Poke Holes in Fraud with Proxy Piercing
If a customer walked into a retail store wearing a trench coat, hat, and fake mustache, you’d realize immediately they were trying to disguise themselves and were probably up to no good. On the web, the digital equivalent of an obvious disguise isn’t as easy to detect.
Fraudsters often use proxy servers to conceal their identity and location, making it harder for merchants to spot the red flags that indicate fraud. Tools that “pierce” through the concealment of a proxy server can keep merchants safer from deceptive fraudsters. What is proxy piercing, and how can it help merchants detect and avoid fraud?
Merchants are liable for card-not-present fraud and cannot successfully fight and reverse these chargebacks through the representment process.
The only thing you can do is try your best to prevent them from happening in the first place, which means that having an effective anti-fraud strategy is an integral part of chargeback management.
When you examine the details of a transaction closely, there are often telltale signs that give fraudsters away. For instance, there are countries that are statistically more likely to be sources of fraud, and if you don’t have a marketing presence in those countries, it makes sense to closely scrutinize new customers that originate from them. Many anti-fraud tools automate this process, running transactions through an algorithm that assigns points for every likely fraud indicator. Low-scoring transactions are allowed to proceed, but high-scoring ones are held back for manual review.
Fraudsters are well aware of these tools and take pains to conceal the transaction data that might reveal their nefarious intentions. Proxy piercing tools can give merchants a way to see through these digital attempts at disguise.
What Is Proxy Piercing?
Proxy piercing refers to methods of detecting whether or not a particular internet user is using a proxy server that masks their IP address, geolocation, and other identifying details. Basic proxy piercing tools will only tell you if a proxy server is being used; more sophisticated versions may be able to give you the true IP address and location of the user behind the proxy.
The use of a proxy server has a high correlation with fraud, but there are customers who will use proxy servers for harmless, non-fraudulent purposes.
To properly evaluate proxy server usage in the light of other present or absent fraud indicators, it helps to understand the legitimate uses for proxy servers—as well as the reasons why they are so appealing to fraudsters.
How Do Proxy Servers Work?
A proxy server is an internet-connected server that acts as a go-between for its users and the wider internet. Normally, when you connect to the internet, you can be identified by your IP address, which can reveal your internet service provider and geolocation, among other unique details. When you connect through a proxy server, the websites you visit see the proxy’s IP address and related information instead.
There are two main types of proxy servers: data center proxies, which show the IP address belonging to the proxy service provider, and residential proxies, which give their users IP addresses that look like they belong to ordinary, unremarkable residential ISP customers.
Many honest, law-abiding consumers use proxy servers to protect their privacy online. Proxy servers can also be used to get around firewalls and region blocks to access protected web content.
Why Do Fraudsters Use Proxy Servers?
Fraudsters use proxy servers to make themselves anonymous and untraceable. While it’s rare for cybercriminals to face actual prosecution for credit card fraud, it is possible, and IP addresses can often be traced back to specific individual users.
To obtain the identity of a proxy server user, law enforcement would have to serve an official request to the proxy service provider, and many of them are located in other countries and can shrug off most such requests without consequence.
Proxies also help fraudsters get around merchants’ anti-fraud protections. Merchants will often configure fraud filters so that they flag orders for review if they come from countries with high fraud rates. Fraudsters in these countries can use proxies to make it look like they’re ordinary domestic customers.
Other common signs of fraud are when you see different customer accounts or payment cards using the same IP address, or when you get multiple transactions from the same IP address in a short amount of time—the latter is a classic sign of card testing fraud. Fraudsters can use proxy services to present a different IP address with each transaction, making it appear to the merchant as if these transactions are coming from multiple unique users rather than a single individual.
How Can Proxy Piercing Protect Merchants from Fraud?
A proxy piercing tool should be able to tell you if a customer is hiding behind a proxy server. Some tools may even be able to provide you with their real IP address. This is useful information, and if you are using fraud filters that employ scoring mechanisms, this allows you to add the appropriate amount of points for proxy usage with confidence. It will also enable you to score their geolocation accurately.
However, if your fraud filters assume that proxies automatically mean fraud, you can expect to receive a high number of false positives—and a lot of frustrated customers. There are valid reasons for consumers to use proxy servers, so you should always look for other fraud indicators before blocking a customer based on this one red flag.
Online fraud is a challenging, ever-evolving problem for merchants. Fraud ties directly into your chargeback rate and can cause both your revenue and your reputation to suffer. Learning how to recognize fraud is the first step toward preventing it, but there’s no single foolproof indicator you can always rely on.
One good way to get better at detecting fraud is to analyze your chargeback data and learn as much as you can about the fraudsters who have targeted you in the past, where they come from, and what methods they used. This will let you configure your anti-fraud tools with greater precision, resulting in more accurate detection rates and fewer false positives. Proxy servers may be an important clue, but they can’t tell you the whole story.