With the holiday season upon us, online sales surge with customers seeking to place orders with retailers. But not all orders, form submissions, and lead generation efforts are legitimate. Building fraud identification systems which can properly identify cases that are illegitimate can range from simple to complex, with the latter using such methods as tracking user behavior and performing complex authentication methods. Most, if not all, fraud identification strategies incorporate a fundamental step in identifying fraud which is through IP Validation.
IP Validation identifies the origin of an IP which is crucial for assessing whether an IP is legitimate or is considered High Risk. An IP is categorized as High Risk based on multiple factors including whether the IP origin is from a TOR Network exit node, behind an Anonymous/Elite proxy, has been blacklisted for suspicious/spam activity, or whether the IP origin is in a country that is considered High Risk for fraudulent activity.
A typical http request includes necessary header information which describes the origin of the request to return information to. Requests which emanate from an anonymous proxy hide the origin IP and only include the proxy IP. Anonymous proxies are available through either SOCKS or HTTP protocol. HTTP protocol is used for general HTTP/HTTPS requests as well as FTP in some cases, while SOCKS proxy provides support for any type of network protocol.
While detecting whether an http request was issued from behind a proxy may be detectable based on header information, this is not the case with a request emanating from a TOR client. TOR networks route requests through a series of participating nodes anonymizing where the origin of the request came from.
VPN or Virtual Private Network offers another method for fraudsters to conceal their identity. A VPN service provides a secure tunnel for users to connect to another host machine and execute requests appearing as though the requests are emanating from the VPN host machine. VPN adds the additional security of encrypting traffic between the user and VPN host.
IP Reputation services and DNS-based blacklists track and monitor suspicious and spamming activities. Users which violate website /domain owner’s terms of service can have their IP blacklisted which terminates future activity from that IP. Website owners will check their own provided IP to ensure their website has not been used in spamming attacks or suspicious activities which could restrict their ability to operate. Accepting messages from an IP which has been blacklisted should be considered high risk.
A Botnet is another method fraudsters can use to conceal identity. A botnet is a network of machines that are under control by the attacker. Hackers frequently use botnets for large scale attacks where a high number of concurrent requests are issued to take down a system. Botnets can originate from any network connected device. This was evidenced by a recent attack on a major DNS system provider which was executed by a network of connected home devices.
How to Protect Yourself
With all of the different methods of concealing identity available to fraudsters, the picture becomes much larger of the task to thwart would-be thieves from disrupting your systems. Thankfully DOTS IP Validation encompasses many of the identification strategies necessary to make split second decisions on would be attackers before any harm is done. From IP origin to Proxy/ TOR node detection, DOTS IP Validation has you covered.