IP geolocation technology can be used to reduce fraud by authenticating online visitors. By determining the geographical location of online visitors, businesses and organizations can block or restrict access from areas where they do not do business. For example, businesses that serve only U.S. customers can block orders originating from abroad. While IP geolocation can be useful for authentication, it can be circumvented by sophisticated fraudsters with the use of anonymous proxies, satellite providers, and open proxies.
Many businesses already utilize IP geolocation control on a country level. Some also block orders from anonymous proxies and satellite providers to have a combined fraud detection rate of 63%. Adding open proxy data would increase the detection rate by 26% making to combined total fraud detection rate to be 89%. See the following table for details:
Statistical analysis of fraudulent orders placed through the minFraud service
| Percentage | Category |
|---|---|
| 32% | High Risk Countries |
| 21% | Country Mismatch |
| 4% | Satellite Providers |
| 6% | Anonymous Proxies |
| 26% | Open Proxies |
| 11% | Not Detected |
Category Definitions
High-Risk Countries are countries from which a disproportionately large number of fraudulent orders originate. Our list of high-risk countries includes Ghana, Nigeria, and Vietnam.
Country Mismatch are transactions where the IP geolocation country data does not match the billing address country of the user.
Satellite Providers are ISPs that offer Internet access to many countries through satellites, and it is difficult to ascertain the country from which the end user originates. Since Satellite Providers may serve high risk countries such as Nigeria and Ghana, we return a "A2" country code in GeoIP and minFraud. However, if a Satellite Provider services a single country, like the United States, the IP address will be designated to that country instead of "A2".
Anonymous Proxies include services such as Anonymizer and anonymous VPN services, where the computer is purposely set up to be a proxy server by the computer owner. These proxies are stable and do not change as frequently as open proxies. Typically these proxies are used by both legitimate and fraudulent users.
Open Proxies are typically compromised "zombie" computers which are running a proxy service that was installed by a computer virus or other such means. The owner of the computer is typically unaware that their computer is being used as a proxy, thus enabling fraudsters to use the legitimate owner's Internet connection to send spam, commit credit card fraud, and engage in other illegal activity. These open proxies change frequently, as home users cycle through IP addresses and as anti-virus software clean up infections. This category also includes legitimate anonymizing services (listed above as anonymous proxies) that cycle their IP addresses frequently in an effort to help their clients get around restricted sites or services that block known anonymous proxies.
Given the rate of change of open proxies, this dataset is currently not packaged into the GeoIP databases. The GeoIP databases only contains data on the anonymous proxies and satellite providers. To obtain the Open Proxy data, please use the minFraud or proxy detection web services.
Not Detected represents the transactions that were fraudulent but our system was not able to detect.
Because fraudsters can easily bypass IP geolocation with the use of the proxies, any sort of IP authentication via IP geolocation should be combined with a proxy check, especially one that detects open proxies. This way, if the fraudster is able to bypass a IP geolocation check, proxy detection offers an additional layer of protection for the business.
Back to main proxy page
Credit Card Fraud Prevention
Sample high risk IP addresses