IP Geolocation for Fraud Prevention
This data can be used to improve the user experience by allowing sites and apps to serve data in the user’s native language, display prices in the correct currency, and serve ads targeted to the user’s geographic region. It can also be used to bolster fraud prevention strategies.
Let’s explore the various roles IP geolocation can play in anti-fraud measures.
Authentication
If you have user data in your database showing that a particular user registered for your site or app in the United States, but you get a login attempt from that user in Spain, that may be a red flag that the user’s account has been compromised.
By checking for discrepancies in the geographic location data obtained from the IP address for an incoming login attempt, you can catch requests coming from unexpected locations. Sometimes requests coming from different locations are harmless - the user is on vacation or simply in a new place - but sometimes these could indicate suspicious activities.
Credit Card Security
IP data can also be used to provide an additional layer of validation on e-commerce sites. By comparing the address data on a request to the shipping addresses stored for users in your database or the billing address on the card, you can ensure that credit card transactions are coming from the actual card owner and reduce the occurrence of fraudulent transactions.
VPN Detection
Some IP geolocation services can tell you whether or not the incoming request is coming from a VPN, via proxy servers, or through a Tor network. These are common ways that fraudsters get around geolocation detection to do things like access content in geofenced regions.
If you determine that a request is coming through a VPN, you may choose to block the request and require the user to turn off their VPN before trying to use your services.
Block Requests from High-Risk Locations
Some geographic locations are known to be high-risk areas for scammers, hackers, and other suspicious activities. Many geolocation information services maintain a blacklist of known high-risk IP addresses that an incoming request can be checked against to ensure it isn’t coming from a high-risk address or area. This is known as blocklist matching.
By blocking requests from high-risk areas, you prevent potential fraudulent behavior like account takeover.
How to Use an IP Geolocation API
Let’s walk through how to set up real-time IP geolocation detection using a free online API.
1. Acquire an API Key
Navigate to the API page and click the “Start for Free” button. If you’ve never used AbstractAPI before, you’ll need to create a free account.
Once you’ve signed up or logged in, you’ll land on the API’s homepage where you should see your API key.
2. Use the API Key to Send a Geolocation Request
Let’s say for the sake of this tutorial that you’re verifying a user from the front end of your React web app or website.
We’ll write a function called getUserLocationFromAPI to send a request to the API for geolocation data and examine the JSON result.
Take a look at the log of the response data. You’ll see a JSON object like this:
This information tells us exactly where the user is in the world. All we need to do now is pull the user data we have stored on our server from signup and compare the geographic location of this request to the stored data.
You could also compare this data to the billing information the user entered for their credit card.
What Can go Wrong When Using IP Geolocation for Fraud Detection
IP geolocation is a powerful tool, but it is not without its caveats. There are a few ways IP geolocation can go wrong, so it’s important to back up this method with other fraud prevention strategies for a truly robust security solution.
Geolocation Accuracy
The first thing to remember is that geolocation data is not 100% accurate. It can only tell you a general region or radius for the incoming request. It can’t pinpoint a device’s location to a specific street address. And the smaller the location radius becomes, the less accurate IP geolocation gets.
Typically, you can expect the following level of accuracy when looking up user locations.
- Country: 95% to 99%
- Region (State): 55% to 80%
- City: 50% to 75%
VPNs
VPNs (Virtual Private Networks) spoof a device’s IP address to make it look like it’s coming from a different place. These days, VPN use is incredibly common, even among users who aren’t engaging in fraudulent activities. People want privacy online, and they don’t want companies tracking their locations.
Unfortunately, this means that determining which requests are coming from trusted users and which are coming from hackers and scammers has gotten much more difficult. Some IP services can detect that a request is coming through a VPN, however, they can’t detect what the real IP address of the underlying request is.
False Positives
Let’s take the example of comparing an incoming request location for a credit card purchase to saved billing information about a user. If the request is coming from Spain but the user’s registered address is in the US, that might seem like a clear-cut case of fraud.
Unfortunately, in today’s world of remote work, digital nomads, and global commerce, that simply isn’t the case. It’s entirely possible that a user could be making purchases halfway around the world from their registered address.
By rejecting every potential transaction that doesn’t match its billing address, you could be turning away thousands of potential customers.
