Preventing fraud within your business can be simplified with the right tools, and at AtData, fraud prevention is one of the many reasons clients use our Fraud Prevention solution.
To dive into this topic a bit deeper, we spoke with Timothy Li, a FinTech expert and the CEO at Alchemy, and explored how to use email as an early fraud prevention tool, some of the common email red flags, and why our Fraud Prevention solution along with first party data can be a powerful combination.
How does AtData’s Fraud Prevention work?
Our Fraud Prevention service, at its core, scores email addresses based on these key metrics and data:
- Date first seen: The date AtData first encountered the email address
- Longevity: A score indicating when AtData first encountered the email address
- Velocity: A score describing the level of activity of the email address over the past 6 months
- Popularity: A score reflecting the popularity of the email across AtData sources in the past 12 months
- Validation: Flags invalid and risky email addresses through proprietary methods
- Domain Check: Blocks toxic or high risk domains
- Tumbling Check: Catch fraudsters using multiple variations of the same email address
- Fraud Consortium: Identifies fraudulent emails reported by our network
Each of these metrics and data elements is critical in its own way for understanding whether or not an email address is potentially fraudulent, but Li agreed that age is especially important. “If an email shows activity over a longer period of time, it’s probably legit. But if you start seeing emails with less activity and/or relatively recent create dates, that’s a sign the email is potentially fraudulent.”
This falls right in line with AtData’s feedback from clients; many suggest that the date first seen of an email is typically a strong indicator of an email’s legitimacy. That said, velocity and popularity have their place, too. And when these data points combine with a client’s first party data/analysis, the client can gain excellent insight into how widely used an email is, and, therefore, its legitimacy. This means fewer fake or malicious leads, customer inquiries, and purchases.
To further mitigate these fake or malicious leads from infesting your CRM, Li recommends looking at the following red flags.
Email Address Red Flags:
- Too many numbers
Consecutive numbers that don’t resemble a birth year or more than 4 numbers can be cause for concern.
- The presence of swear words
Who swears in their email address?
- Handle is too long or too short
You can usually tell if an email address is too short, but if you need help assessing, most domains have rules on email address length.
- No identity indicator within the email
People love adding their names and/or birthdates in their email addresses. If an email address is absent of one of these, it’s probably a fake.
- Same phone number among multiple emails
Often, fraudulent emails will have the same burner phone number attached in two-factor authentication. Keep an eye out for this.
- Multiple emails with a similar style
Think of it like this: how likely is it that you will see [email protected], [email protected], and [email protected] submitting rental applications, for example? Fraudulent emails often have similar syntax with one or two character differences.
These are just a few of the most common email address red flags for any industry. A couple of additional examples specific to FinTech include:
- Email used to open account online is different from email on an application
If an email address used to open a bank account is different from the email address used to apply for a loan, the application will usually be set aside for analysis to determine if it’s fraud.
- Same password among different emails
The likelihood of the same exact password existing for multiple email addresses is virtually nonexistent. Fraudsters only make this a habit to easily access their various accounts.
But why does email fall victim to some of the most fraudulent practices? Li says it’s simple: “an email address is one of the easiest pieces of information to create. Anyone can create email addresses at no cost without leaving the comfort of your home, but it’s certainly not as simple to create a new social security number or lending history.
With an email address, fraudsters can start virtually any application or test a company’s technological defenses.” This makes it critical to implement the Email Activity Metric fields as a first line of defense.
Real Emails Preserve Your CRM’s Integrity
Fraudulent data is prevalent across all verticals, from ticket resellers, to short term loans, lead generation, and, ironically, even for fraud technology companies. And while these industries experience more fraudulent email attempts than others, it doesn’t mean your business couldn’t benefit from the Fraud Prevention service.
Li says that, no matter what, “there are no silver bullets – you have to triangulate as many data points as possible to determine discrepancies between emails and first party data.” How will data use evolve in fraud prevention? “Location data will play a larger role in forecasting email legitimacy because more clients use apps to engage with customers and some of the engagement involves consent to share a location,” says Li.
Let’s take a look at this in a lending scenario: if someone applies for a loan, a company or bank can take a look at their location data provided consensually through the app. If the applicant’s location data shows they haven’t left their home in the past week, it’s likely they don’t have employment and therefore wouldn’t be a good fit for the loan. In a student lending environment, the same can apply (a “student” should be going to school, and so on).
Essentially, if someone applies for a loan and their location remains stagnant, it doesn’t bode well for the legitimacy of that application.
Our Fraud Prevention service helps determine an email’s legitimacy. Regardless of your business, it’s a good idea to use email data analysis as front line fraud detection to preserve the integrity of your CRM. Learn more about our Fraud Prevention services.