Didyou know

Proxy Detection Services detect the use of anonymous proxies, which is not a direct indicator of fraud by itself, but when combined with other data elements can indicate an order is high risk.

The fraudsters know that it is very easy to make their IP geolocation information look like it is coming from the region where their stolen credentials originated. This ability makes them look authentic, when in fact they are using a proxy to mask their true location.

Again not all proxies are equal, some are very reputable, and to cut them off would be a death-nail to your sales conversion. The goal is to use this technique to distinguish which proxies are derived from compromised computers, or from proxies that are known to be highly used by fraudsters. The generic ability to identify an anonymous proxy provides little value.

 

subscribe to newsletter

 

 

Proxy Detection Servicestechnique overview

Proxy Detection web services allow instant detection of anonymous IP addresses. While the use of a proxy is not a direct indicator of fraudulent behavior, it can be a useful indicator when combined with other data elements to determine if an individual is attempting to hide their true identity.

Key considerations when implementing or buying this functionality include:

  • Can the solution see through proxies and through services such as AOL to determine where an order is coming from?
  • Can the solution tell how reliable the information is when you get it? For example, how risky is the proxy?
  • How often is the data updated and verified by the vendor?
  • Does the service detect and map corporate proxies?
  • Does the vendor provide post event alerts to let you know if an IP has gone bad?

How does it work?

These services rely on the IP address. Merchants can get the IP address from the HTTP header on the order that comes into their site. This IP address can be compared to known lists of good and bad IP addresses. These services use public information as well as in-house resources to map out and catalogue these proxies. They maintain data on proxy information, such as AOL, Anonymous Proxies, Cache Proxies and Corporate Proxies.

The value of looking at the proxy information is that proxy servers can hide the actual location of a consumer. If a consumer is using a proxy server on the West Coast of the United States and they live on the East Coast, their IP address will make you think they are coming from the opposite coast from where they actually are.

This same ability to hide where they are coming from can also be used by potential fraudsters in Asia or Europe to make it look like they are coming from the United States. Anonymous Proxies were intended for privacy reasons so users could mask where they are coming from. AOL consumers are one of the biggest issues in determining where the consumer really is, because they all look like they are coming from Virginia.

Many vendors offer proxy detection as part of their geolocation services, but many have not created their own solutions and are actually using the technology of a handful of technology providers.

The core of an IP Geolocation service is the mapping of IP addresses to global locations to create a global data collection network. Using multiple automated techniques and algorithms to collect, map and analyze the billions of IP addresses that make up the Internet, plus international teams of expert analysts to review the data, refining and developing new, more powerful algorithms. This unique combination of processing power from a large collection network and analysis from human experts allows the system to accurately keep up with the Internet’s complexity and rapid rate of change.

 

How do you use the results?

If the geolocation service provider gives a merchant information about proxies, the merchant can build rules to do further fraud screening for orders in which anonymous proxies and cache proxies are evident.

Additionalresources

  • OVERVIEW OF ECOMMERCE FRAUD PREVENTION TECHNIQUES.

    A core curriculum course providing an introduction to 30 plus fraud prevention techniques; what they are, high level discussion on how to employ them and big picture considerations for using them.

  • Fundamentals for Understanding Geolocation and Device Identification.

    Covers the use cases and methods for integrating and making use of geolocation data and device indentification in a fraud strategy.

  • Ecommerce Fraud Moving from Tools to Solutions.

    This session covers what constitutes a fraud solution and categorizes the many types of third party fraud tools. The course outlines the common terminology of fraud solutions and describes the capabilities needed to implement a fraud solution. 

keynotes

  • Alternative Solutions - You can also look at trying some of the Fraud-Scoring Services that offer the proxy detection check as part of the score.
  • Building this In-House - There are several methods a company can use to build their own proxy detection service in-house. Building these types of services in-house means they have to be committed to maintaining them going forward, which can be extensive. 
  • Estimated Costs - Costs will vary based on the vendor you select. There are several utilities that provide this information in a basic form for free. You can also find vendors that offer more sophisticated services as in-house software solutions with subscription fees, or on a completely outsourced model with a per-transaction fee.
  • Sample Vendors - MaxMind