When you’re building your fraud controls, know this: if you have plans to approve more transactions by whitelisting corporate domains, you’re putting yourself at risk. Big time.
Why? Internal Emailage data show that nearly 92% of transactions are processed using personal webmail accounts such as Gmail, Yahoo, Hotmail, etc.
Why should you be aware of this? Because when fighting fraud, it’s important to differentiate.
The digital passport
If you’re looking to approve more transactions, it may seem like a safe bet to focus on corporate domains. It feels safe to assume that the individual behind that corporate domain is actually part of that corporation. More on that later. In contrast, a domain like “Gmail.com” is associated with literally hundreds of millions of accounts, rendering any attempts at differentiation impossible.
True differentiation can only be achieved when you look at the actual email address in the same way a customs agent would look at a passport.
In fact, the email address is sort of like a digital passport, when you consider:
- It’s used in all online transactions
- Convention is the same across the globe
- The immense history associated over time
Just because someone possesses a passport from a reputable country doesn’t mean they are inherently low-risk. Other factors should be examined. The same goes for the domain of an email address.
But assessing risk at the domain level alone isn’t a viable option. There are simply too many accounts for this to be trustworthy or scalable. Instead, it pays to get granular and assess the individual.
The power of the network effect
This reality underscores the need for solutions that are able to “crowdsource” a network effect and look at transactions on a larger scale.
With this approach, it’s much easier to pinpoint risk factors for large domain email addresses. As we’ve covered, at the aggregated level it’s impossible to ascertain risk from a webmail domain. But when you have the right tools, it is possible to monitor at the individual level.
Providers with network-level intelligence can track activity with email across verticals and industries, which puts you in a much better position to identify potential bad guys.
Verify, don’t trust
You should never blindly trust corporate domains, simply because they can be exploited by fraudsters just like regular webmail domains.
That’s why you need more robust intelligence for that email – to see if it’s valid. And of course, with more sophisticated services you’re able to capture more data than whether an email address is valid. This allows you to dig in and see if a domain has been previously exploited, or at risk for compromise.
When you’re building out a fraud strategy it, pays to have all of your bases covered. I know a lot of my fellow fraud fighters are looking to base strategies around corporate domains. But a truly all-encompassing fraud prevention strategy treats all domains the same and puts the microscope on the individual. That’s the most effective way to determine risk.
Every email address tells a story … Click here to see how email risk assessment can work for your business!