Back-to-School Deals and .edu Emails — How Much Fraud Risk Is There?
Brands looking to establish long-term loyalty take a strategic approach with college students — the thinking goes like this: if you establish a relationship during those cash-strapped college days, you may gain a high-earning customer for life.
College students are not just a future market, they are also valuable right now, especially during the back-to-school season when they are furnishing dorm rooms and stocking up on supplies. That’s why merchants, from Target and Amazon to Spotify and Peloton, offer discount subscriptions and enticing promotional offers to students during the back-to-school months of July to September. Being a college student can score you some great deals.
Good Student or Bad Apple? A Look at .edu and Non-.edu Email Fraud Risk
For many merchants, all you need to demonstrate you’re a college student is an .edu domain on the email address linked to your account. A great way to target students, right? Those three little letters can open a lot of promotional doors to students, which, Riskified analysts discovered, makes .edu addresses attractive to fraudsters. That educational email could be a fraudster in disguise. In fact, there are entire websites devoted to the topic of how to create a fake .edu address so you can use it to take advantage of perks.
So what’s the likelihood an .edu address is fake?
For most of the year, it’s low. Based on Riskified 2022 data from January to December, orders with .edu addresses make up only a small share of online transactions, about 0.62%. They’re also pretty low risk, meaning those orders are less likely to be fraudulent than non-.edu addresses. Old .edu emails in particular (with a history of more than seven days) are about as safe as they come.
This holds true even when we look only at new emails (those we saw for the first time within seven days of a transaction), which in general carry more risk. Throughout most of the year, new .edu addresses are less risky than other new emails. This makes sense, because every year there’s a legitimate surge in new .edu emails as 2 million or so1 soon-to-be freshmen start using their newly issued college email addresses for back-to-school purchases. However, there’s a dark side to that surge — as those new .edu purchases peak in July, so does the likelihood of fraud.
July’s Back-to-School Spike in Promo Abuse
As ecommerce merchants vie for back-to-school dollars, they offer valuable promotions (online and offline) such as discount codes and coupons to encourage purchases. During the back-to-school period, fraudsters have more incentive to create fake .edu email addresses or perform email takeovers to take advantage of lucrative discounts and deals.
Timing is everything when it comes to back-to-school risk. New non-.edu emails are typically 150% more risky than new .edu emails. In July, the risk level of new .edu emails nearly catches up with the risk level of new non-.edu emails (the riskiest emails overall). In 2022, the risk level of non-.edu emails is 2.5 times riskier than new .edu emails. In July, that risk difference is only 1.2 times riskier.
Balancing Risk and Reward for Back-to-College
The unique buying patterns and mobility of college students can make it challenging to manage fraud without limiting order approvals. But don’t let that keep you from back-to-school revenue.
The National Retail Federation predicts that back-to-college spending will hit $94 billion in 2023,2 about $20 billion more than last year’s record. To take advantage of the opportunity, you need to be able to differentiate between legitimate student customers and fraudsters.
Here are three back-to-college tips for avoiding false declines:
- Use more data points. Merchants must use diverse data points to discern bad actors from students who simply haven’t updated their addresses. University students often change addresses during the school year and from year to year. But they often won’t update their address with their bank, leading to a mismatch between the billing and shipping addresses which can be perceived as risky and cause false declines.
- Watch for red flags that may actually just be international students. A foreign student using an international credit card may have an international billing address but a domestic shipping address at school. A difference between the IP address and shipping or billing address should be further investigated to explore if it belongs to a campus or educational institution. In addition, the use of multiple, seemingly unrelated keyboard languages is often an indicator of fraud but may just be the legitimate behavior of an international student.
- Implement rigorous fraud detection technology: False declines can be a challenge with new .edu email addresses when no purchase history is available to corroborate identities. AI-based fraud detection with chargeback guarantees help ensure you with your long-term customer strategy and gain all the revenue you can from this important shopping season without the risk.
To manage fraud and prevent false declines, merchants need to acquaint themselves with the unique, seasonal back-to-school patterns and expected customers. Tackling fraud means having a dynamic, innovative approach, challenging existing assumptions and adapting the way merchants review purchases and account information so you can optimize the potential of the back-to-school season.
Find out more about what you need to prevent fraud by downloading the Fraud Prevention Buyer’s Kit. To learn more about real-time, adaptable solutions designed for today’s fraud environment or request a demo, contact the Riskified team.
1 Current Term Enrollment Estimates (CTEE) Expanded Edition
2 Back-to-college spending is expected to hit $94 billion, about $20 billion more than last year’s record.