The following post was contributed by Rowland O’Connor, CEO, Email Hippo.
Have you ever had an email from Her Majesty the Queen?
Nor have I. Not really.
But I’ve come close. Read on to find how a frustrating conversation about chargebacks resulted in receiving an email a few years later that began…
‘I am delighted to inform you that Her Majesty The Queen has approved the Prime Minister’s recommendation that your company should receive a Queen’s Award for Enterprise in the Innovation category this year.’
I own Email Hippo. It’s a UK company specialising in using email address intelligence to improve data quality and fight fraud.
Email Hippo began life as a little sticky widget on an affiliate site that I ran for the telecoms industry. The sticky widget was an email verification tool, just using SMTP (Simple Mail Transfer Protocol) to check if an email address was valid. Users could type in an email and bingo – the widget would tell them whether the email address was OK or not.
It was pretty basic, but it worked and it wasn’t hard to write. And then it started building up more traffic than the entire site. Sticky widget became a special project and before long I gave up the day job to set up a company providing bulk email verification services.
So where does the fraud solution come in?
I’m going back over 10 years, when email marketing was a newish thing. It turned out that businesses were hungry for email verification. I thought setting up a company and focusing on email verification would give me a respite from having to work through the night, but no, it wasn’t to be.
In the early days before cloud storage solutions I had to set up and manage infrastructure to cope with the sudden surge in demand for the service. Early results were pretty basic, and I employed a team to help manage the infrastructure, develop new functionality and firefight. Not always in that order!
Because we were providing bulk email services, we were allowing users to upload files for checking. We didn’t have a limit on file size, we just got on with it, balancing millions of email address checks without harming the reputation of our IP addresses. Load balancing was a nightmare, we had no way of predicting usage and there were times when it was overwhelming. But it was a fun challenge!
Looking back and writing this I can see that if I’d had more time to reflect I’d have seen the fraud flags waving early on. After all, what happens when you’re an honest person selling an online software service in a market where demand is surging and the product (checking personal data) is valuable to fraudsters as well as legitimate customers? What happens when many of your customers are IT savvy and you’re offering a freemium pricing structure? Fraud, that’s what.
Just like today, there are verticals that are more likely to get hit by fraud, and online software services was, and I think, always will be a valuable target.
It wasn’t long before we began to get hit by chargebacks. At first it really caught me off guard. I was so busy building a company and enjoying creating a development roadmap that the first few chargebacks were a nuisance but not a big deal. That soon changed as chargeback fraud grew.
How much chargeback fraud are you hit by?
By 2014 we were getting bombarded by fake sign-ups and chargebacks. At one point I estimated that we were losing up to 30% of revenue a month. Maddeningly there was no help from our payment gateway provider, as all they were doing was telling me weeks or months even(!) later that a chargeback had occurred. My book-keeper ended up becoming a detective, trying to trace the chargebacks and work with the team to find which files had been processed and then charged back so we could create a blocklist.
As early data processors, we were also dealing with a commodity that attracted fraudsters. Personal email addresses. Data had a dark web value and we needed to be sure that the files we were processing were legitimate, not hacked.
We began having to manually review sign-ups, which added friction to the process and negativity to the user experience. It also took resources away from development and delivery; we were a small team and we wanted to focus on building, not on admin.
But still the fake sign-ups came. We went through the limited filters that our gateway offered, so blocking transactions from a few countries was about all we could do. We were working like crazy to deliver a great service, building a business that was thriving and a client list that made us grin, but all the time fraudsters were cutting back our growth and stealing from us.
Fraud gives engineers opportunities to design solutions
Luckily we were engineers, so we decided to build our own solution, using our own software as the start point. (If you are an engineer, you’ll get how much I’m smiling when I think back on the conversation that began; ‘what can we do – this is ridiculous, and ended, right, we’ve got this , get the whiteboard out….’)
That’s when we created a special version of our email verification software, and mapped how it could become our fraud detection service. We didn’t want to detect probable fraudulent transactions, we wanted to BLOCK fraud before it happened. We focused on the fact that we wanted to know if we could trust the people who were loading up files. So our end goal was to create a scoring system for trust. Simple. The Email Hippo Trust Score. Our own pre-fraud software solution.
We analysed the chargebacks – possibly the only time I’ve been glad to have plenty of chargeback data to look at. We spotted patterns and began logging datapoints that covered the fraud ‘tells’ we were spotting. Early on we decided to focus on an obvious point; our fraud detection would be laser-focused on the email address being submitted by the person who was signing-up.
Most of the time the solutions we were looking for resulted in empty search results online. When Google returns no results and you’re in new ground it’s a good feeling. We started to create proprietary data systems and began solving problems about how we could combine for example, whether or not an email address had been used on the dark web, whether it had a mail server that was set up to be secure, whether it had been involved in spammy activity, or was associated with one of the geographical areas we had learned not to trust.
Before long we had over 60 datapoints to check, all of which combined to contribute to our overall picture of every email used at sign-up. As we deployed versions and made adjustments we saw our chargeback level fall.
The impact of the solution was massive. In 2015 our chargeback level had fallen by over 90%. In the wider environment online fraud and chargebacks were growing exponentially, and the value of email marketing and personal data was rising, so our falling rate was even more remarkable.
The obvious thing to do was share our solution with our customers, to see how we could help other companies beat fraud.
It was the best thing we ever did. Our customers loved the new API and began to use the results to help manage fraud and improve other processes. Email Hippo use cases developed from simple email verification and email marketing support to fraud detection and process efficiency. We were helping people have a choice about who walked in through their virtual front door.
So why did I receive that email?
In the UK the most prestigious award a business can win is a Queen’s Award for Enterprise. They’ve been going since 1965 and only 7,000 companies have received one in all that time.
We applied to win an Award because we were proud of what we’d achieved, we wanted to stand differently from other email verification companies and we wanted to give our customers a good feeling too.
We received the Award for the innovation of our MORE API and the Email Hippo Trust Score that it delivers for every email address that gets checked. The Trust Score is simply a number, delivered singly, or referenced as two component parts: ‘Can you send an email to that email address? And should you have contact with the person at the end of that email address? It enables customers to make automated decisions about how to handle the outcome. For example, blocking, messaging or allowing a request to sign-up.
Online fraud just keeps on going. I’ll never forget the frustration of being a target for fraud and it still makes me angry to see scams and attacks. That’s why we’re not stopping here. Our roadmap for pre-fraud solutions is clear and we’re well on the way to delivering our next generation of fraud prevention software.
Ironically, if we hadn’t been such a magnet for fraud, we would never have been in the great shape we are now, fighting fraud for companies all over the world.
Please direct inquiries about Email Hippo to: contact Jo.shinner@emailhippo.com
Rowland O’Connor, CEO, Email Hippo Rowland.oconnor@emailhippo.com