Normally an order on your back-end is linked to our device ID with a session ID. However our device ID can also accept user-generated data within fields on your website/mobile app. So if your customers enter their email address during your checkout process, that email will be tied to device ID and you can then look up suspicious orders by their email address.