Language

Account Takeovers

Is the Email Address Really Disposable?

June 8, 2017

Imagine: tomorrow, for whatever reason, you’ll lose access to your email account.

You know, the same one you use for almost everything?

This recently happened to a friend of mine. For his personal email account, he was using a very old provider. They let him know that very soon, his email account would be closed. They would no longer offer the service.

Here’s the kicker: Though it was free account — my friend was willing to pay to keep it. Why? Because pretty much every piece of online business he conducted was tied to this account.

First, let’s clear the air

Is the email address disposable? Sure. They are very easy to create. Some services even allow you to create temporary inboxes by the dozen.

But let’s not get carried away — how many people do you know who actually do that? If you are conducting a transaction with even a hint of importance, you probably use your actual email address. Even legitimate domains require very little in the way of identity verification when setting up an email account.

In recent years, the email has become a bit more formal. As a personal communication method, it has been supplanted with quicker forms of communication. But for formal business transactions, it’s become an important medium to verify identity and keep things organized.

Just imagine getting financial statements via text.

But the vast majority of people will stick with the same email address. DMA Insight’s Consumer Email Tracking Study found that 91% of email users have the same email address for at least three years.

In this article, I’ll share a bit of insight into why good customers don’t view email as disposable. More importantly, I’ll share how you can use this reality for better up-front risk decisioning.

Creating a new email account is easy

But keeping track of everything associated with that account is a hassle. To say the least.

I’ll use myself as a test case. I’ve had my personal email address for 12 years. Here is everything tied to this account, just off the top of my head:

To change the email, I would have to go through and update every one of these accounts. Maybe some I don’t even remember. If I didn’t, I would miss out a lot of important information.

I receive all my bills and bank statements in this email. Without access, I could be late for a payment and have my credit score impacted.

How much information and history is associated with an email address?

By looking at my email, you can see where I work because it’s connected to social media activity. You can also determine where I went to school, what I like to buy, my friends and even the music I listen to.

You can see how much information associated with this simple piece of data.

According to internal Emailage data, 92% of email accounts used in online transaction are personal.

It makes sense, right? People want control of their email account. Corporate or work-based emails are subject to change when jobs do.

Side note: You should never blindly trust corporate domains. They can be exploited by fraudsters just like regular webmail domains.

Good customers exhibit good behaviors

Even if a fraudster uses a compromised account, the behavior will be much different than that of the account owner. Monitoring velocity signals, which is the amount of transactions within a given timeframe, can highlight (and block) this activity.

Farming email addresses to give an appearance of the history and presence of a legitimate customer consists is a lot of work. Linking these emails address to the same entity can prevent the massive fraud attacks that are becoming all-too-common.

Putting email address history & behaviors to work

All this history and associated behaviors can be used for much stronger up-front risk assessment.

For example:

  • How long has it been in use?
  • Transaction behaviors
  • Is it an active and valid account?
  • Is this email account computer generated?

Compromised accounts are a threat. But looking at behavior (how the email is used in transactions) and monitoring network signals, this tactic can be prevented. These elements make it much harder for the bad guys to succeed.

By taking a deep look behind the email address, that individual isn’t going to look as “new” as before. This goes a long way to help you improve your existing process.

In conclusion

The biggest challenge facing companies isn’t necessarily online fraud. It’s striking a delicate balance between rejecting fraudsters and approving trustworthy customers. A lot of revenue hangs in the balance.

When you stop a fraudster, that’s a one time loss prevented. But every time you deny a perfect customer, or send them to manual review, you risk losing lifetime value.

Combine this reality with the intelligence associated with an email address over time, and it’s clear that the email address is a critical piece of data in the fight against fraud.

Click here to discover how you can leverage email intelligence to stop fraud, approve more transactions and drive revenue.

close-link
close-link
close-link