In The News

Customer Quotes

"The Fraud Practice is a world-class credit card fraud mitigation consulting practice."

Kevin Mitnick, President Mitnick Security Consulting LLC

For Email Marketing you can trust

Fraud Blog Subscribe in a reader

ACH Processing

Advertisement

Consulting Services
Mr. Montague  is the founder and President of The Fraud Practice. He has spent the last fourteen years in the information technology industry.
Read more
Fraud Library
Looking for information on fraud prevention techniques, solutions and best practices. The fraud library is your first stop to find free research.
Read more
Fraud in the News
A series of news feeds and articles of interest to fraud professionals.
Read more

Proxy Detection Services - Fraud Library

The Fraud Practice eCommerce Fraud Consulting Services

Proxy Detection web services allow instant detection of anonymous IP addresses. While the use of a proxy is not a direct indicator of fraudulent behavior, it can be a useful indicator when combined with other data elements to determine if an individual is attempting to hide their true identity.

Google

Geolocation Discussion

How Good is it?

Proxy Detection web services allow instant detection of anonymous IP addresses. While the use of a proxy is not a direct indicator of fraudulent behavior, it can be a useful indicator when combined with other data elements to determine if an individual is attempting to hide their true identity. The fact is, some of the most used ISPs, like AOL and MSN, are forms of proxies, and are used by both good and bad consumers.

The fraudsters know, that is very easy to make their IP geolocation information look like it is coming from the region where their stolen credentials originated. This ability makes them look authentic, when in fact they are using a proxy to mask their true location.

Again not all proxies are equal, some are very reputable, and to cut them off would be a death-nail to your sales conversion. The goal is to use this technique to distinguish which proxies are derived from compromised computers, or from proxies that are known to be highly used by fraudsters. The generic ability to identify an anonymous proxy provides little value.

  • IP address spoofing
  • Anonymous Proxy detection
  • Anonymous Proxy risk ratings

Considerations When Implementing or Buying This Functionality    

  • Can the solution see through proxies and through services such as AOL to determine where an order is coming from?
  • Can the solution tell how reliable the information is when you get it? For example, how risky is the proxy?
  • How often is the data updated and verified by the vendor?
  • Does the service detect and map corporate proxies?
  • Does the vendor provide post event alerts to let you know if an IP has gone bad?

Estimated Costs – Costs will vary based on the vendor you select. There are several utilities that provide this information in a basic form for free. You can also find vendors that offer more sophisticated services as in-house software solutions with subscription fees, or on a completely outsourced model with a per-transaction fee.

Alternative Solutions – You can also look at trying some of the Fraud-Scoring Services that offer the proxy detection check as part of the score.

Vendors – FraudLabs, MaxMind, Quova,

How Does it Work?  

These services rely on the IP address. Merchants can get the IP address from the HTTP header on the order that comes into their site. This IP address can be compared to known lists of good and bad IP addresses. These services use public information as well as in-house resources to map out and catalogue these proxies.

  • Proxy information, such as AOL, Anonymous Proxies, Cache Proxies, Corporate Proxies.

The value of looking at the proxy information is that proxy servers can hide the actual location of a consumer. If a consumer is using a proxy server on the West Coast of the United States and they live on the East Coast, their IP address will make you think they are coming from the opposite coast from where they actually are.

This same ability to hide where they are coming from can also be used by potential fraudsters in Asia or Europe to make it look like they are coming from the United States. Anonymous Proxies were intended for privacy reasons so users could mask where they are coming from. AOL consumers are one of the biggest issues in determining where the consumer really is, because they all look like they are coming from Virginia.  

Many vendors offer proxy detection as part of their geolocation services, but many have not created their own solutions and are actually using the technology of a handful of technology providers.

The core of an IP Geolocation service is the mapping of IP addresses to global locations to create a global data collection network. Using multiple automated techniques and algorithms to collect, map and analyze the billions of IP addresses that make up the Internet, plus international teams of expert analysts to review the data, refining and developing new, more powerful algorithms. This unique combination of processing power from a large collection network and analysis from human experts allows the system to accurately keep up with the Internet’s complexity and rapid rate of change.

How Do I Use the Results? 

If the geolocation service provider gives a merchant information about proxies, the merchant can build rules to do further fraud screening for orders in which anonymous proxies and cache proxies are evident.

Building This In-House 

There are several methods a company can use to build their own proxy detection service in-house. Building these types of services in-house means they have to be committed to maintaining them going forward, which can be extensive. 

 

Property of The Fraud Practice, all rights reserved, no unauthorized duplication, reproduction or distribution without the express written permission of The Fraud Practice.