as name, profile picture and email address associated with social media profiles can sometimes be made public depending on the user's privacy settings on each social media platform. This is known as social data. By analyzing this data to match it with an email address being used to make a purchase on your e-commerce store, you can determine how risky it is.
For example, you may find that there's no social media profiles that match the email address being used to make a purchase. That customer may be deemed to be riskier.
Seventy-six percent of defaulting customers in the lending industry used email addresses that were not associated with a social media account. By linking an email address to social media profiles, you can also gain additional information, such as the person's name, workplace, location, bio, gender and more. This would take a significantly longer time to collect manually from multiple data sources.
4. It checks whether the email address is on certain blacklists.
Email blacklists are lists of domains or IP addresses that have a history of sending spam emails. These blacklists are used by free email service providers, anti-spam vendors and internet service providers to prevent spam from flowing through their platforms.
There are a number of real-time email blacklists available such as Composite Blocking List, Spamhaus Block List, Spamcop and SenderScore. A reverse email address search can match up email addresses against these public blacklists.
5. It verifies whether the email has been involved in known data breaches.
Another risk marker is found when an order is placed using an email address that is on a list from a data breach. When an email has been tagged as part of a data breach, you can find out how old the email address is and how often it has been used.
6. It conducts a string analysis of the email to verify authenticity.
You can analyze the quality of the email using string analysis. This email profiling tool looks at the construction of the email to determine if it looks suspicious. In other words, it measures the likelihood that the email address was created by a person rather than a bot or scammer. One sign of fake emails is when it includes errors, a large number of special characters or if the name is logically associated with the email address.
Some things that these systems look for include:
- Does the name being used in the email address resemble the person's name?
- Does the email address use strange words or suspicious characters you wouldn't normally see?
- Is there a high consonant-to-vowel ratio?
What to look for in a reverse email analysis tool
If you're looking for a good reverse email analysis tool, make sure you find one that works in real time and can scale. Some businesses have large numbers of transactions that come in concurrently. A slow reverse email analysis slows everything down.
It should also feature customizable risk scores to streamline the review process. This will allow you to determine the threshold for risk that you are comfortable accepting. This threshold can automatically determine whether to approve, decline or review a transaction.
Email profiling should integrate with other fraud-fighting tools, such as device fingerprinting and machine learning to produce a more complete picture and optimize performance over time.
A more recent requirement of these solutions is the EU's data protection regulation, GDPR. Make sure any tool you use is compliant with these regulations by only using open-sourced data.