An email address can reveal more about a person than one might think. Last week, a startup called Emailage raised $3.8 million in a series A round to build out its technology for determining risk based solely on email addresses.
In the last year, Emailage flagged more than 2 million transactions as risky based on analyzing shoppers’ email addresses, which the company says saved its 200 clients about $150 million in fraud globally. The company’s algorithm takes into account hundreds of elements for risk analysis, assigning email addresses a risk score from 0 (least risky) to 1000 (most risky). In cases of high risk, Emailage recommends merchants manually review flagged transactions.
Though the company didn’t reveal all of its secret sauce, CEO Rei Carvalho walked us through some of hundreds of factors it uses in its analysis:
- Email domain: “The analysis of the email domain can be very powerful, as it allows the understanding of the existing controls around the creation of an email address,” Carvalho tells Quartz. In general, corporate email addresses pose less risk when it comes to online fraud versus email services open to the public, such as Yahoo or Gmail.
- Age of email address: Emailage can obtain information about the age of some email addresses. An email address created around the time an order was placed is another red flag for merchants.
- Numeric patterns: Patterns in email handles, such as the numbers in John12345, can also be a possible sign of fraud.
- Logic patterns: More sophisticated fraudsters use technology to automatically generate email addresses. “The act of creating these addresses often reveals patterns of logic used to create them,” says Carvalho. “We can detect these patterns and identify other email addresses associated with the same fraud ring before fraud happens.”
- Email tumbling: Some email addresses, such as those from Gmail, still work when users add special characters, such as a period or plus sign, to the handle. People sometimes use this workaround to create multiple accounts with one email address.