Every year, more than a billion consumers shop on e-commerce websites. And in 2016, a new startup called Fomo set out to help merchants reach that audience. To do that, Fomo first needed to find a service partner with expertise in geolocation. They chose MaxMind. “We’re a relatively new company, but our growth has been phenomenal since we added MaxMind’s GeoIP2 Precision services,” said Fomo’s co-founder Ryan Kulp.
As a merchant, you’ll frequently see cases where multiple orders with different billing addresses and payment methods are placed from the same IP address, and it’s not clear whether or not this indicates fraud.
Such activity could be a sign of fraud, with a fraudster testing multiple compromised credit cards. It could also be a sign that a fraudster is using a proxy to obscure his identity. There are times though when such activity is expected and flagging such transactions as fraudulent would mean denying good orders and frustrating customers. Continue reading
The new year has arrived. With transaction history from a busy holiday season on hand, this is a great time to take a look your historical transactions with a fresh and critical eye.
Reviewing your chargeback data to identify fraud patterns is a good way to get started. In this month’s blog post, we provide a case study of an online penny auction business, which improved their bottom line by doing just that. Continue reading
Santa had a problem, and the problem was kids. Not that he didn’t love the children – far from it, their happiness was why he did what he did after all – but now there were more than ever of them. World population had grown to the point where there were 2.2 billion children that potentially wanted a gift, and that was a lot of mince pies to get through in one night!
To ensure that he’d have time to make all the deliveries, he’d taken the unprecedented step of installing agents in homes around the world – elves that sat on shelves – who were able to report on any problem, from waking children to adverse weather conditions, that might slow him down. Traditionally, a Shelf Elf would report by flying home each night leading up to Christmas, but on the big night itself the elf would have to report back in real time. Luckily for Santa, so many houses had internet connections that the Elf could use to report issues via a simple web form the Wise Old Elf had set up on the North Pole extranet. Continue reading
As more and more TV, music, and movie content has moved online, a veritable industry has grown up around helping people to circumvent location based broadcast restrictions. Demonstrating the scale of the issue, GlobalWatchIndex reports that as many as 29% of VPN users globally accessed Netflix in one recent month. Tutorials for how to access this and other streaming services abound.
Streaming providers are required by content licensors to geographically restrict access to the content they license. Providers risk losing content licensors’ trust and ultimately risk losing their ability to license content from studios and other licensors if they are not able to restrict access based on where their customers are accessing this content from. This post describes the ways restrictions are being bypassed and offers some advice on solutions. Continue reading
If you use a GeoIP database, you’re probably familiar with MaxMind’s MMDB format.
At MaxMind, we created the MMDB format because we needed a format that was very fast and highly portable. MMDB comes with supported readers in many languages. In this blog post, we’ll create an MMDB file which contains an access list of IP addresses. This kind of database could be used when allowing access to a VPN or a hosted application.
The code samples I include here use the Perl MMDB database writer and the Perl MMDB database reader. You’ll need to use Perl to write your own MMDB files, but you can read the files with the officially supported .NET, PHP, Java and Python readers in addition to unsupported third party MMDB readers. Many are listed on the GeoIP2 download page. So, as far as deployments go, you’re not constrained to any one language when you want to read from the database.
Use our GitHub repository to follow along with the actual scripts. Fire up a pre-configured Vagrant VM or just install the required modules manually.
In our last blog post, we discussed how you can use a risk score to automate fraud screening, saving you time and money.
In this blog post, we begin our discussion of manual review best practices.
Studies show that, in North America, one in four orders on average receive extra scrutiny through the manual review process. The goal is to prevent the expense of chargebacks and customer issued credits associated with fraud. At the same time, you need to ensure that legitimate orders are not rejected unnecessarily, and estimates suggest that this is the case with up to 10% of orders. Rejecting good orders negatively impacts the bottom line, and drives away good customers.
During manual review, fraud analysts examine data associated with an order to assess how likely it is to be fraudulent. One key area of data points to consider is that of geolocation. Continue reading
The Apache Nutch community has been hard at work developing an open source web crawler. Nutch is a mature, production ready web crawler powering data acquisition, search and discovery for a broad spectrum of organizations over a broader spectrum of use cases. The Nutch 1.x branch enables fine grained configuration and relies on Apache Hadoop™ data structures, which are great for batch processing.
This post documents how reverse geolocation features were added to Nutch via MaxMind’s GeoIP2-java API, making good use of server IP addresses acquired within a Nutch crawl. Readers will take away:
- insight into why geocoding is appealing in today’s markets,
- practical code examples from the Nutch 1.x branch, showing how to use the GeoIP2-java API in order to geocode based on server IPs.
In the world of accepting online payments, credit and debit cards are the industry standard. And for good reason– they’re convenient, and they’ve been around for decades.
But while they’re the go-to payment option, merchants continue to struggle with their vulnerability to fraud.
So that got us wondering– at some point, the credit card was a new invention and appeared to be the payment solution of the future. It was a paradigm shift from the written bank check, which was itself an invention over cash and hard currency. And each option has pushed us into a new era of thieves trying to crank out a payday– sometimes digital, sometimes physical.
So, what’s next for the digital age? Apple is hoping to introduce a new era with Apple Pay. Does it have the moxie to move us beyond the credit card and associated e-commerce fraud?
Mobile payment: Apple Pay
You can’t tap your scroll wheel without clicking through a headline for Apple Pay. And it makes sense– digital-physical hybrid payment options have been trying to take hold for several years now.
While Google and Microsoft have tried their hand at mobile payment methods, Apple’s recent release of Apple Pay is the first to show encouraging signs of nascent adoption. With the smartphone now ubiquitous, the ease of use at the cash register for this type of payment method becomes more compelling.
Apple Pay has immediate benefits for merchants taking CNP payments as well. Apple Pay incorporates fraud detection technology such as TouchID biometric sensors, NFC, and geolocation data. Apple is banking on these features to make Apple Pay more attractive to merchants, and is even going so far as to assume some of the risk of fraudulent transactions themselves.
The future of payment security
Apple’s initial Apple Pay push covers 35 brick and mortar retail stores and provides a new opportunity for widespread use. But considering the amount of consumer data and financial information involved, consumers and merchants alike are sure to closely monitor what E-commerce fraud detection looks like as new payment options spread online within Apple apps.
NFC payment systems are incorporating unique digital signatures and Apple Pay is moving personal data off servers to thwart fraud. At the same time, Apple Pay and other mobile payment options are really no more than glorified credit cards. Is the new technology real progress, or will the fraudsters just step up their game? Adaptation of the new payment methods will be slow, so it will be some time before we can tell.
When it comes to choosing between the multiple IP geolocation data providers out there, our customers have told us they are most interested in one thing – accuracy. The question is, who provides the most accurate data?