Establishing trust and identity certainty during account opening is crucial, but that need for trust doesn’t stop at onboarding.
When an established customer suddenly requests to change their email address or phone number, how can you be sure that it’s really them? It could be innocent — but it could also be a bad actor attempting to takeover their account.
Every touchpoint — including non-monetary profile changes such as updating email or phone numbers, peer-to-peer transactions, card not present purchases and email or phone one-time password requests, and even the flow of progressive onboarding — presents an opportunity for bad actors to strike.
By diving into predictive factors like email deliverability, phone number ownership, or physical address deliverability, we can understand the true risk behind that profile change request. The same holds true during high-value transactions or push payments — when you know the risk behind the phone number, email address, or physical address, you can be more confident in adding friction when needed.
But many institutions have long relied on static identity controls and transaction monitoring that fail to capture the dynamic nature of digital identities and their ever-evolving behaviors — leaving organizations vulnerable to account takeover fraud, payment scams, reputational damage, and substantial financial losses.
With Socure’s holistic, dynamic approach to identity and risk management, you will always be one step ahead of even the savviest bad actors.
In this blog, we’ll dive into not only how our Email, Phone, and Address RiskScores collectively enhance fraud detection and customer verification processes across the entire customer journey, but the recent significant performance improvements that directly translate to tangible value for our customers.
First Stop: Understanding RiskScores
RiskScores accurately assess the fraud risk of an identity by determining the extent to which provided emails, phone numbers, and physical addresses are both trustworthy and strongly correlated with or owned by the known identity.
Unlike traditional, static identity controls, Socure’s AI-powered platform provides a 360-degree view of identities, from PII to device intelligence, to behavioral analytics, based on a consortium of over a decade of transactions from 2,700+ customers. Socure’s powerful identity graph combines explicit and behavioral data, allowing the company to perform real-time anomaly detection at the individual, company, industry, and network level.
This includes analysis of velocity patterns, how frequently the PII element is associated with the user, or the risky relationship of a single PII element correlated to multiple identities. This approach supports accurate assessments of fabricated or stolen identities and exposes any known fraud events associated with the provided PII elements in real-time. Consequently, the solution assesses the correlation between an identity and its email, address, or phone number as well as the likelihood that the transaction will result in identity fraud, with industry-leading accuracy.
RiskScores are most effective when combined with Socure’s Digital Intelligence solution, which leverages device intelligence, behavioral analytics, and entity profiling to associate device, behavioral, network, and location patterns at scale to the PII in an inverse graph. With this low-friction offering that provides correlation information across both PII attributes and digital devices, organizations can make real-time, accurate risk decisions without the friction of collecting unnecessary PII from the customer. RiskScores enable a layered risk strategy across all use cases, including one-time passcode, high risk transactions, and progressive customer onboarding, in which passive solutions are offered for new customers to promote successful onboarding conversion.
Before we jump into the performance, let’s understand how each RiskScore works:
- Our Email RiskScore solution assesses the risk of a name/email pair in real time by verifying the correlation of these elements and evaluating hundreds of good versus risky name/email signals associated with fake, machine-generated, invalid, email usage velocity and low-tenure emails correlated with that identity. Socure uses LLMs and natural language processing techniques that measure email handle “perplexity” to detect nonsensical and fake addresses while analyzing billions of real handles to establish legitimate construction patterns.
These advances are complemented by new methods for identifying real vs fake or test emails, exposing risky vs good domains, and employing advanced nickname-matching techniques to correlate emails with identities. This correlation ability enables the solution to assess how often emails are linked to an identity and the frequency of risky or trustworthy associations between the email and identity.With Email RiskScores, our customers can combat fraud more effectively in critical use cases such as: -
- New account openings
- Zelle recipient token verifications
- Email account changes
- Email authentication
- Our Phone RiskScore confirms name/phone ownership and assesses good vs fraud risk associated with phone numbers to enable proactive fraud prevention with enhanced confidence and accuracy. The solution analyzes hundreds of phone specific signals such as age and type of phone, velocity of PII combinations, the carrier and service, known burner phones, porting and change events and the phone number type (either standard or VoIP). Phone RiskScore also confirms matches against Socure’s proprietary positive and negative phone database, and assesses how often the phone is used over time.
Finally, we examine partial name and nickname matching, as well as alternative phone numbers linked to that identity across our graph. This means our customers can address fraud in use cases like:- New account openings
- Zelle recipient tokens
- Phone account changes
- One-time password authentication
- Pre-SIM swap checks
- Account recovery processes
- Our Address RiskScore prevents malicious actors from hijacking or creating accounts with compromised physical addresses, by verifying the validity of a given address and determining the level of association between the address and the identity. The solution analyzes a wide range of address-related signals such as suspended mail activity and zip code characteristics for P.O. boxes, commercial addresses, military addresses, and more.
Address RiskScores can help for:- New account openings
- Address changes for accounts
- Sender/receiver address verification (e.g., marketplace shipping address checks)
Performance Metrics and Enhancements
RiskScore modules address two key questions:
- Is the email, phone number, or physical address associated with the user?
- How likely is the email, phone number, or physical address to result in fraud?
To measure these objectives we consider correlation matching and fraud capture rates.
Average Correlation Matching
To determine the extent to which the PII element (email, phone, address) is associated with the consumer identity, we measure the correlation match between the PII element and the consumer name. It is important to validate the correlation between a PII element and the associated identity before enabling customer profile changes and before permitting peer-to-peer monetary transactions that could otherwise result in authorized push payment fraud with illegitimate account credentials. Moreover, correlation matching is a vital component to maintain the integrity of gig and sharing economy ecosystems, especially prior to commencing high-value transactions, in which the repercussions of fraud risk are greater.
On average, our RiskScore coverage for email-to-name correlation match (or how likely it is that a name correlates to the given email address) has improved by 7%, from 76.4% in 2023 to 83.3% in 2024.
Phone-to-name correlation match improved by 2%, from 77.3% in 2023 to 79.1% in 2024.
Address-to-name correlation match improved by 2%, from 89.7% in 2023 to 91.7% in 2024.
Fraud Capture Rates
How well the solution identifies fraud is an important performance metric when using RiskScores as a KBA replacement or as a progressive onboarding tool. Progressive onboarding, or progressive risk checks, require minimal personal information from the user up front and adjust the level of friction based on the institution’s risk tolerance at each stage of the process.
By measuring fraud capture rates, we can understand how well the solution identifies fraudulent actors versus trustworthy identities. Socure’s Email RiskScore fraud capture rates improved by 11%, from 45.3% (with false positive rate 10:1) in 2022 to 56.7% (with false positive rate 9:1) in 2023, across the riskiest 5% of the population. In 2024, Email RiskScore fraud capture rates improved an additional 12%, to 68% (with false positive rate 6:1) at the 5% risk depth.
Phone RiskScore’s fraud capture rates improved by 3%, from 40% (with false positive rate 11:1) in 2022 to 43% (with false positive rate 11:1) in 2023, across the riskiest 5% of the population. In 2024, Phone RiskScore fraud capture rates improved by nearly 17%, from 43% to 59.7% (with false positive rate 7:1), at the 5% risk depth.
Address RiskScore’s fraud capture rates improved by 8%, from 30.5% (with a false positive rate 15:1) in 2022 to 38.1% (with a false positive rate 12:1) in 2023, across the riskiest 5% of the population. In 2024, Address RiskScore fraud capture rates improved by 12%, to 50.7% (with a false positive rate 9:1), at the 5% risk depth.
Driving Customer Success
Socure’s AI-driven platform harnesses an identity graph that maps all personally identifiable information (PII) to reveal interconnected identities. By leveraging vast data sources and feedback outcome records, the platform analyzes behavioral patterns across institutions, locations, and time periods to holistically pinpoint risks.
This comprehensive approach empowers customers to minimize false positives, detect more fraud, increase acceptance rates, reduce manual reviews, and ultimately drive success.
The enhancements in our RiskScores are driven by continuous innovation and a deep commitment to improving customer success. By integrating advanced analytics, machine learning, and a vast array of data sources, our customers can make confident decisions about risk, and ultimately onboard more legitimate customers faster.
Check out our latest eBook — Downstream Fraud Abuse Ends Here — and stay tuned for our next blog in the Outperform series!
Pablo Abreu
Pablo Abreu is Chief Product & Analytics Officer at Socure, a leading provider of machine learning and artificial intelligence technologies that provide a single source of trusted digital identity for online and in-store applications. An industry expert in the area of fraud, identity verification, predictive modeling, machine learning, and artificial intelligence, Abreu has been instrumental in creating Socure’s ID+ predictive analytics platform, now used by many of the leading institutions across banking, lending, crypto, BNPL, online gaming, digital health, telco, and more.