About 7% of U.S. residents age 16 or older, or 17.6 million Americans, were victims of identity fraud in 2014, according to Bureau of Labor Statistics. Chances are, you or one of your customers has become a victim of this epidemic.
All too often, we see news stories about major retailers exposed to massive data breaches. It’s just a matter of time until these stolen identities will be used for illicit gains against banks, financial institutions and online marketplace lenders.
According to Javelin Strategy & Research, $16 billion was stolen from identity fraud victims in 2014 alone.
But consumers aren’t the only victims in this equation. According to American Banker Association (ABA), fraud against bank deposit accounts cost the industry approximately $1.910 billion in 2014.
Financial Institutions and banks not only have to spend a lot of money and resources to prevent fraud, they are most likely to write off these financial losses to restore trust and make their customers whole. In 2014, bank prevention measures have stopped over $11 billion in fraudulent attempts, according to the ABA.
In the world of phishing scams—which is the attempt to acquire sensitive information such as user name, password and other personal details through credit card skimmer devices and ransomware—scammers and fraudsters keep on inventing new ways to defraud Americans.
In another post, What is first, second and third party fraud?, I’ve outlined first party, second party and third party fraud with some top pro tips to prevent them.
Third party fraud is most likely organized crime and has the biggest impact to financial institutions or online marketplace lenders. These fraudulent events usually happen very quickly and if the institution is unprepared, millions of dollars could be lost and recovery efforts are often fruitless.
According to Andy Morris of ACI Universal Payments, identity theft, synthetic identities and account takeover are still major problems; it is easy for financial institutions to miss true fraud versus bad debt. He argues that there are subtle differences and suggests looking at certain age brackets for higher propensity of fraud to identify what is routine and what are inconsistent activities.
Most of the financial institutions operating today are aware of basic preventative measures when it comes to identity validation or verification, but there is a piece of crucial information right under our noses that we have often taken for granted: the email address.
The Anatomy of an Email Address
An article from Hartford User Group Exchange (HUGE), a personal computer user group from Glastonbury, Conn., discusses 4 elements of an email address.
Name@Company.Organization Code.Country code
- “Name” is the name of the person or position to whom you are sending the email. For example email@example.com.
- Company is a unique designation for the computer storing the addressee’s email. For example firstname.lastname@example.org.
- Organization Code [top-level domain name] is a three-letter code which designates the type of organization that operates the computer where the addressee’s email is stored. For example email@example.com.
- Country Code is a code used to designate the country where the computer and organization are located. Many addresses in the US do not include a location symbol, but some do. Here is a list of country codes.
If we examine our records, we have to question whether applicants with email organization codes ending in .gov, .mil, .edu, .org or .com might have some fundamental difference in fraud characteristics.
We also must look at the Name section of the email. Older email address might have shorter names than newer email addresses. The combination or percentages of numbers and letters in an email address might also tell you whether the email address could be a fake or throwaway email address.
Perhaps the time between born-on date or the first-seen date of an email address and the time of a credit application indicates a throwaway email created for the sole purpose of fraud. A recently created email that has a first-seen date of less than six months ago is a glowing red flag.
You could also use the demographics collected from an email address to match other data attributes from other sources such as credit bureaus. If the age band or income band has a significant difference between these sources, it’s another red flag that the person using this email is not who they say they are.
As a fun exercise, have you ever looked at the ratio of the number of vowels in the name of an email versus consonants? Think it sounds crazy? Test it out, tell me what you find below in the comment section or email me.
Email address tells a lot about an individual or a potential fraudster it may be lender’s first line of defense against potential fraudsters.
Timothy Li has over 10 years of experience in FinTech industry with broad expertise in Risk, Credit, Marketing, Compliance and Technology. He’s currently serving as a Chief Information Officer and Acting Chief Marketing Officer for RealtyMogul.com. Tim also serves on various P2P, crowdfunding fintech start-up advisory boards and was recently nominated to serve on the CFPB Consumer Advisory Board. Previously, Tim launched the LoanDepot.com's personal loans division in 2015. He also served as Chief Risk Officer and Chief Analytics officer with various SME and Personal Loans portfolios.