Recently, I traveled to San Francisco for customer meetings. I love visiting the Bay Area, it’s very energizing. Anyone you talk to is working on something “new” in one way or another. Working at Emailage, we get a little slice of that lifestyle in the Arizona Desert.
After a great few meetings, I met up for lunch with one of my contacts. Let’s call her Sue.
If you know anything about me, know I love to talk about fraud, so I was expecting a pretty good conversation. I’m pleased to announce I was not let down.
During our chat, Sue mentioned that she had been reading a lot about digital identity lately. This brought me to think about how the email address is used everywhere online; in many ways, it’s the core of digital identity.
What is digital identity?
My conversation with Sue confirms my suspicion that “digital identity” has become somewhat of a catch-all phrase. In my role at Emailage, we’ve seen that it’s common for customers and prospects to conflate the term with other types of identity, typically verified by static data lookup providers.
The official definition of digital identity is “information on an entity used by computer systems to represent an external agent.”
In my world, I define a digital identity as comprised of the pieces of information most commonly used online to identify an individual, and should not be confused with the typical physical identity. Most glaringly, digital identity does not include common information like social security number or birthday. Instead, digital identity is better represented by dynamic data points. These include email address, billing or shipping address, IP, phone number and more.
It’s important to separate standard identity verification tools, which confirm physical or governmental pieces of information, from digital identity. Why? Because these elements are easily compromised.
Email is one of the few pieces of information that can’t be fully compromised.
Identity data is easily accessed via the dark web. I can buy 1,000 identities for a few dollars. But the fraudster isn’t looking to 100% pose as the victim. Instead, criminals will piece enough together to attempt transactions.
For example, if a fraudster steals my credit card info and address, they still can’t use my email account. I’d find out right away, plus elements like two-factor authentication have become mainstream.
The fraudster is after low-hanging fruit. Rather than try to break into my inbox (which can be very complex and difficult), the fraudster will simply create an email address that may look like it’s mine.
This ties back to what Emailage has been doing over the past seven years—putting email at the center of online fraud prevention. Because even if all other information is legit, it’s nearly impossible to mimic the email address.
Not to mention, your email is 100% unique; only you have your email address. That’s why we refer to the email address a unique, global identifier. People have tried different forms of data for years, like social security numbers or device IDs, but none of them are unique. None of them have globally recognized syntax and a lot of the time, they can easily be hacked or stolen.
The email address: an online passport
Nearly every online interaction, whether it’s logging into iTunes, your Google account or your bank, requires you to present your email address. That’s probably the first piece of data, and it’s mandatory.
At Emailage, we look at the details behind that email address: How old is this email? How many interactions has it had? Is it linked to any social media accounts? Does the name link to the applicant name? What type of job title does the applicant hold? Where does the IP originate from? How does that interact with our network? Has this IP address been associated with hundreds of emails in the space of two hours? Has it got historical connections to other things?
The email address may have booked tickets for events hundreds of times, opened accounts or been used to buy things online. We can then bring all that publicly-available information together. If that email address is presented to us, we can then say it’s been active for several years and that nothing negative is associated with it. Our solution will provide a score indicating that this identity is a really safe person to do business with. Equally, we can help catch any potential fraudulent activity as quickly as possible.
Yet, there’s no silver bullet for fraud prevention. Rising online fraud threats require a sophisticated approach to predicting and assessing risk. We must all be vigilant and work together. I look forward to doing just that alongside my fellow fraud pros.
I invite you to follow me on LinkedIn
Download this CNP.com white paper to discover how you can use the email address to strike fear in the heart of fraudsters while boosting your bottom line.