What is an IP fraud score & how does it help mitigate payment fraud?
The growth in online sales poses a greater risk of online fraud—including payment fraud—and financial losses. Ecommerce losses due to online payment fraud were estimated at $41 billion globally in 2022, up from $20 billion in 2021. It's expected those losses will hit $48 billion in 2023.
To add further risk, bad actors constantly look for new and better ways to commit payment fraud. Organizations must ensure they leverage the right fraud prevention tools to protect themselves against these bad actors.
One tool companies can use to mitigate payment fraud is by using IP fraud scores. Here we look at:
- What is an IP fraud score
- How does IP fraud scoring work
- The benefits of using IP scoring
- The limitations of IP scoring
- How to use IP scoring as part of a broader fraud mitigation strategy
What is an IP fraud score?
An IP fraud score indicates the quality and reliability of an internet protocol (IP) address. A business can use fraud detection tools to analyze an IP address to identify risk factors (e.g., whether the IP address has been anonymized or spoofed) and assign scores to the IP address based on those risk factors.
The scores range from 0-100; the higher the score, the more likely the IP address is connected to malicious behavior or belongs to an abusive user. IP fraud scores minimize the risk of threat actors entering a company's website.
An IP fraud score differs from an IP reputation score, used by an email service provider to ensure that a company's emails come from a legitimate IP address. The lower the IP reputation score, the more likely the service provider will send the company's emails to the recipient's spam folders rather than deliver them to their inboxes.
How does IP fraud scoring work?
Businesses can use IP fraud scoring tools to identify ecommerce fraudsters who repeatedly commit malicious acts on the same devices or computers. However, different fraud detection tools will use different criteria to analyze IP addresses and produce fraud scores.
Generally, IP fraud scoring software helps organizations identify serial threat actors by detecting IP addresses linked to fraud in the past, using such signals as:
- Their locations and whether those locations match the countries where the payment cards are registered.
- Whether the individuals performing the ecommerce transactions are using virtual private networks (VPNs) to disguise their actual locations.
- The internet service provider (ISP). Identifying the ISP can determine whether the IP address connects to a residential source or a public internet service, such as those found at libraries or coffee shops. This is particularly useful since most fraudsters use public ISPs.
Depending on the IP fraud score, fraud scoring tools should enable companies to allow, deny, or restrict website access automatically.
Using IP address lookup to prevent online payment fraud
The cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research. And as fraudsters continue to employ more sophisticated techniques to commit online payment fraud, it becomes even more difficult for organizations to prevent and detect that fraud.
However, businesses can use IP address data as one factor in risk scoring to help them more accurately identify and prevent fraud and make better decisions about when they should deny risky transactions.
In addition, companies can use IP address lookup to prevent chargeback fraud, which is when a legitimate customer contacts their card issuer to charge back a card purchase. These individuals claim that they never received their purchase, their item was defective, or they never made the transaction in the first place. The consumer is then able to keep the item without paying for it. Using IP address lookup helps businesses minimize revenue lost to payment fraud.
There are some other ways organizations can use IP address lookup to prevent fraudulent activity beyond payments, such as preventing cybercriminals from hijacking customer accounts on their websites.
Learn more: what is a chargeback?
Pros of using an IP analysis to prevent payment fraud
Performing an IP address analysis is a most common technique businesses use to prevent payment fraud. It enables them to gain insight into their customers, including where they are located and whether they're looking to harm an organization.
Companies can use IP analysis tools to look up IP addresses and quickly identify whether they're connected with proxy servers, VPN services, or public networks. This could indicate that the individuals making transactions are not legitimate customers but fraudsters.
While it's true that these tools build a strong foundation for fraud intelligence because they are easy to implement, frictionless, and offer results in real-time, they're not enough on their own.
For example, while a bad actor might be using an IP address associated with a public library to remain anonymous and mask their nefarious intent, the user could be a legitimate customer using a computer in the library to purchase because their home internet is down. As such, anonymity doesn't always mean that the user is a threat actor; however, it is a warning sign to businesses that they must conduct further investigation into the transaction.
Limitations of using an IP analysis
While companies can learn a lot about users from their IP addresses, analyzing those addresses doesn't help organizations determine whether users are fraudsters or legitimate customers. IP addresses alone don't provide enough data to create precise IP fraud scores that businesses can rely on.
Consequently, businesses must consider the data gathered about users from analyzing their IP addresses and other factors to get the clearest picture possible about users flagged as potential threat actors.
Those factors include reviewing historical fraud data, which can help to determine which anonymizing services carry the highest fraud risk for their organizations. This enables companies to detect fraud more accurately and make better decisions about when they should deny risky payment transactions. Companies should also consider information about the devices individuals are using, transaction velocity, and user behaviors.
Does Checkout.com’s fraud tool utilize IP analysis to detect fraud?
Yes, Fraud Detection Pro includes a check on IP addresses; however, our machine-learning model factors in multiple attributes in addition to IP (email, payment information, devices, and much more). Since we don't produce IP fraud scores based solely on IP addresses, we avoid the limitations of just using IP analysis.
Read more: A guide to fraud analytics
More about Checkout.com’s fraud scoring
Fraud Detection Pro allows organizations to customize their fraud solutions to meet the unique requirements of their businesses. Doing so enables them to make smarter decisions based on billions of data points, not just the data gleaned from analyzing users' IP addresses.
Fraud Detection Pro generates a single risk score using a machine learning model trained on billions of transactions worldwide. Merchants can then set rules based on this score and their risk appetite (approve, decline, or send for additional 3DS authentication).
You can find out more about our Fraud Detection Pro tool and our approach to fraud scoring here.