Internet marketing resources, ecommerce web site design tutorials and  just for fun - free cell phone ringtones!
  Taming the Beast - quality web marketing and ecommerce development services

IP spoofing and fraud screening

Posted by Michael Bloch in ecommerce (Wednesday February 13, 2008 )

IP Spoofing is a major challenge for merchants screening for fraud – one without an easy solution, since it’s possible due to a flaw in design of the protocol upon which the Internet operates.

One of the tools used by many merchants in screening for fraud is checking the IP address of the person who made the purchase against their address. This is typically found on the merchant receipt from your card processing service.

An IP address (Internet Protocol address) is a unique set of 4 numbers identifying a computer when connected to the web. A trace can be run on an IP to see where the person was located. A good tool for running IP traces can be found at Geobytes.

If you receive an order from someone with a billing/shipping address of Texas, USA, yet the IP traces back to Vietnam; it’s a good indication that the order is likely fraud. While people do travel around and make purchases from locations other than their billing address, if it’s the other side of the country, or another country altogether; that should send up all sorts of warning flags.

However, using just the IP to determine the legitimacy of a transaction is risky. The problem is when the fraudster uses IP spoofing – being able to relay a false IP address. Lately I’ve been seeing increasing numbers of fraudsters getting this down to a fine art – spoofing an IP not only in the same country and state, but in the same city as the cardholder.

It makes fraud screening all that much time intensive, sometimes I’ve needed to dig around for quite a while to locate the evidence needed to be confident in zapping a transaction or allowing it through.

With chargebacks costing a merchant usually around 30 bucks a pop, it’s really important to have a solid fraud screening process in place. Screening should be approached holistically, not relying on a single indicator to determine yay or nay on a transaction.

For some fraud screening tips, see my article – Preventing credit card fraud – strategies for minimizing chargebacks


Comments for IP spoofing and fraud screening

No comments yet.

Sorry, the comment form is closed at this time.