IPQualityScore

Best Practices & Tips Guide

This guide provides best practices and tips for using IPQS Proxy Detection & IP Reputation service. Solve issues like click fraud, fake accounts, fraudulent orders, low quality users, application fraud, geo bypassing, ATO, UGC spam, and other use cases.

Access The Best Reputation & Validation Data

IPQS cultivates the most accurate and up-to-date data for IP intelligence and reputation scoring. Unlike other providers, IPQS gathers data directly from our proprietary honeypots, traps, crawlers, and thousands of live sites opted into our threat intelligence network. False-positives are minimized by only using fresh data and scanning billions of IP addresses every day. New threats are detected every second, so even the latest compromised IP addresses are unable to harm your business.

Passing Additional Info To Enhance Scoring

The following API inputs greatly improve scoring and the overall user experience while analyzing clicks, users, and transactions with IPQS:

  • user_agent (string) - It is strongly recommended to pass the "user_agent" string associated with the IP address. This data point allows our scoring algorithms to better detect bots, abusive users, and high risk IPs by analyzing the browser information.
  • user_language (string) - Further enhances scoring based on the user's device.
  • mobile (true/false) - If you are unable to pass the user agent, but know that the request has originated from a mobile device, then we recommend setting this value as true to improve scoring accuracy.

Example Request with Recommended Starting Options
Please replace "user_agent" and "user_language" with the appropriate values.

PRO-TIP: Populating the "user_agent" data point can improve scoring by over 20%. Please make sure the full user agent string is passed, such as: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36".

Take Advantage of Scoring Settings

Customize IPQS scoring engines to better fit your audience based on how strictly we score IP addresses and the threshold to determine active proxy connections. The following settings are available to adjust scoring:

  • allow_public_access_points (true/false) - Allows corporate and public connections like Institutions, Hotels, Businesses, etc. (recommended as "true")
  • fast (true/false) - Speeds up the API response time without impacting accuracy. Not recommended.
  • strictness (0-3) - Strictness of our fraud analysis. We recommend starting with level 0. Increasing this value will expand the thresholds for identifying high risk IPs. Levels 2+ have a higher risk for false-positives.
  • lighter_penalties (true/false) - Lowers scoring and proxy detection for mixed quality IP addresses to prevent false-positives.
  • Please also view your account's additional scoring settings available for upgraded accounts.
Minimizing False-Positives

If you experience any results that are not satisfactory, please contact us and include the IP addresses and any other relevant data for the requests. We will examine these results and optimize your account's scoring settings. Once your account has received a settings optimization, all future requests will provide much more accurate analysis. Out of the box settings tend to work for 90% of clients, so if you find our default settings are a good fit then optimization is not necessary.

Use The Postback API To Retrieve Past Lookups

IPQS Postback API allows requests to be marked as converted and for past data to be retrieved by associating a unique identifier. For example, it's possible to pull the last request that matched a userID, transactionID, or similar tracking variable.

Postback Example to Retrieve Latest Request by UserID
To perform this request, please make sure your initial API request passed a valid "userID" value (or any variable of your choice) and that this variable name is set on your custom tracking variables.

Retrieve multiple requests with the Request List API and also search by IP Address.
To perform this request, please make sure your initial API request passed a valid "userID" value (or any variable of your choice) and that this variable name is set on your custom tracking variables.

Analyzing Results

The easiest way to determine if the IP address is high risk is to analyze the following data points:

  • Fraud Scores - Overall score from 0 to 100 which indicates how likely the IP address belongs to an abusive user or is associated with malicious behavior. Fraud Scores for proxy & VPN connections with average risk are in the 70-75 range. Some clients may find that IP addresses with scores in these ranges are not problematic. However, IP addresses with Fraud Scores >= 85 indicate suspicious activity, while scores >= 90 represent abusive and malicious behavior. We strongly recommend blocking requests associated with Fraud Scores >= 90. Simply filtering traffic, users, and transactions by the Fraud Score is the easiest way to quickly analyze results.
  • Abuse Velocity - Indicates frequent abusive behavior over the past 24-48 hours. Values can be "high", "medium", "low", or "none". "High" and "medium" levels are usually associated with poor reputation IP addresses.
  • Recent Abuse - This data point will be true for all users with recent abusive behavior detected among our honeypots, traps, and live sites across the IPQS network that report real-time data back to our scoring engines.
  • Bot Status - This data point will be true when this IP address has recently been involved in a botnet or made automated, non-human requests.
  • Risk Score (Transaction & User Data) - Analyze payment details and user data to produce an overall risk score, from 0 to 100. This value identifies abusive user data such as disposable phone numbers & emails, stolen credentials, unauthorized payment details, and similar reputation issues. Risk Scores >= 90 are "high risk".
Enhanced Detection for Residential Proxies

Upgrading your account immediately improves detection for abusive IP addresses and residential proxies, which are today's biggest threats. Premium plans and above have access to exclusive blacklists and IP intelligence data, while Enterprise plans include enhanced residential proxy detection and protection with Fraud Fusion™.

Upgrade to Enhanced Detection & Premium Blacklists

Additional User & Transaction Scoring

If you have additional information such as user & transaction data, then we strongly recommend passing that data with your API request. These features are extensions of the base Proxy Detection & IP Intelligence API and do not consume an additional usage credit.

  • User, Order, & Transaction Scoring - Analyze a wealth of user and order data risk analysis for account details, phone numbers, physical addresses, and payment details.
  • Phone Validation - Score the user's phone number by flagging invalid, disposable, and throwaway phone numbers to improve detection for fake accounts and invalid user data.
  • Address Verification - Validate a user's physical address as further checks for data quality.

PRO-TIP: Phone Reputation and Address Validation can be bundled into one check with IPQS User & Transaction Scoring API.

Questions?

Learn more about detecting proxies with IPQS. Our support & integrations team is happy to help 7 days per week. Please contact us with any questions.

Contact Us