Email inputs
You can pass the email address that your end user or customer provided for the transaction. The minFraud web services accept email addresses passed as plain text (recommended) or MD5 hashes. If you must pass MD5 hashes of your email addresses, you can learn how to optimize your email inputs for the best risk scoring below.
Email address
You can pass the email address provided by the customer for the transaction as an input to the minFraud service. The email address is one of the recommended high value inputs to pass to the minFraud service when it is available.
The minFraud services can perform risk analysis on one or more features of the email address, and the minFraud service also keeps track of the behavior of email addresses as they’re used across the minFraud network. If minFraud detects that an email address was used to attempt to commit fraud with one minFraud customer, the email address risk score will be raised whenever that email address is used with any minFraud customer.
The preferred integration would be to pass the email address as plain text, but you can pass an MD5 hash of the email if needed. Learn more about email hashing below.
You can read the full API specification for the email address input on our developer portal:
Email hashing
You may create MD5 hashes of email addresses to send to minFraud for the email address input. If you produce hashes instead of sending plain text email addresses, the content of your minFraud API requests will not contain email addresses. If you do not specifically need to hash email addresses, you should pass them as plain text.
If you need to hash email addresses, you should also pass the email domain input. Learn more about the email domain input below.
If you need to pass a hashed email address, the recommended approach is to use one of our client APIs. See a list of our client APIs and their documentation on our developer portal.
If you need to pass a hashed email address and are unable to use our client APIs, you should normalize email addresses in the same way that minFraud’s client APIs normalize email addresses prior to generating your MD5 hash. You can learn more about normalizing email addresses below.
Email domain input
If you are passing the MD5 hash of email addresses, you should also pass the email domain of the email address as plain text. If you pass the email domain, the minFraud services will adjust the risk score based on patterns of risk we are observing with email domains.
You only need to pass the email domain input if you are passing an MD5 hashed email address. If you pass a plain text email address, the minFraud service will extract the email domain from the email address input, and you will receive the benefits of risk scoring and risk data.
You can read the full API specification for the email domain input on our developer portal:
Email normalization
If you need to send hashed email addresses, and you can’t use one of our client APIs, you should normalize your email address input before hashing.
One of the ways that the minFraud services use the email address input is by tracking patterns of behavior across the minFraud network. If someone attempts several risky transactions with one of minFraud’s customers, minFraud may raise the risk score when the same email address is used to attempt transactions with another minFraud customer.
In order to keep track of patterns of use associated with email addresses, it’s important that minFraud customers submit email addresses in a standardized format. For example, the following email addresses are aliases of one another:
- jadoeisonline@yahoo.com
- jadoeisonline-12345@yahoo.com
Even though these email addresses look different, they point to the same email. Fraudsters may attempt to reuse an email address many times, but make it look different to fraud detection systems by varying the alias used. When we normalize email addresses, all of these emails are treated as the same, allowing us to track patterns of risky behavior even across email aliases.
Our client APIs normalize email addresses automatically if MD5 hashing is enabled. If you cannot use our client APIs, our developer portal maintains instructions on how to do email normalization to match the patterns in the minFraud network.