Using Geo-Location To Help Prevent Web Fraud

September 2, 2007 at 3:01 pm · Filed under Web Strategy

IP Address Lookup

If you’re having trouble with fraud, here’s a simple idea for an additional fraud check you can perform automatically when someone signs up for a new account: When a new registrant on your website says they’re based in New York & they’re shipping to Paris, you would expect them to have visited your site from either the USA or France. Taking a log of the addresses they enter & comparing those with their actual location allows you to automatically flag suspicious accounts…

How Can I Grab My Site Visitor’s Geographical Location?

The easiest way to do this is by recording their IP address & cross-referencing it against a physical location. IP addresses are sold in blocks; registries keep track of where those blocks are sold. Alongside this there are many companies that research IP addresses, mapping them to physical locations (and, in some cases, recording what kind of connections they are - broadband, dialup, satellite, et cetera).

To find the geographical location of an individual IP address, the simplest method is to use a third-party database of IP addresses & locations. Several providers offer databases that you can download & access direct from your own servers, or there are databases made available for you to query via an API. Many of these are free (eg. hostip), but they go right up to the enterprise level (eg. quova - who supply Amazon & several major search engines).

HostIP makes things particularly easy. For example, visit their api address & you see an XML listing of your location. Supply any IP address along with this for its particular details (eg. http://api.hostip.info/?ip=12.215.42.19 ).

Three Steps To Set Up a Simple Geo-location Fraud Check:

  1. When someone signs up for a new account on your site, record their IP address
  2. Cross-reference this automatically to a physical location (for example using the hostip database or API)
  3. If the country of their IP differs from their account country, automatically flag the account for manual checking prior to fulfilling any orders

A Few Extra Ideas:

  • Flag for IP addresses in known problem-areas (eg. anecdotally, Nigeria has problems with organised Internet fraud)
  • Check for certain types of connection (eg. anecdotally, criminal gangs often use satellite connections)
  • Look for patterns in the fraudulent enquiries you block & flag account signups that match those patterns

Technorati Tags: , ,

Did You Find This Post Useful?
 
Share This Post
 
AddThis Social Bookmark Button

 
Read Related Posts

 

1 Comment »

  1. Julian Evans said,

    September 10, 2007 @ 5:07 am

    Very interesting article indeed. This may be of interest to our audience! Why not visit ID THEFT PROTECT, to find out more about how you can protect your online identity? It’s a free impartial resource to help drive awareness and education to connsumers and small businesses.

    Julian, ID Fraud Expert

RSS feed for comments on this post · TrackBack URI

Leave a Comment