International Finance
Cyber Security Magazine September - October 2018

Phishing for trouble? This fraud prevention company can help

Phishing for trouble? This fraud preventioin company can help
Ecommerce merchants are tasked with the responsibility of protecting themselves from sophisticated fraudsters, but in reality, their defences aren't as strong as they should be. Rei Carvalho, founder of fraud prevention company, Emailage elaborates on what businesses need to do to protect themselves and their customers, and to understand why the email address is the key to minimizing the risk of online fraud.

Ecommerce is hugely popular today. However, the sector is also prone to sophisticated phishing attacks. Every day, millions of people fall victim to account takeover, data breaches and bust out scams, which puts businesses at risk of short-term financial loss and long-term reputational damage. Fraud prevention company Emailage is helping businesses across the world improve their cyber defences and keep fraudsters at bay.

Tell me a bit about Emailage’s main business model
Emailage is a global fraud prevention and identity verification company which harnesses crowdsourced network intelligence to provide a predictive risk score based on an email address. Through key partnerships, proprietary data, and machine-learning technology, We build a multi-dimensional profile associated with a customer’s email address and renders a risk score for potential transactions. In turn, those organisations using our solution receive significant savings as a result of identifying and stopping fraudulent transactions.

How is Emailage tackling online fraud?
We are the world’s only fraud prevention solution that uses email metadata as a core factor to predict and prevent fraudulent purchases. We harness positive and negative signals associated with email addresses to help customers balance effective fraud detection with great customer experience. Companies across the globe use our predictive scoring on transactions of all types. Our network’s constant growth enables 90% of fraud detected to be driven by attributes coming from our proprietary algorithms.

Before our founding in 2012, companies relied on their own siloed technologies and databases to incorporate email addresses in their fraud tools. This consisted mostly of manual processes, one-to-one comparisons and maintenance of internal blacklists. In today’s fast-paced digital world, this becomes hard to sustain for many businesses, particularly for those at the smaller end of the scale.

However, Emailage has managed to change the entire fraud landscape by breaking these silos with unparalleled global coverage and a commitment to unite companies in the fight against fraud – one of our core mission statements.

Our unique technology allows us to use over 150 different datapoints to assess whether a transaction is being made from a genuine source. When a call is made to Emailage the data intelligence is summarized into an easy-to-digest risk score. The scores range from 1-999: 1 being the lowest risk, and 999 being the highest. We provide these scores to our customers, who then decide whether or not to authorise a transaction.

Emailage’s contributory consortium model database monitors for transaction velocity and criminal behaviours across the world. This gives us a multi-layered approach to assess an email address and provide a holistic view.

Since our launch we have mitigated over $1bn worth of fraudulent purchases for our customers – something we’re extremely proud of. What’s more, in such a short space of time, we’ve grown our client portfolio to include four of the six largest issuing banks, five of the top 10 eCommerce retailers, three of the five biggest global airlines, the top three computer manufacturers and the top five P2P money transfer companies. Additionally, many more are part of the network through partnerships with the five largest anti-fraud platforms.

Why is the company focused on the APAC region for expansion?
APAC is a focus for growth given the region’s rising rates of online fraud – as many as one in five APAC consumers have been victims of fraud, according to a recent report by Experian[1]. With this in mind, we’ve recently opened offices in Sydney and Singapore.

Expanding into the region means Emailage will be able to support more businesses in a diverse range of global markets, while further bolstering its customer support and product development operations. When it comes to fraud prevention, having the specific knowledge and expertise on the ground can add huge value to our customers – particularly in an environment where needs and challenges can be very bespoke to different companies.

We are based predominantly in Brazil, North America, and EMEA, with 107 staff members in seven offices across the globe.

What is the extent of risk that businesses face today due to online fraud?
Fraud is rarely conducted by a lone attacker, there’s often organised criminal groups working collectively to commit fraudulent activity. Collaborative movements span continents, and fraudsters will freely exchange strategies and share personal information over the dark web.

The funds raised from fraud often support other criminal gang activities such as: money laundering, drug trafficking, people trafficking and even terrorist financing. With this in mind, an attack on a business could actually be funding serious organised criminal activity across the globe.

Can you elaborate on the technology expertise required to deal with online fraud?
At Emailage, we believe in a scientific approach to risk assessment. This belief is made real with heavy investment in knowledge of risk management and modeling.

What’s more, collaboration plays a key role in our unique approach too. For instance, our predictive fraud risk score is powered by crowdsourced network intelligence – this providing the really powerful insight that sets us apart from other players in the market. As a result, our team of specialist fraud decision scientists have access to an immense hub of usable data and insight that they can put to effective use in the fight against fraud. Many of these scientists work on product improvement – ensuring we stay ahead of fraudsters whilst also meeting customer expectations – as well as working to improve our predictive fraud risk scoring.

To maximize effectiveness, our fraud decision scientists also put a lot of emphasis on working collaboratively with customers. There’s enormous value that can be gained by taking this approach. Firstly, it helps Emailage to establish a constant loop of feedback – allowing us to stay in-tune with the challenges and threats our customers are constantly faced with. What’s more, it allows our fraud decision scientists to get insights into trends in real time – this then being fed back into our pool of data. Secondly, it allows our customers to interface with Emailage’s experts and get the best practices support they need.

The end result of all of this is that our clients have the peace of mind that they are minimizing fraudulent transactions and can concentrate on doing what they do best – maintaining strong and secure operations whilst growing their business.

What is the biggest security lapse you see in the ecommerce sector today?
The biggest security lapse is a general lack of ability to perform robust digital identity validation in a way that doesn’t add friction to the customer experience. For example, Digital Transactions reported that 35% of the orders rejected by large retailers turned out to be legitimate – up from 25% in 2016.

As a result, it’s important to build a clear picture of who’s behind a transaction. Verifying only standard transaction data, such as name or address, means there are still lots of unexplored gaps in an organization’s visibility. There’s no way to tell if the person behind a transaction is actually a fraudster using stolen information.

The email address is perfect when it comes to verifying customer identity. For instance, an email is collected during every transaction and there is a lot of history attached to a single address that cannot be faked. This includes whether the email account is active and/or valid, the tenure and ownership of the address, and what its previous transactional behavior is. All of these factors are analyzed and assessed by Emailage when it comes to providing a risk score.

Online fraud is seldom done randomly – it’s usually an organized attack. How do you normally tackle the same?
The main result of sustained, methodical probing at scale is that fraudsters know exactly which companies are vulnerable to attacks, and how and when they should make their moves. Therefore, we believe that assessing fraud risk exposure, regardless of current fraud losses, is critical for companies doing business online.

For a fraudster, obtaining information is easy, but controlling the email address is an entirely different challenge, one much more likely to cause issues. Of course, they could use a customer’s real email, but the window of opportunity is far too narrow, as the consumer themselves will be alerted of the transaction and may be able to stop it before it even goes through. Similarly, staging an account takeover attack and impersonating the real customer is a complicated process, and cannot be employed at a level that’s scalable – this slashing potential profits right from the off. As a result, fraudsters use the most common method of tackling this issue: creating a fake email address. This process is free and easy, requiring almost no time at all to create an email that ‘appears’ to be real.

That’s why what we have created at Emailage is such a key differentiator in the risk assessment industry. We can cross-validate the email history and patterns of millions of emails, creating a clear picture of what a real email behaves like.

With access to a continuously evolving pool of data and insight, emails that lack salient pieces of information, or don’t quite add-up are easily identifiable to Emailage as being potentially fraudulent. As a result, this greatly enhances our hit rates in cases such as CNP, chargebacks, and synthetic ID fraud in a scalable manner.

It’s this scientific approach to fraud prevention that is the reason that we’ve become so trusted in the field in such a short space of time.

What's New

ROSHN: Shaping Saudi’s Urban Vision


Regulation around AI is needed: iQmetrix Senior VP of Revenue Jason Raymer

IFM Correspondent

The battle against SIM card theft

IFM Correspondent

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.