 |
|
|
|
|
|
 |
IP Authentication with IP Geolocation and Proxy Detection
IP geolocation technology can be used to reduce fraud by authenticating online visitors. By determining the geographical location of online visitors, businesses and organizations can block or restrict access from areas where they do not do business. For example, businesses that serve only U.S. customers can block orders originating from abroad. While IP geolocation can be useful for authentication, it can be circumvented by sophisticated fraudsters with the use of anonymous proxies, satellite providers, and open proxies. Many businesses already utilize IP geolocation control on the country level. Some also block orders from anonymous proxies and satellite providers to have a combined fraud detection rate of 63%. Adding open proxy data would increase the detection rate by 26% making to combined total fraud detection rate to be 89%. See the following table for details: Statistical analysis of fraudulent orders placed through the minFraud service
Category Definitions: High-Risk Countries are countries from which a disproportionately large number of fraudulent orders originate. In an effort to fight fraud, we flag these transactions as higher risk, to make sure that any other abnormalities in the transaction do not go unnoticed. Our list of high-risk countries include Nigeria, Romania, and Vietnam, among others. Country Mismatch are transactions where the IP geolocation country data does not match the billing address country of the user. Satellite Providers are ISPs that offer Internet access to many countries through satellites, and it is difficult to ascertain the country from which the end user originates. Since Satellite Providers may serve high risk countries such as Nigeria and Ghana, we include them in our high risk category. However, if a Satellite Provider services a single country, like United States, the IP address will be marked as "US" instead of "A2". Anonymous Proxies include services such as Anonymizer, where the computer is purposely set up to be a proxy server by the computer owner. These proxies are stable and do not change as frequently as open proxies. Open Proxies are typically compromised "zombie" computers which are running a proxy service that was installed by a computer virus or other such means. The owner of the computer is typically unaware that their computer is being used as a proxy, thus enabling fraudsters to use the legitimate owner's Internet connection to send spam, commit credit card fraud, and engage in other illegal activity. These open proxies change frequently, as home users cycle through IP addresses and as anti-virus software clean up infections. This category also includes legitimate anonymizing services (listed above as anonymous proxies) that cycle their IP addresses frequently in an effort to help their clients get around restricted sites or services that block known anonymous proxies. Given the rate of change of open proxies, this dataset is currently not packaged into the GeoIP databases. The GeoIP databases only contains data on the anonymous proxies and satellite providers. To obtain the Open Proxy data, please use the minFraud or proxy detection web services. Not Detected represents the transactions that were fraudulent but our system was not able to detect. As we make adjustments and improvements to our system, this percentage should decrease. Because fraudsters can easily bypass IP geolocation with the use of the proxies, any sort of IP authentication via IP geolocation should be combined with a proxy check, especially one that detects open proxies. This way, if the fraudster is able to bypass a IP geolocation check, proxy detection offers an additional layer of protection for the business.
Back to main proxy page
|
|
|
MaxMind, GeoIP and related marks are registered trademarks of MaxMind, Inc. Copyright © 2008 MaxMind, Inc. All Rights Reserved. Terms of use. |