Small merchants may not have a full grasp of EMV chip card acceptance at the point of sale as the Oct. 1 liability shift nears in the U.S., but e-commerce merchants are building layers of defense for the expected spike in online fraud.
Fraud detection technology provider Kount is partnering with Emailage, a security vendor that stresses e-mail analysis as a key way to stop card payment fraud. The Boise, Idaho-based Kount has integrated Emailage into its application interface, making it a part of Kount's software-as-a-service technology that will assess e-mail addresses and leverage their risk factors from a global network.
Analyzing e-mail addresses is a significant security weapon because it is difficult for a fraudster to somehow avoid using an e-mail address or disguising it, said Don Bush, vice president of marketing at Kount.
"When you start looking at an e-mail address it is sort of like an online driver's license because it shows how long you have had it, how good of a driver you are, and what you have done with it," Bush said. "It's really an added benefit to merchants in letting them know a little bit more about a transaction."
Even before the partnership with Kount, many e-commerce merchants were finding Emailage effective as a stand-alone solution, said Cassio Mello, chief corporate development officer for Chandler, Ariz.-based Emailage. "Now they can have that solution with other protections all in one place."
When Emailage obtains an e-mail address, it examines the address against past records, but also for specific traits, especially the creation date. "If it is an e-mail address created just last week or even just a couple of hours ago, that would raise a possible red flag," Mello said.
Such a process helps stop a fraudster from "creating e-mails on the fly" for the specific purpose of committing online fraud, Mello added. In a similar process, Kount partnered with Toronto-based fraud research network Ethoca earlier this year to send merchants near real-time alerts about confirmed fraud and customer disputes with certain credit cards in an attempt to limit chargebacks.
With Emailage, the e-commerce merchant gets a near real-time alert that a certain e-mail address is suspicious or possibly from a confirmed fraudster, giving the merchant time to deny the transaction or inspect it closer.
Every task a consumer engages in for online shopping calls for use of an e-mail address, so "nobody is getting away with not putting an e-mail address in," Bush said. "It seems so simple, it would be overlooked [as a security tool], but when Emailage came on the market it was easy to see that we need to be doing this."
Some credit card issuers have rules in the security screening process, such as looking for swear words in e-mails, which had a high correlation to fraud, said Julie Conroy, research director and fraud expert with Boston-based Aite Group. "E-mail is definitely one more good indicator of potentially fraudulent activity," Conroy said.
Device fingerprint vendors "have had e-mail baked into the way they determine personas for some time now," Conroy added.
Emailage uses these concepts and many others, making it another good tool in the arsenal of e-commerce merchants because it also leverages something that every merchant has readily available [in customer e-mail addresses], Conroy said.
Fraudsters have many ways to mask what they are doing, but an e-commerce merchant with a multi-layer approach to security can make it more difficult, Bush said.
"If fraudsters know you are using certain techniques, they may find a way around it, but the idea is to have enough technologies so that they don't know what got them caught in the net," Bush added. "E-mail is a perfect solution for that, because they cannot get around the fact that they need an e-mail address."
In one week, on Oct. 1, a brick-and-mortar merchant not ready to accept EMV chip cards at the physical point of sale will be liable for any fraud occurring at the point of sale from a mag-stripe transaction from a card presenting an EMV chip. But the migration to chip cards has been a slow crawl, or no crawl, for many small merchants.
But those who also have an e-commerce presence are generally aware of what is going on, and how the shift to online fraud will hit a higher gear, Bush said.
Some smaller merchants who have only an e-commerce presence may not realize what is at stake with EMV, but the word is spreading quickly, Bush added.
"When we started talking about using Emailage, the merchants we have spoken to have been very positive about it," said Bush, who added Kount has been conducting e-commerce fraud education sessions with merchants throughout the country.
Throughout the payments and retail industry, interest in e-commerce fraud tools has heightened, Aite's Conroy said.
"I speak with merchants that range from lower online transaction volume and revenue to those north of $1 billion in revenues, and there is widespread concern for all," Conroy added.