Proxy connections are not inherently bad or fraudulent and do serve some beneficial functions, however cybercriminals frequently abuse these connections to engage in high risk behavior.
IP Addresses Are The Foundation of Online Scoring
IP addresses are the most common data point analyzed by site administrators, compliance teams, account managers, and other operational team members to detect if a user, transaction, or similar type of action is believed to be fraudulent. It is often the only data point that can be scored for a specific user or transaction. Even when the IP address is one of many data points, it carries significant weight in determining the overall risk profile of a user, click, or transaction.
Every user online has an assigned IP address that can be used to track their activity as they move through a website or even from one site to another — making it easy to monitor the behavior of IP addresses over time. However proxies and VPNs can mask a user's true IP address, complicating the process of scoring an IP address or detecting a user's true location.
What Can We Tell From an IP Address?
At the most simple level of analyzation, we can extract the geo location data such as city, state or region, country, timezone, and so forth. Digging further we can identify the ISP and organization which owns and operates the IP's internet connection. This is useful for determining if the IP address belongs to a data center or hosting company, residential internet provider, university or institution, and similar organizations.
This information makes it a bit easier to identify VPNs from hosting providers, Tor connections, and even IP addresses that are known proxy connections. Once we've detected a proxy connection or similar anonymizer, it opens the door for further analysis. But not all proxies and VPNs are utilized for malicious purposes, so how can we tell which IPs are problematic and likely to be used by cybercriminals or abusive users?
Detecting High Risk IP Addresses
Using the information above along with blacklists, real-time forensic analysis, and abusive IP reports, it's possible to narrow down the list of IP addresses which are likely to engage in fraud and used for malicious behavior.
This data can separate a typical harmless proxy or VPN used for regular online anonymity with a similar IP address, possibly even in the same neighborhood, that could be used for stolen credit card fraud, creating fake accounts, sending SPAM, and enabling similar methods of fraudulent behavior.
Even a typical residential connection could be infected by malware or viruses which would allow it to be used as a proxy connection by abusive users countries thousands of miles away. Being able to distinguish between high risk connections and a harmless one is a crucial aspect to accurately detecting fraud online and minimizing abusive behavior.
Putting It all Together: Scoring the Big Picture
Analyzing IP addresses for high risk behavior is the easiest way to prevent fraud and abuse from online users. Using a reliable service, such as IPQualityScore, which provides an easy-to-use API and interface, makes this data very easily and affordably available. IPQS monitors abusive behavior in every country and industry. Retrieve risk analysis data for any IP address in just 100ms and instantly filter out problematic users and headaches before they impact your business.
What To Do With High Risk IP Addresses?
As you identify problematic users or transactions based on their IP address, it's good to have an action plan for what happens next. Some users prefer to block Proxies and VPNs altogether, others prefer to flag the user or transaction as suspicious or even request additional information to verify the user. Once you have decided how to proceed with a risky user, it should be easy to automate this process through your backend each time an abusive IP address is detected.
What Other Data Can Be Scored with the IP Address?
IPQualityScore's anti fraud tools also allows for other data like email addresses, phone numbers, physical addresses, and transaction info to be additionally scored with an IP address to enhance accuracy. It's easy to identify high risk emails, phone numbers, and addresses that are linked to frequent fraudsters and cybercriminals.