It’s no secret that online merchants are in a perpetual battle in mitigating credit card fraud. Rates of fraud are escalating because it is a fast-earning, largely anonymous, easy crime to commit. In fact, there are cybercrime ‘businesses’ and hacking groups all over the world, particularly in the eastern Europe and Asia regions, whose missions are to swindle unknowing consumers, businesses and the credit card brands out of goods and revenue.
Merchants, however, are fighting back against credit card fraud. According to the recent webinar, The Critical Role an Email Address Plays in Fraud Prevention, offered a new tactic in denying fraudsters: The age of an e-mail address.
The webinar was hosted by DJ Murphy of CardNotPresent.com, and featured experts Brett Johnson, a former hacker and convicted credit card fraud thief who now works for law enforcement; and Amador Testa, CEO Of Emailage.
A key issue that might curb credit card fraud
The webinar brought forth a key issue: Should G-Mail, Yahoo and other e-mail providers make available to the public the date when an e-mail account was created? They currently do not.
One of the fraud indicators is the life of an e-mail address: If the e-mail account was created within the last two weeks, it is likely fraudulent. The longer the life of an e-mail address, the less likely it is fraudulent.
There are companies for hire that can track the age of an e-mail address, but for merchants, it is a difficult (and time consuming) task.
Check the domain of the e-mail
In the film, The Guard, there is a terrific and very telling exchange between Brendan Gleeson, the chief of police in a small Ireland town, and Don Cheadle, an uptight American FBI agent, who are tracking a drug ring along Ireland’s west coast:
Gleeson: You know, I been readin’ where they’re smuggling the cocaine over to Colombia in submarines – submarines they built themselves, like.
Cheadle: Yeah, it sounds insane, but it is true. You are correct.
Gleeson: Crafty little buggers. Y’have to admire their enterprise, huh?
Cheadle: No sergeant, you don’t.
Gleeson: Ahh ya do.
If only fraudsters and hackers could channel their intelligence and creativity into something constructive. Wishful thinking.
Fraudsters have no limits, and are now known to purchase dormant company domains, dress them up so that they pass for legitimate business websites, and use the e-mail addresses associated with the domain when they make a purchase with stolen credit card credentials.
Alas, taking two minutes to examine the website connected to the e-mail can be the difference between a legitimate and fraudulent purchase.
Check social media websites for these profiles
You receive a first-time order – a large order, at that – from a customer using a legitimate-looking e-mail address. But something doesn’t make sense. Perhaps it’s several of the same products or only high ticket products, so you decide to do some due diligence.
One effective way of verifying if a customer is legitimate is by searching for their social handles through their e-mail address.
- Do they have a Twitter, Facebook, LinkedIn or Instagram accounts?
- If so, is there a fair amount of activity or are they empty?
The latter would insinuate a fake account to support the e-mail address.
Identifying Spammy E-Mails
Once in a while, I’ll check my spam folder in my e-mail account to see what might be in there (and to get a good laugh – it pays to have a first class cyber security firm behind your company). Below are four examples:
We see quite a few e-mail addresses – G-Mail mostly – with prefixes that are ungodly long and appear to be machine-generated, requesting sensitive information. Periodic checks through your spam folder will help identify the bad actors.
Gather, Maintain and Share
We know many online merchants who are fighting back against credit card fraud, who are maintaining a database of e-mail addresses and domains which have or attempted to defraud them. The use of interactive websites such as Reddit can also be very effective as an information sharing tool. Sharing stories and information on social media channels is also advisable.
What cyber security precautions do you take for your online business? Leave us a comment below.