How to Prepare for EMV and Use Digital Footprints to Fight Fraud

Preparing for the EMV liability shift is a pretty big deal for merchants. Credit card issuers worldwide are now in the process of switching from cards (and POS terminals) with magnetic strips to cards with microprocessor chips embedded in them.

EMV chips are almost impossible to counterfeit, encrypt the card owner’s data and create a unique signature for each purchase. The added technology makes it much harder to commit credit card fraud at a physical location.

By making it harder to commit fraud in-store (card present fraud), fraudsters have switched to online (card not present) fraud where the EMV chip can’t stop them.

This is a big problem for online businesses who will need to improve their fraud prevention techniques.

In the chart below, we can see how card not present fraud has skyrocketed in the UK since EMV has become standard; the same is expected to happen in the US.

Retailers and fraud detection platforms need to prepare themselves for the increase in number and innovation of online fraudsters. With credit card fraud shifting to online, identity theft should be at an all-time high.

Using consumers’ digital footprint for identity verification makes faking or stealing an identity much more difficult.

Fighting fraud with digital footprints

Someone buys something online and you need to verify it’s not a fraudster. The first step is to verify the person is real.

This means making sure all of the information used in the purchase – name, address, email address, phone, etc. – belongs to the customer and looks authentic.

An authentic footprint is very hard to fake

Think about all the networks, directories, public records and sites your information has shown up in over the years. There is a long digital trail that includes information like:

• name and nicknames
• current and past addresses
• your email addresses and phone numbers
• age and DOB
• social profiles and images (full of content, posts and interactions)
• work history
• blog posts, school directories, mentions in publications, public records, etc.

History can’t be faked at all

When authenticating an identity, you’re going to looking up historical data (or at least you should). A good data provider will have time stamps for when data was found.

A real person has friends, relatives, social network associates, etc.

Social data is a great way to verify identities. If your customer’s digital footprint does not bring up any associates at all (for instance, we provide data on associates found in directories, professional sites, genealogy sites, social networks & public records), then something is suspicious.

If you have the time to actually look at who the associates are, you can take this one step further and determine if the associates’ digital footprints are real, suspicious, blacklisted, etc.

Digital footprints can reduce chargeback fraud

Chargeback or friendly fraud happens when a customer purchases an item, the merchant delivers the item to the customer or fraudster and then the customer contacts his or her credit card issuer and claims the item never arrived or he or she never ordered it. In these cases, the merchant ends up not getting paid and not getting the item back.

There is information in the digital footprint that can help reduce this type of fraud:

• Online phone and address directories can be used to verify a person’s address and ensure it matches the shipping address.
• A people search engine/data provider can verify the customer’s email address and phone number and match them to the shipping address.
• Enhancing customer profiles with their digital footprint can help link and deduplicate customers in your database (i.e. a customer with email jon.doe@example.com is the same person as the customer with email jon@acme.com) ensuring suspicious customers don’t slip past you.
• Enhancing customer profiles with information such as age, job title and employer (can be found in social networks, directories, etc.) can help determine how risky a purchase is (ex: a 16 year old purchasing an item normally purchased by wealthy adults).

How do you check a person’s digital footprint?

There aren’t too many options, but the ones available work pretty well.

Google

Not for serious people searches. You can search for a person’s name, email address or phone number on Google. Beware that Google treats your search term as a term and not a person, so if you’re looking for Mike Smith, you’ll get all of the information on all of the Mike Smiths. You’ll also only get information publicly available on indexed websites.

Social networks – Facebook, Twitter, Linkedin

There are limitations – most of the useful information is only available if you’re logged in or a “friend” of the person you’re looking up. You also might find it hard to determine which person is the person you’re looking for if there are multiple profiles with the same name or the customer uses a username and not his or her actual name.

People data providers

These are the data providers most companies turn to. Most provide a search engine, API and bulk lookups (like Pipl does). These services have millions or billions of records covering many different data types. The better a company is at identity resolution the more accurate your results are.

The kinds of data provided by people data providers varies. For instance, some companies specialize only in social data or phone data, while others have more comprehensive verification data like LexisNexis and Pipl.

The Digital Footprint Fraud Checklist

Here are a few data points to look out for when determining risk, calculating fraud scores or investigating suspicious activities.

Email address

• Is the email address real or disposable?
• Does the email address have a history or time stamp that indicates its been around for a while?
• Does the customer have other email addresses (Americans have 2 email addresses on average)?
• Can you ping the customer’s email server to validate it?
• Does it match the person’s name and digital footprint?
• Is it connected to any social network accounts?

Social profiles

• Does the customer have any profiles?
• Did you find one social profile or multiple profiles across different social networks and are they consistent (name, image, content, etc.)?
• How old are the social profiles?
• Do the profiles contain historical data like timelines, past employment, etc.?
• Do the profiles contain profile pictures that match the customer’s demographics?
• How much content has been posted, how often and has all of it been during certain time periods?
• Does the social profile have friends or followers and do they look legit?

Contact information

• Can you find contact information matched to the customer’s name and does it match with what was provided to you?
• Is there a time stamp on the phone number?
• Has the contact information ever been connected to someone else?

Demographics

• Does the person’s address match the shipping address?
• Does the person have a history of addresses – especially if the person is an adult?
• Does the age, job title, gender fit the purchase?
• Is the person’s place of employment in the same city or state as the shipping address?

Online media

• Can you find any images or social profile pictures?
• Are there any blogs, social media posts or online publications that mention the customer?

EMV is coming – be ready

Now that EMV is on its way, you need to prepare your platform or eCommerce site for the expected surge in card not present fraud.

Online payments are riskier, so keep in mind that the harder the information is to fake, the better it is for fraud prevention.