1
0 Comments

Preventing Fraudulent Purchases with Multiple Email Addresses

by camimimorales

In today's digital age, online transactions have become an integral part of our daily lives. However, with the convenience of e-commerce comes the challenge of fraudulent activities, including the use of multiple email addresses to deceive businesses.

E-commerce sites require customers to create an account which is linked to a registered email address. When an online merchant treats a single email address as an individual customer, it means that the email address serves as a unique identifier for a customer account on their e-commerce platform. In this approach, each customer is associated with a distinct email address, and the email serves as the primary means of communication and account verification.

Let's see further.

If a fraudster tries to buy multiple items in quick succession, it will usually trigger a fraud alert on the merchant side. Very soon, that fraudster’s account would be suspended and that will be the end of their crime spree.

That is, until the fraudster signs up for a new email address and creates a new account on that online store. The fraudster repeats this process, signing up for multiple email addresses and creating multiple accounts on the same online store. This enables them to have numerous identities within the system.

Since each account is associated with a different email address, the fraudster can keep returning to the online store as if they were a new customer each time. They can even attempt multiple purchases at the same time using a multitude of email addresses. This could involve placing several orders using different accounts, potentially leading to a higher level of fraudulent activity and financial loss for the online store.

To counteract such behavior, online stores need to implement more sophisticated fraud prevention measures, such as device fingerprinting, behavioral analysis, and other advanced security protocols, to detect and mitigate fraudulent activities associated with the use of multiple email addresses and accounts.

Let’s explore the problems and solutions below.

First problem – Free email providers

The first place that fraudsters turn to would be a free email provider like Gmail, Outlook or Yahoo when trying to sign up for new free emails. Online merchants can easily flag such emails for order verification if they are a small and medium-sized business. But what if the store routinely handles hundreds or thousands of orders per hour? It would be next to impossible to perform order verification on all of them manually.

Second problem – Disposable email providers

Similar to the free email providers, disposable email providers cause even more issues for e-commerce sites. The fraudsters don’t even have to sign up to use a disposable email address. With just a single click, they can generate a new random username with a list of different domain names to use. Then, they can keep defrauding the online stores with their new disposable email addresses. It’s even harder to keep track of which domains belong to the disposable email providers as they are continually changing.

Solution no.1 – Perform identify verification

The most basic way to mitigate a user with multiple email addresses is to enforce identify verification either during login or just before checkout. Performing an SMS verification with a One-Time-Passcode (OTP) is the easiest to implement. The end user will receive a code via SMS on their mobile phone which they have to input into the webpage before they can proceed further. This ensures that the mobile phone number used by the customer is valid and will limit the potential damage that a fraudster can do.

After all, how many mobile phone numbers can a fraudster have? Unfortunately, with tech-savvy fraudsters, they can find their way around that using disposable phone numbers. So, this basic strategy is not 100% fool-proof.

Solution no.2 – Check the IP geolocation

Every online order originates from an IP address. With an IP address, it is possible to geolocate the physical location of the computer or mobile device. To mitigate fraud, it is advisable to check the IP geolocation country vs. the shipping or billing address. If they are not a match, it is usually a fraudulent order. Bad news is that fraudsters can work around this by using proxy servers located in the country that matches the shipping or billing address.

Solution no.3 – Proxy detection

As mentioned in the previous section, IP geolocation can be circumvented by the use of proxy servers, usually VPN servers. That makes it very important to be able to detect if the IP address is actually a proxy server. Merchants should block orders that comes via a proxy server. Only people with bad intentions try to hide their online presence by using proxies, especially when making online purchases.

Solution no.4 – Device fingerprinting

An advanced tracking technique called device fingerprinting is a useful way to track an online user. Regardless of the emails or IP addresses being used, it is usually possible to track a particular user. But this is assuming that the proxy server being used does not scrub all personal info from the user. Learn more about device validation, a.k.a. device fingerprinting.

Combine all the above to achieve the best result

For an online merchant, the best solution is to use an automated fraud screening service . It combines all of the above, in addition to credit card, user and email blacklists, to give the best possible fraudulent order transaction screening. Free and disposable email addresses can also be flagged for manual review or rejection.

As you can see in the previous sections, none of the solutions mentioned are 100% effective by themselves. However, when you combine all the solutions into a robust fraud detection algorithm, you will see the number of fraud orders being detected increasing dramatically.

Conclusion

It does not matter if fraudsters try to submit a fraud order online. It does not matter if the fraudsters keep changing their email addresses to avoid detection. By implementing these strategies, e-commerce sites can strengthen their defenses against fraudulent activities associated with the use of multiple email addresses while still maintaining a user-friendly experience for legitimate customers.

posted to
Marketing
 on December 7, 2023
Say something nice to camimimorales…
Post Comment
Trending on Indie Hackers
Reaching $100k MRR Organically in 12 months 29 comments What you can learn from Marc Lou 20 comments Worst Hire - my lessons 11 comments How to Secure #1 on Product Hunt: DO’s and DON'Ts / Experience from PitchBob – AI Pitch Deck Generator & Founders Co-Pilot 10 comments Competing with a substitute? 📌 Here are 4 ad examples you can use [from TOP to BOTTOM of funnel] 8 comments 5 product ideas with proven demand 1 comment