Originally published in Gambling Insider

Chris Thomas, Managing Director EMEA, Emailage Corporation, spoke to Gambling Insider at this year’s ICE London about how a player’s level of risk can be worked out purely through tracking an email address, and how operators can sometimes lose players by implementing the wrong fraud-prevention systems.

Can you give an overall summary of what Emailage does and how you help the gambling industry?

Emailage was formed out of the financial services industry. The company was founded in 2012 and I joined last June. One of our senior executives worked for American Express in Phoenix, and they realised they had all this data, but the one thing they couldn’t do anything with was the email address. They could look at ID data, device data and all sorts of other things, but details about the email were unknown. The initial issue was trying to work out how old the email is. If an email was created yesterday, it’s inevitably higher risk than an email address that is six years old. From there, it grew very quickly.

The realisation is that an email is your digital persona. Whenever you make any interaction online, whether it’s logging into iTunes, your Google account or your bank, you have to present your email address. That’s probably the first piece of data, and it’s mandatory.

Your email is 100% unique; only you have your email address. We realised this is a global, unique identifier. People have tried different things like this for years, like social security numbers or device IDs, but none of them are unique. None of them are transportable globally and a lot of the time, they can very easily be hacked or stolen. Identity data is easily accessed via the dark web. I can buy 1,000 identities for a few dollars. But when you actually analyse how a fraudster operates, they will take my identity, be it my card data for example, but they can’t use my email, because the first person who knows it’s being used is me.

We will then look at the details behind that. How old is this email? How many interactions has it had? Is it linked to any social media accounts? If so, how long has that social media account been active? Does the name link to the applicant name? What type of job title does the applicant hold? Where does the IP originate from? How does that interact with our network? Has this IP address been associated with hundreds of emails in the space of two hours? Has it got historical connections to other things?

Continue reading…