Offsite passive fraud checks & data vendors

There is a wealth of data online. Financial crime prevention legislation that is built into most data protection law allows you to leverage it.

Hi, name is Duncan Malcolm. I convene First Six Last Four to help us understand more about fraud threats and the things that we can do to reduce our risk in the face of highly motivated adversaries.

In this post we are looking at different checks and fraud data vendors. These checks can happen without interruption to the customer journey and can provide a lot of data that you can use in your fraud scoring.

We will look at data you can obtain around:

  • IP address’s
  • Email address’s
  • Phone numbers
  • eVerification of identify
  • Devices (fingerprinting)

Individually any of the above are not very helpful. However, when you combine them together they act as a very power set of data points or features to help you assess transaction risk.

IP address

This is probably one of the best known fraud data points in fraud after AVS & 3DS. However, it is somewhat misunderstood.

An IP address is not always one person and they are not always fixed.

From an IP address it is usually possible to determine:

  • VPN – If the user is using a VPN service
  • Proxy – Whether the user is redirecting their IP via a proxy
  • Line type – Whether the IP is a data center / home / education / office
  • ISP & ASN – Name and unique ID of the ISP

Depending on your vendor you might also be able to find:

  • Abuse – If the IP address has been reported by another merchant
  • Country, City, Region – An approximate location
  • Lat/Long – Another approximate location
  • Tor – If the IP is a suspected tor address

This information is a good starting point and while not enough to determine fraud it can help.

 

1 comment

Leave a comment

Your email address will not be published. Required fields are marked *