Geolocation: How Savvy Merchants are Modernizing Their Anti-Fraud Solutions
There’s an old saying: “time and tide wait for no man.” The same holds true for merchants and technology.
Any time eCommerce sellers manage to defeat a clever fraud scheme, it seems like another appears to take its place. Considering the rate at which technology advances, you have to be as proactive and receptive to change as possible. Emerging tech trends can influence all aspects of your business, whether you are aware of them or not.
Geolocation, for example, is a modern technology with far-reaching effects. It could help you prevent more fraud attacks and recover more revenue...if deployed correctly.
In this article, we’ll discuss the benefits of geolocation, as well as its downsides. We’ll also offer some strategies to help you master both.
Recommended reading
- The Top 10 Fraud Detection Tools You Need to Have in 2024
- What are Velocity Checks? How Do They Stop Fraud Attacks?
- ECI Indicators: How to Understand 3DS Response Codes
- Proxy Piercing: How Merchants Can Use it to Prevent Fraud
- Card Verification Values: What Are CVVs & How Do They Work?
- Payment Authentication: How to Verify Buyers Before a Sale
What is Geolocation?
- Geolocation
Geolocation is a broad term that describes any technology which accesses your location using the GPS or IP data installed on your devices for the purpose of locating you. It can be used for fraud detection by helping to verify customers’ identities.
[noun]/j • ēō • lō • kā • SHən/
Geolocation technology for fraud detection typically relies on IP address. This means it uses a computer, server, or mobile phone’s internet protocol (IP) address to determine the device’s geographical location.
For this to work, an IP address has to be assigned to a device by an internet service provider. When a device connects to the internet, an IP geolocation service identifies the device’s IP address and then queries a geolocation database, either directly or via an API, to retrieve the device’s approximate location.
A geolocation database maps millions of IP addresses to countries, states, cities, zip codes, latitudes, and longitudes. Some databases also include information about device connection types or internet service providers by collecting WHOIS Records, Wi-Fi, GPS, or crowdsourced data.
Once the geolocation service finds a match between the device’s IP address and a record in the database, it outputs the device’s location details to the end user. This information can then be used to help determine whether a buyer is legitimate.
Geolocation databases are maintained by third-party service providers, and the accuracy of the results depend on the quality and volume of the data in the database. Typically, free databases are less accurate than paid databases. Network infrastructure and the use of VPNs of proxy servers can also influence location accuracy.
How Does Geolocation Help Prevent Fraud?
In card-not-present (CNP) transactions, geolocation data can pinpoint irregularities related to an IP address of origin. Geolocation helps you verify established cardholder details such as:
- Billing Address
- Shipping Address
- Billing Phone Number
- Zip Code
- Phone Area Code
If the details of a transaction don’t match a cardholder’s known location, the transaction may not have been made by the cardholder. This information can be relayed to you, and the transaction would then be flagged as potential fraud.
Examples of IP Address Geolocation in Action
As we mentioned before, geolocation technologies can help detect and deter fraudulent card-not-present transactions. Here’s how it can help you discover and respond to threats in practice:
How Does Geolocation Spoofing Work?
No technology is perfect, however advanced it might be. Geolocation is no exception to this rule.
Geolocation fraud occurs when criminals leverage GPS and IP address information to falsify their location in an attempt to cloak or conceal the fraudster’s identity. This is sometimes called location spoofing. It’s designed to use the location data you rely on for fraud detection against your own system.
Location spoofers can avoid geolocation fraud detection by:
- Using a virtual private network (VPN) or other proxy which can conceal the fraudster’s location via a remote operating system.
- Engaging in app tampering, allowing them to insert false code into open apps and conceal their activity.
- Adopting emulators and instrumentation tools used by app developers to troubleshoot glitches from a remote location.
- Using GPS spoofing apps that make it very easy for fraudsters to spoof their location on a given network.
Other Problems With Geolocation
Of course, location spoofing isn’t the only shortcoming here. There’s also the threat posed by false positives.
Consider the example we looked at earlier. A buyer makes a purchase in Copenhagen, but the cardholder’s billing information places them in Portland. Sounds like a clear-cut case of fraud, right?
That might have been the case in an earlier era. With the level of sophistication we see in today’s eCommerce, especially in the mobile commerce space, it’s not uncommon for a buyer to be on the opposite side of the world from their home and still make purchases. If you reject orders solely because of geolocation data, you could be turning away countless legitimate customers.
Remember: no technological advance is perfect. No matter how sophisticated the technology, there will always be someone who figures out how to manipulate it for their own gain.
Even despite these shortcomings, geolocation is still an incredibly powerful tool. To get the most out of it, though, you need to incorporate it into a larger fraud prevention strategy.
Adopting a Smarter Approach to Fraud Prevention
The trick here is to outsmart the crooks. When used in conjunction with other fraud prevention software, geolocation can be a crucial element in your anti-fraud plan. We recommend a multilayer fraud prevention strategy, including (but no limited to):
- AVS (Address Verification Services)
- CVV (Card Verification Value)
- Two-Step Verification
- Velocity Limits
- Fraud Blacklists
Alone, any one of these anti-fraud tools might be defeated by a cunning criminal. In combination, however, they are very difficult to overcome. For instance, a location spoofer might be able to bypass AVS and CVV verification. However, they're less likely to succeed if they also have to contend with velocity limits and two-step verification.
When you can draw on more data, you can create a more detailed and reliable profile of your buyer. This makes fraud decisioning more accurate. And, when you incorporate fraud scoring backed by machine learning technology, you build an even stronger firewall to deter fraudsters without hurting good customers.
Building a better fraud prevention plan means including as many failsafes as possible. Geolocation fraud detection is one facet of this plan.
No defense is impenetrable. However, it’s possible to defend yourself—and your clients—from fraud. You only need to have the right systems in place.
FAQs
How reliable is IP geolocation?
IP geolocation is generally reliable, but accuracy depends on the device and granularity of information requested. On the country level, IP geolocation is highly accurate, with success rates between 95% and 99%. On the state, regional, or provincial level, it is roughly 55% to 80% accurate. At the city or local level, it is between 50% and 75% accurate.
What happens if a scammer has your IP address?
Scammers who capture your IP address can use it to access your device, frame you for illicit activities, impersonate you, send you spam, track your location, or ban you from certain websites. Fraudsters can also sell your IP address to an illegal data broker or use your IP address to conduct DDoS attacks.
What if IP address geolocation is wrong?
If IP address geolocation is wrong, it means that the location identified by the geolocation service is inaccurate. Outdated geolocation database information, poor geolocation technology, or the use of dynamic IP addresses, VPNs, or proxy servers can contribute to inaccurate results.
Is geolocation data high risk?
Yes. Geolocation data can be used to pinpoint a user’s location, and can be linked with other sensitive information, which by itself poses significant privacy concerns. The fact that geolocation data can fall into the wrong hands invites additional data security risks.
Can IP location be traced?
Yes. using geolocation technology, merchants, websites, government agencies, internet service providers, and even bad actors can use your device’s IP address to determine your location.
What makes an IP address suspicious?
IP addresses that are associated with malicious activity, such as sending spam, hosting malware, or engaging in bot activity are typically considered suspicious and may be flagged or blacklisted by certain websites.
