February 1, 2018
[Editor’s Note: February is Email Risk Assessment Month at Card Not Present (sponsored by Emailage). The email address has become the most important identifier attached to online activity. It’s pervasive, a part of just about every login, transaction or account created or performed in the digital arena. Fraudsters know that to cash out, they must steal or create an email address. Check back here throughout the month for updated content aimed at helping merchants understand how accurately assessing the validity of an email address has become vital for their online businesses.]
How long have you had your email address? If you’re like most people, quite some time.
According to DMA Insight’s Consumer Email Tracking Study, 91 percent of email users have the same email address for at least three years, and 51 percent of email users have the same email address for more than 10 years.
Despite a blizzard of new forms of communication, it’s clear email remains the most consistent across time, region and devices.
There’s a problem with the email address that also presents an opportunity: it’s highly under-utilized by many companies as a key data point in an overall risk assessment strategy.
Why the email address for identity validation and fraud prevention?
Sure, there are other methods to verify activity, such as device ID or a phone number. But if your company operates globally, these methods have limitations.
Unlike an address, driver’s license or even phone number, an email address works globally. It makes sense: Is your phone number global? No, there are different carriers in different countries. How about device ID? People change devices far more frequently than email addresses. So this approach is not really scalable.
While many companies capture email and have a blacklist (a requirement in today’s markets), few are systematically leveraging the intelligence associated with the email address. And no blacklist is going to provide you insights into what fraudsters are up to.
The big compromise in risk management
What’s the biggest value in using intelligence around the email address?
If you really want to block all fraud, it’s possible. Just require every customer opening a new account to submit a birth certificate, passport, three references and a complete job history. That would do it.
But who would actually go through all that to sign up for an account or make a transaction? The friction is too high and customer experience is paramount in today’s marketplace.
In contrast, the email address has become a common denominator for nearly every aspect of doing business online. Whether it’s a new bank account, credit card application, social media account or any type of purchase, providing an email address is part of the process. Your customers are used to it.
Every time an email address is used, it leaves traces. Over a period of time, those traces add up to a very rich story. This story can be examined to assess the risk present in a transaction. This approach offers much less friction than other methods (such as manual review) of determining whether a transaction is a fraud, or legitimate.
The biggest challenge facing companies isn’t necessarily online fraud. Instead, it’s maintaining the delicate balance between rejecting fraudsters and approving trustworthy customers. A lot of revenue hangs in the balance. When you stop a fraudster, that’s a one-time loss. But every time you deny a perfect customer, or send them to manual review, you risk losing lifetime value.
Combine this reality with the intelligence associated with an email address over time, and it becomes clear why the email address is a critical piece of data in the fight against fraud.