DID YOU KNOW
Geolocation services provide information about a consumer's worldwide location at the time of purchase based on their IP address, which can be compared against the billing and shipping address information they provided, as well as used in Velocity Checks.
In general these services are pretty reliable and they offer a valuable tool for merchants. One application for this tool is in the regulatory compliance arena. For fraud prevention, it provides a valuable tool but cannot stand alone in making a decision to accept or reject an order.
Pros and Cons of Geolocation include:
It is easy to implement.
It's the best method to validate regulatory compliance on country.
It is only useful when you have an IP address, so it will not work for other card-not-present transactions such as phone-based orders.
It's useful for catching large discrepancies between the data provided and the actual location of the consumer, but due to the nature of the web and people traveling, merchants do have to be careful about how they implement this as a fraud-prevention tool. In general, if a merchant only does business in a certain country, this is a great tool to catch those consumers from outside the country before they get into the order-processing stream.
It is useful as a tool to detect potential account takeover activity. This is strongest when combined with Device Identification, however.
THE FRAUD PRACTICE
Building this In-House - There are several methods a merchant can use to build their own geolocation capability in-house. Building these types of services in-house means they have to be committed to maintaining them going forward, which can be extensive. Merchants can set up internal systems and rules to interpret results from: Area Code Checks, ZIP Code Checks, IP Address Checks, and Credit Card BIN Checks.
Estimated Cost - Costs will vary based on the vendor you select. Basic forms if IP Geolication are available for free but much of the IP data is stale. You can also find vendors that offer more sophisticated services as in-house software solutions with subscription fees, or on a completely outsourced model with a per-transaction fee.
Sample Vendors - MaxMind, Neustar
IP GEOLOCATION SERVICES TECHNIQUE OVERVIEW
IP Geolocation services provide information about a consumer's worldwide location based on their IP address. This can be at the city, state and country level. It may also provide ancillary information such as internet connection speed, internet service provider (ISP) and more. It is used primarily to validate the consumer’s data to determine where the consumer is at the time of purchase. IP Geolocation Services can be used for fraud prevention and also used for export and regulatory compliance.
For Fraud Prevention – IP Geolocation can alert organizations of suspicious activity around login or purchase events. For example, if someone is making a purchase from an IP location that is vastly different from the billing or shipping information. If a consumer gives the merchant an address and phone number in New York but the IP address is showing that the consumer is coming from Russia, that is a red flag.
Similarly with login attempts, a user may provide the correct password but come from an unusual IP location, and this would warrant some form of step-up authentication check.
For Regulatory Compliance – For industries such as gaming, digital software download, and certain export industries, they would use this service to validate that the consumer is really in the location they say they are in. They can also ensure that they don’t provide goods or services to consumers in countries where it may be prohibited.
Key considerations when implementing or buying this functionality include:
Can the solution see through proxies or VPNs to determine where an order is coming from?
Can the solution tell how reliable the information is when you get it? For example, level of confidence by country or region?
What other types of data does the service provide as part of the solution such as: Geographic information: Continent, Country, Time Zone, State, City, Zip, Area Code, Longitude/Latitude, DMA, MSA, PMSA. Proxy Information such as: Anonymous Proxies, Cache Proxies, Corporate Proxies. Network information: Domain Name, Network Connection type, Network Speed, Autonomous System Number, Backbone Carrier Name?
How often is the data updated and verified by the vendor?
HOW DOES IT WORK?
IP Geolocation services provide detailed information about a consumer's worldwide location based on their IP address and may include additional information such as line speed, ISP, etc. These services rely on the IP address of the user. Merchants can get the IP address from the HTTP header on the order that comes into their site. This IP address can be compared to the location the consumer says he or she is at and a determination can be made if the order is fraudulent or not. The location associated with a given IP address can be compared against the billing address, shipping address and/or phone number area code.
IP Geolocation services can offer a variety of information at varying degrees of depth, but the information can be lumped into three major categories:
1) Geographic information, such as continent, country, time zone, state, city, zip, area code, longitude/latitude, DMA, MSA, PMSA
2) Proxy information, such as VPN, Anonymous Proxies, Cache Proxies, Corporate Proxies.
3) Network information, such as domain name, network connection type, network speed, autonomous system number and backbone carrier name.
The value of looking at the proxy information is that proxy servers can hide the actual location of a consumer. If a consumer is using a proxy server on the West Coast of the United States and they live on the East Coast, their IP address will make you think they are coming from the opposite coast from where they actually are.
This same ability to hide where they are coming from can also be used by potential fraudsters in Asia or Europe to make it look like they are coming from the United States. Anonymous Proxies were intended for privacy reasons so users could mask where they are coming from. Consumer anti-virus software comes with VPN/proxy features, so proxies can be legitimate users or fraudsters. When a proxy is used, you cannot trust the IP address on face value, therefore comparing the IP address location to a shipping location is no longer viable.
The core of an IP Geolocation service is the mapping of IP addresses to global locations to create a global data collection network. A strong system uses multiple automated techniques and algorithms to collect, map and analyze the billions of IP addresses that make up the Internet, plus international teams of expert analysts to review the data, refining and developing new, more powerful algorithms. This unique combination of processing power from a large collection network and analysis from human experts allows the system to accurately keep up with the Internet’s complexity and rapid rate of change. The result is levels of data quality and accuracy that are unsurpassed and constantly improving.
HOW DO YOU USE THE RESULTS?
In using an IP geolocation service merchants can feel more confident in accepting orders in which the IP address geolocation check matches up with the “ship to” or “bill to” address. The IP address location can also be compared to the location associated with a telephone number area code. Many risk models and rules engine utilize the distance between an IP geolocation and a billing and/or shipping address.
In using an IP geolocation service, if merchants find a major discrepancy with the IP geolocation match to the “ship to” or “bill to” address then you should review or decline the order.
If the IP geolocation service provider gives the merchant country or city information, the merchant can create rules to decline orders for regions they do not do business in. They can also flag or monitor business from regions where they have had a high incidence of fraud in the past.
If the IP geolocation service provider gives a merchant information about proxies, the merchant can build rules to do further fraud screening for orders in which anonymous proxies and cache proxies are evident. Logic should be in place to circumvent or avoid rules or modeling features where an IP location is compared to another location (billing address, etc.) as the use of a proxy can hide the user's true location.
For user account logins, IP geolocation can be compared to previous login activity and identify potential account takeover.
If a merchant runs the IP geolocation service on every transaction and stores the data results, the merchant can build a very targeted marketing profile of their customer base, including demographics on region, time of day and methods of getting to their site.