Email: The Weapon Against Identity Fraud
About 4.5% of U.S., or 15 million Americans, were victims of identity fraud in 2021 and 33% of Americans have experienced identity theft according to the Bureau of Labor Statistics. Chances are, you or one of your customers has become a victim of this epidemic.
All too often, we see news stories about major retailers exposed to massive data breaches. It’s just a matter of time until these stolen identities will be used for illicit gains against banks, financial institutions and online marketplace lenders.
According to Linkurious, 45% of fraud happens online.
American consumers reported losing more than $5.8 billion to fraud last year, up from $3.4 billion in 2020 (an increase of more than 70%), according to the Federal Trade Commission
Prevention, detection, and investigation are also costly. For online fraud alone, it is expected that these costs will reach $9.3 billion by 2022. Within financial institutions, these costs have been steadily increasing. In 2020, the average bank spent $3.78 for every dollar lost to fraud.
Financial Institutions and banks not only have to spend a lot of money and resources to prevent fraud, they are also most likely to write off these financial losses to restore trust and make their customers whole.
In the world of phishing scams—which is the attempt to acquire sensitive information such as username, password and other personal details through credit card skimmer devices and ransomware—scammers and fraudsters keep on inventing new ways to defraud Americans.
Third party fraud is most likely organized crime and has the biggest impact to financial institutions or online marketplace lenders. These fraudulent events usually happen very quickly and if the institution is unprepared, millions of dollars could be lost and recovery efforts are often fruitless.
According to Andy Morris of ACI Universal Payments, identity theft, synthetic identities and account takeover are still major problems; it is easy for financial institutions to miss true fraud versus bad debt. He argues that there are subtle differences and suggests looking at certain age brackets for higher propensity of fraud to identify what is routine and what are inconsistent activities.
Most of the financial institutions operating today are aware of basic preventative measures when it comes to identity validation or verification, but for businesses and business owners there is a piece of crucial information right under our noses that we have often taken for granted: the email address.
An email address tells a lot about an individual or a potential fraudster. It may be any company’s first line of defense against potential fraudsters. AtData has developed an industry leading, global fraud prevention service that covers multiple data points with a customizable tolerance to suit any business’s needs.
The Anatomy of an Email Address
Before explaining how an email can stop fraud, we have to talk about some elements of an email. An article from Hartford User Group Exchange (HUGE), a personal computer user group from Glastonbury, Conn., discusses 4 elements of an email address:
- Name is the name of the person or position to whom you are sending the email.
- Company is a unique designation for the computer storing the addressee’s email.
- Organization Code [top-level domain name] is a three-letter code which designates the type of organization that operates the computer where the addressee’s email is stored.
- Country Code is a code used to designate the country where the computer and organization are located. Many addresses in the US do not include a location symbol, but some do.
If we examine our records, we have to question whether applicants with email organization codes ending in .gov, .mil, .edu, .org or .com might have some fundamental difference in fraud characteristics.
We also must look at the Name section of the email. Older email address might have shorter names than newer email addresses. The combination or percentages of numbers and letters in an email address might also tell you whether the email address could be a fake or throwaway email address.
Perhaps the time between born-on date or the first-seen date of an email address and the time of a credit application indicates a throwaway email created for the sole purpose of fraud. A recently created email that has a first-seen date of less than six months ago is a glowing red flag.
You could also use the demographics collected from an email address to match other data attributes from other sources such as credit bureaus. If the age band or income band has a significant difference between these sources, it’s another red flag that the person using this email is not who they say they are.
How Does Email Fraud Prevention Work?
Our Fraud Prevention service, at its core, scores email addresses based on these key metrics and data:
- Date first seen: The date AtData first encountered the email address
- Longevity: A score indicating when AtData first encountered the email address
- Velocity: A score describing the level of activity of the email address over the past 6 months
- Popularity: A score reflecting the popularity of the email across AtData sources in the past 12 months
- Validation: Flags invalid and risky email addresses through proprietary methods
- Domain Check: Blocks toxic or high risk domains
- Tumbling Check: Catch fraudsters using multiple variations of the same email address
- Fraud Consortium: Identifies fraudulent emails reported by our network
Each of these metrics and data elements is critical in its own way for understanding whether or not an email address is potentially fraudulent, but experts agreed that age is especially important. Why? Because if an email shows activity over a longer period of time, it’s probably legit. But if you start seeing emails with less activity and/or relatively recent create dates, that’s a sign the email is potentially fraudulent. Our Fraud Prevention Video will help explain all the elements in further detail.
This falls right in line with AtData’s feedback from clients; many suggest that the date first seen of an email is typically a strong indicator of an email’s legitimacy. That said, velocity and popularity have their place, too. And when these data points combine with a client’s first party data/analysis, the client can gain excellent insight into how widely used an email is, and, therefore, its legitimacy. This means fewer fake or malicious leads, customer inquiries, and purchases.
Want to bring fraud prevention fueled by email data to your organization? Reach out to our team for a quick call!
Tagged with: | authentication, Synthetic |
Posted in: | AF Education |