Pre-fraud detection and registration protection, using sign-up data intelligence
By putting sign-up data and email address intelligence at the centre of fraud detection, ASSESS delivers a scalable solution for screening accounts at the first point of contact. Manual reviews are reduced and you can automate preventative action to reduce your exposure to fraud.
Features include:
Businesses vulnerable to online fraud of any sort; whether it’s financial, resource abuse or false sign-ups. ASSESS is easy to deploy and scalable, so it’s for businesses from entry to enterprise level
ASSESS performs detailed checks into every sign-up in real-time. It returns results, and an aggregated numerical Trust Score via an API. That means users can automate actions based on results, the Trust Score, or a combination of both.
Integrate the ASSESS API into your sign-up forms, CRM or anywhere in your system where user contact details are added. Once we’ve given you an API key, you’ll be able to check any sign-up. Clear documentation gives you full insight into all the results and the Trust Score, so you can create processes to suit your situation.
We analyse every sign-up to spot pre-fraud ‘tells’ that signal trouble ahead. Here’s an overview of some of the risks and indicators we assess to calculate the ASSESS Trust Score. You can read a full description of all the results in our technical documents, and see them for real once you have an API key.
The results from multiple data checks carried out pass through the Email Hippo system to produce a single, numeric score. The Trust Score gives you an instant view of how confident you can be about accepting each and every sign-up or new account. It enables you to take automatic action, dependent on the score level, for example, automatically blocking risky contacts, triggering manual reviews or showing messages to ask for further information.
Location conflicts suggest risk. Is the user where they say there are, or is their location picture cloudy? ASSESS considers location points associated with a device IP address and mail server location, whilst detecting server characteristics such as virtual private networks. It also cross-checks for additional geographical risk from known ‘hot-spots’ of fraud and provides local currency information.
Every email address contains information to explore in depth. After checking if an email address is valid, ASSESS deploys functions to gather more intelligence. These include our re-engineered, micro-checking gibberish detector and unique sub-addressing filter that predicts the user’s intent if they have a sub-addressed email. Dark web links, spam history, temporary email addresses, mail provider quality, and many more ‘tells’ all set the scene for fraud and can’t be hidden from ASSESS.
A website domain is a key component of an email address. ASSESS checks whether a domain contains gibberish or profanity (in multiple languages) and if it’s associated with the dark web or has been blocked and for what reason. Deep assessment on domain data such as when and where it was registered, the existence of subdomains, infrastructure security and location all influence whether an identity associated with a domain can be trusted. Additionally, ASSESS uncovers domains that are traffic-traps, used to collect traffic and generate cash from advertising, spam and are a source for phishing fraud.
Where a form includes first and last name fields, ASSESS takes the names and cross checks whether the email address and the user name have any resemblance. Name data also provides an indication for gender, as well as an important cross-check for deciding whether an email contains profanity or gibberish.
Bots and fraudster need to operate fast to maximise efforts. That's why so many spoof and spammy emails contain odd characters and don't make sense. Identifying gibberish isn't simple though. Real people use years and dates in email addresses, and something that looks wrong to the human eye can be hard for a machine to spot. ASSESS gibberish detection has been developed to be the best filter. In tests, it correctly identifies gibberish at the same accuracy as humans.
Sub-addressing (adding extra detail into an email address) isn’t necessarily a sign of intent to commit fraud, but it can be. ASSESS considers the components of a sub-address and determines whether there are indicators that raise concerns.
Block lists are curated by internet-wide collaborators. They are shared to enable security service providers to filter malicious and fraudulent activity. ASSESS cross checks identities with centralised block lists to identify risks.
Names give clues to gender and provide an extra piece of information to build a pre-fraud screen. ASSESS returns the gender based on name (in multiple languages) so that users can take actions in ways that are relevant to their business. Gender results don't form part of the Trust Score.
Domains that have recently been registered are an indication that the identity associated with it is risky. Fraudsters will often create plausible looking websites to trick people into believing they represent real companies. ASSESS checks the age of every domain and considers the risk accordingly.
Role-based identities can be important to recognise and may create different processes, especially in situations where there's a potential for free trial or voucher abuse. ASSESS determines role-based identities in multiple languages.
Clear, comprehensive technical documentation supports ASSESS. It’s easy to deploy on straightforward API key integration. Multiple users can have access at different levels, and multiple keys can be generated for each account. That means the risk profile of different onboarding points and forms can be analysed.
ASSESS delivers results quickly and at scale with multiple API keys available for unique reporting in any integrated location. For businesses needing a sustained throughput at high levels, a private dedicated service is also available.
Documentation is comprehensive and we're always happy to work with users to make sure ASSESS is used most effectively for each and every scenario. It's supported day and night across time zones by a mix of real human telephone and help desk support, self-serve help articles and an out of hours bot service.
