Didyou know

Geolocation services provide information about a consumer's worldwide location at the time of purchase based on their IP address, which can be compared against the billing and shipping address information they provided.

In general these services are pretty reliable and they offer a valuable tool for merchants. The best application for this tool is in the regulatory compliance arena. For fraud prevention it provides a valuable tool but cannot stand alone in making a decision to accept or reject an order. Purchasing this solution can be more expensive than most fraud-scoring services, which typically provide this type of a check as part of the scoring service.

Pros and Cons of Geolocation include:

It is easy to implement.

It's the best method to validate regulatory compliance on country.

It is only useful when you have an IP address, so it will not work for other card-not-present transactions such as phone-based orders.

It's useful for catching large discrepancies between the data provided and the actual location of the consumer, but due to the nature of the web and people traveling, merchants do have to be careful about how they implement this as a fraud-prevention tool. In general, if a merchant only does business in a certain country, this is a great tool to catch those consumers from outside the country before they get into the order-processing stream.


subscribe to newsletter



Geolocation Servicestechnique overview

Geolocation services provide detailed information about a consumer's worldwide location, line speed, domain, etc. It is used primarily to verify the consumer’s data to determine where the consumer is at the time of purchase. Geolocation Services can be used for fraud prevention and also used for export and regulatory compliance.

For Fraud Prevention – Geolocation shows a merchant if the consumer is trying to hide their identity. For example, it flags the result if they are making the purchase from a location that is vastly different from the billing or shipping information. A consumer gives the merchant an address and phone number in New York but the IP address is showing that the consumer is coming from Russia.

For Regulatory Compliance – For industries such as gaming, digital software download, and certain export industries, they would use this service to validate that the consumer is really in the location they say they are in. They can also ensure that they don’t provide goods or services to consumers in countries where it may be prohibited.

Key considerations when implementing or buying this functionality include:

  • Can the solution see through proxies and through services such as AOL to determine where an order is coming from?
  • Can the solution tell how reliable the information is when you get it? For example, level of confidence by country or region?
  • What other types of data does the service provide as part of the solution such as: Geographic information: Continent, Country, Time Zone, State, City, Zip, Area Code, Longitude/Latitude, DMA, MSA, PMSA. Proxy Information such as: AOL, Anonymous Proxies, Cache Proxies, Corporate Proxies. Network information: Domain Name, Network Connection type, Network Speed, Autonomous System Number, Backbone Carrier Name?
  • How often is the data updated and verified by the vendor?

How does it work?

Geolocation services provide detailed information about a consumer's worldwide location, line speed, domain, etc. These services rely on the IP address. Merchants can get the IP address from the HTTP header on the order that comes into their site. This IP address can be compared to the location the consumer says he or she is at and a determination can be made if the order is fraudulent or not.

Geolocation services can offer a variety of information at varying degrees of depth, but the information can be lumped into three major categories: 

1) Geographic information, such as continent, country, time zone, state, city, zip, area code, longitude/latitude, DMA, MSA, PMSA

2) Proxy information, such as AOL, Anonymous Proxies, Cache Proxies, Corporate Proxies.

3) Network information, such as domain name, network connection type, network speed, autonomous system number and backbone carrier name.

The value of looking at the proxy information is that proxy servers can hide the actual location of a consumer. If a consumer is using a proxy server on the West Coast of the United States and they live on the East Coast, their IP address will make you think they are coming from the opposite coast from where they actually are.

This same ability to hide where they are coming from can also be used by potential fraudsters in Asia or Europe to make it look like they are coming from the United States. Anonymous Proxies were intended for privacy reasons so users could mask where they are coming from. AOL consumers are one of the biggest issues in determining where the consumer really is, because they all look like they are coming from Virginia.

Tip: Make sure your provider is using a technology that can dig out a consumer’s location even through proxies and services such as AOL. Quova and MaxMind are services that can dig out the consumer location even when they are AOL users. 

Many vendors offer geolocation services, but many have not created their own solutions and are actually using the technology of a handful of technology providers like Quova and MaxMind.

The core of an IP Geolocation service is the mapping of IP addresses to global locations to create a global data collection network. The system provided by Quova and MaxMind uses multiple automated techniques and algorithms to collect, map and analyze the billions of IP addresses that make up the Internet, plus international teams of expert analysts to review the data, refining and developing new, more powerful algorithms. This unique combination of processing power from a large collection network and analysis from human experts allows the system to accurately keep up with the Internet’s complexity and rapid rate of change. The result is levels of data quality and accuracy that are unsurpassed and constantly improving.


How do you use the results?

In using a geolocation service merchants can feel more confident in accepting orders in which the IP address geolocation check matches up with the “ship to” or “bill to” address.

In using a geolocation service, if merchants find a major discrepancy with the IP geolocation match to the “ship to” or “bill to” address then you should review or decline the order.

If the geolocation service provider gives the merchant country or city information, the merchant can create rules to decline these orders for regions they do not do business in. They can also prevent business in regions where they have had a high incidence of fraud in the past.

If the geolocation service provider gives a merchant information about proxies, the merchant can build rules to do further fraud screening for orders in which anonymous proxies and cache proxies are evident.

If a merchant runs the geolocation service on every transaction and stores the data results, the merchant can build a very targeted marketing profile of their customer base, including demographics on region, time of day and methods of getting to their site.


  • Fundamentals for Understanding Geolocation and Device Identification.

    Covers the use cases and methods for integrating and making use of geolocation data and device indentification in a fraud strategy.


    A core curriculum course providing an introduction to 30 plus fraud prevention techniques; what they are, high level discussion on how to employ them and big picture considerations for using them.

  • Ecommerce Fraud Moving from Tools to Solutions.

    This session covers what constitutes a fraud solution and categorizes the many types of third party fraud tools. The course outlines the common terminology of fraud solutions and describes the capabilities needed to implement a fraud solution. 


  • Alternative Solutions - You can also look at trying some of the  Fraud Scoring Services that offer the Geolocation check as part of the score.  
  • Building this In-House - There are several methods a merchant can use to build their own geolocation capability in-house. Building these types of services in-house means they have to be committed to maintaining them going forward, which can be extensive. Merchants can set up internal systems and rules to interpret results from: Area Code Checks, ZIP Code Checks, IP Address Checks, and Credit Card BIN Checks.
  • Estimated Costs - Costs will vary based on the vendor you select. Nslookup, Where is and Who is are utilities that provide this information in a basic form for free. You can also find vendors that offer more sophisticated services as in-house software solutions with subscription fees, or on a completely outsourced model with a per-transaction fee.
  • Sample Vendors - MaxMind