This post was written by Quova, they sent it as a press release but I thought it was interesting enough to publish on the blog.
The 2008 Edition of the CyberSource Online Fraud Report highlights that out of 318 online sellers surveyed an average 1.4 % of their orders are lost to online fraud, often resulting from buyers who used credit card numbers later identified as stolen. The report estimates that in 2007 $3.6 billion in online revenues were lost in this way.
Though geolocation is just one of the risk monitoring tools used (the average e-merchant online uses at least four tools), it provides an important line of defense. The foundation for geolocation is the Internet protocol (IP) address – a numeric string assigned to every device attached to the Internet. When individual surfs the Web, their computer sends out this IP address to every Web site visited. Geolocation can provide much more than a geographic location. Many providers supply up to 30 data fields including country, region, state, city, ZIP code and Time zone for each IP address that can help to further determine if users really are where they say they are.
Equipped with this information, e-merchants can use geolocation to flag suspect transactions and address them individually.
Five key Ways to Detect Fraud using Geolocation include
Check for anonymous proxy servers and other location-masking systems
- While not all proxy servers are bad, the use of an anonymous proxy that hides or masks a unique IP address can be a fraud indicator. Lists of anonymous proxies that are abusing the system are provided by a select few geolocation vendors (including Quova) that notify the e-merchant when an order comes from one of the proxy servers
Check the distance between actual and expected user locations
- It’s a general rule of thumb that shoppers will be logging on the Internet within close proximity to their billing or shipping addresses. Many Quova customers report that orders coming from 500 miles or more away from the expected location have a higher probability of being fraudulent. With geolocation, e-merchants can elect to decline, or flag for review, orders falling X miles or more away from the shipping or billing address
Use domain information to assess risk
- With access to domain information gathered from the shopper’s ISP, it can be easier to determine whether an order should be declined, accepted or flagged. An e-merchant can track user sessions and know that the customer frequently connects from work and from home.
Build user profiles
- Once a profile is built, e-merchants can look for changes & differences between the observed behaviors they see online and what they have on file. Geolocation provides a simple way for merchants to expand their user profiles behind the scenes by assuming that most valid orders will follow the same pattern. If several different domain extensions or ISPs are used in one day, chance are those orders may be fraudulent.
Use time-zone information to track the transaction velocity
- If a user is connecting to a Web site in relatively short periods of time and the log-ins are more then 1,000 miles away from each other, this is a major red flag for an online merchant. For each shopper, e-merchants can use geolocation data to enable business rules that
1) request the current local time at the shopper’s location;
2) alert them to potential “time-zone hopping” within a short period of time, where the same account is accessed from multiple geographic locations; and
3) alert them to orders placed at times of the day that aren’t consistent with previous orders stored in the user’s profile.
It’s not unusual for a Web site to keep track of user behavior, such as pages they have clicked on and the products they purchase. This is called behavioral targeting and due to the customer’s computer never being accessed, geolocation does not infringe on personal privacy. In a nutshell, geolocation is just one of many things you can check in the fraud cycle and protects both the consumer and the merchant from criminal activity.