Online fraud is a complex, hard to detect, and constantly evolving type of crime with serious business consequences. While many e-commerce merchants are looking for new ways to engage with customers, fraudsters are also looking for new ways to exploit them. In a way, every touchpoint you create – from buy online/pick up in store options to social click-to-buy ads, mobile shopping to loyalty rewards programs – is another opportunity for cybercriminals to bypass your fraud screening.
Every year, more than a billion consumers shop on e-commerce websites. And in 2016, a new startup called Fomo set out to help merchants reach that audience. To do that, Fomo first needed to find a service partner with expertise in geolocation. They chose MaxMind. “We’re a relatively new company, but our growth has been phenomenal since we added MaxMind’s GeoIP2 Precision services,” said Fomo’s co-founder Ryan Kulp.
Thexyz, a Canadian company, provides a secure email service. This paid platform gives customers an email address that is secure and private while keeping the user experience ad-free.
Introducing the minFraud service had a dramatic effect on their chargeback rate. Here’s their story.
Just like good customers, fraudsters must provide a shipping address in order to receive merchandise. But fraudsters, who need to evade detection and efficiently resell stolen goods, leave traces in the shipping addresses they use. The minFraud Network collects data on shipping addresses and uses it to identify any high risk shipping addresses associated with the transactions you submit for review.
This blog post investigates some high risk shipping addresses known to MaxMind, as well as provides some general fraud review tips for identifying them.
As a merchant, you’ll frequently see cases where multiple orders with different billing addresses and payment methods are placed from the same IP address, and it’s not clear whether or not this indicates fraud.
Such activity could be a sign of fraud, with a fraudster testing multiple compromised credit cards. It could also be a sign that a fraudster is using a proxy to obscure his identity. There are times though when such activity is expected and flagging such transactions as fraudulent would mean denying good orders and frustrating customers. Continue reading
The new year has arrived. With transaction history from a busy holiday season on hand, this is a great time to take a look your historical transactions with a fresh and critical eye.
Reviewing your chargeback data to identify fraud patterns is a good way to get started. In this month’s blog post, we provide a case study of an online penny auction business, which improved their bottom line by doing just that. Continue reading
As more and more TV, music, and movie content has moved online, a veritable industry has grown up around helping people to circumvent location based broadcast restrictions. Demonstrating the scale of the issue, GlobalWatchIndex reports that as many as 29% of VPN users globally accessed Netflix in one recent month. Tutorials for how to access this and other streaming services abound.
Streaming providers are required by content licensors to geographically restrict access to the content they license. Providers risk losing content licensors’ trust and ultimately risk losing their ability to license content from studios and other licensors if they are not able to restrict access based on where their customers are accessing this content from. This post describes the ways restrictions are being bypassed and offers some advice on solutions. Continue reading
If you use a GeoIP database, you’re probably familiar with MaxMind’s MMDB format.
At MaxMind, we created the MMDB format because we needed a format that was very fast and highly portable. MMDB comes with supported readers in many languages. In this blog post, we’ll create an MMDB file which contains an access list of IP addresses. This kind of database could be used when allowing access to a VPN or a hosted application.
The code samples I include here use the Perl MMDB database writer and the Perl MMDB database reader. You’ll need to use Perl to write your own MMDB files, but you can read the files with the officially supported .NET, PHP, Java and Python readers in addition to unsupported third party MMDB readers. Many are listed on the GeoIP2 download page. So, as far as deployments go, you’re not constrained to any one language when you want to read from the database.
Use our GitHub repository to follow along with the actual scripts. Fire up a pre-configured Vagrant VM or just install the required modules manually.
Thus far, our Best Practices Series has discussed how you can use the data provided by the minFraud service for better decision making during manual review.
But actionable data from minFraud starts with the inputs you include with each query.
The minFraud service requires that each query include the IP address associated with the transaction at a minimum; as best practices, MaxMind recommends you send as many data points as possible.
The more data points you provide, the better the riskScore and the more information you make available to your fraud analysts as part of the manual review process. Continue reading
In this blog post, we continue our discussion of best practices for manual review. Today’s topic is assessing IP address risk.
A fraudster (or indeed, anyone) placing an order on a website uses a device (computer, mobile phone or tablet) and this device is associated with an IP address.
In our last blog post, we discussed how the physical location of the IP address can be matched against other location information to see if anything looks suspicious. For example, it’s best to closely scrutinize orders where the location of an IP address is in one country and the billing address in another.
Fraudsters recognize the power of geolocation in identifying fraud, so they act to hide their actual IP address and, by extension, their geographic location. The best way for them to take cover is to connect to the Internet using a proxy server. Popular hiding places include open proxies, hosting providers and VPNs. Continue reading