How do we reduce fraud chance and increase the security at Mailjour?
At Mailjour, we take the data and the way our users use the platform very seriously.
We are aware of what it means to transport, receive or deliver parcels in an ecosystem where anyone can register and use our platform fraudulently or for harmful and unlawful purposes.
We have therefore implemented the following systems to reduce the associated risks and provide a safe environment for all:
Verifications
Identity verification
All users, without exception, must identify themselves during the account activation process.
Our systems use state-of-the-art technology provided by Stripe® Identity, which requires users to provide a valid identification document, which determines if the document has been altered, verifies that the security elements are present and if necessary, can cross-check the information with official sources.
Additionally, a live photo of the person performing the verification is requested, whose biometric data is analysed to ensure that the photo has not been altered, is taken in real time and corresponds to the document provided.
Moreover, the same person cannot be the owner of two different accounts, thus reducing the risk of blocked users being able to reopen accounts and continue to use our systems.
For more information about the identity verification process, please refer to our dedicated article.
Email verification
All users must verify their email address before they can use the platform. This is done by sending a verification email to the address provided during registration, which contains a link that the user must click to confirm that the email address is valid.
Phone verification
All users must verify their phone number before they can use the platform. This is done by sending a verification code to the phone number provided during registration, which the user must enter in the platform to confirm that the phone number is valid.
Address verification
If the identity document provided during registration includes an address, this is automatically address verified and stored in encrypted form on our systems.
Otherwise, our verification team may ask the user for proof of address (e.g. a copy of a utility bill) and refusal to provide such information may be grounds for account suspension.
Payment pre-authorization
To ensure the security of commercial transactions, all services require a pre-authorization of payment before the service is performed, regardless of the amount, the currency, the verification status or the package. This pre-authorization is done through our payment platform and ensures not only that the provider receives payment once the service has been successfully completed, but also allows for a double identity verification, which is cross-checked with the information provided during the identity verification process.
Service monitorization
User behaviour analysis
Our systems use AI and machine learning algorithms to analyse user behaviour and detect patterns that may indicate fraudulent activity, such as multiple accounts being opened from the same device, user and/or location, unusual login times or locations, refusal to provide geolocation, suspicious payment transactions, reported activity by other users, etc.
Risk Assessment
All users are assigned a risk score based on their behaviour, which is used to determine the level of monitoring and verification required. Users with a high risk score may be subject to additional verification steps, such as providing additional identification documents, proof of address, etc.
Moreover, all transactions are also assigned a risk score based on the user's behaviour, the amount of the transaction, described package contents, the type of transaction, country, IP address, etc.
Transactions that are flagged as high risk are automatically blocked and reviewed by our security team, who may take further action to prevent fraud and protect our users.
Compliance
Legal compliance
All users must accept our terms and conditions and privacy policy before they can use the platform. These documents contain important information about the rights and obligations of users, as well as the rules that govern the use of the platform.
Regulatory compliance
We comply with the laws and regulations of the countries where we operate, including those related to data protection, privacy, anti-money laundering.
Our terms and conditions of use state our commitment to the authorities to provide any information needed to prevent illegal activities through our platform.
In certain legal frameworks, such as the European one, it is also mandatory to provide the competent authorities with the data of those users with a certain number of transactions and who meet certain characteristics. Mailjour is fully committed to the local authorities in the markets in which it operates and works closely with them to ensure a secure environment and compliance with the regulations in force.
Security
Data encryption
All data transmitted between the user's device and our servers is encrypted using the latest encryption protocols, to prevent interception and tampering by third parties.
Data storage
All data stored on our servers is encrypted and stored in secure data centres, which comply with the highest security standards and are regularly audited by independent security experts.
Access control
Access to our systems is restricted to authorised personnel only, who must use Multiple Factor Authentication (MFA) to access and are subject to regular security training to ensure that they are aware of the latest threats and how to prevent them.
Moreover, all access to our systems is logged and monitored in real time, to detect any suspicious activity and prevent unauthorised access.
Incident response
In the event of a security incident, our incident response team is immediately activated, to investigate the incident, contain the damage and prevent it from spreading further.
All incidents are thoroughly documented and analysed, to identify the root cause and take corrective action to prevent similar incidents from occurring in the future.
We also use AI and machine learning algorithms to detect patterns and anomalies in our systems, to identify potential security threats and take action before they can cause any harm.