TrueIP proxy peer-through

Article by: Alisdair Faulkner, VP Products
Date: 29 May 2008
Last Update: 30th April 2008

The true IP address of the device originating a transaction can be revealed using TrueIP proxy peer-through technology.

A device performing fraudulent transactions may be indicated when multiple transactions occur from the same IP address with different customer or credit card details in a short period of time (account anomalies), or there is simply a high transaction velocity from that address. If a proxy is used it serves to hide the true IP address and location of the perpetrator.

Current fraud scrubbing technologies look for "first generation" open proxies being involved in the transaction. This type of open proxy is a standard proxy server listening on a well-known proxy port, which allows anonymous connections. Some are deliberately configured, while others are due to the misconfiguration of proxy servers that should be closed to anonymous connections. Knowledge of open proxies is used as a parameter in deciding the likelihood that a transaction is fraudulent. Of course these proxy servers are also used for purposes other than fraud, and not always illegal or undesirable purposes.

The new generation of private botnet proxies do not appear on public proxy lists and cannot be detected by the usual methods. This means that there is no way for fraud detection technology to detect that the IP address of the proxy is not the true IP address of the machine performing the transaction. A botnet operating many private proxies can perform many transactions at once, all perpetrated from the fraudster's device, but all appearing to be from different devices.

TrueIP is a proxy peer-through technology that is used to find the IP address of the fraudster behind the proxy, whether a traditional proxy or a botnet proxy. When TrueIP discovers that the true IP address is not the same as the apparent IP address, then this indicates a proxy is being used. When TrueIP is coupled with other transaction data and device fingerprinting, it may be that the same TrueIP address has been used via different proxies with unrelated account or credit card details, giving a high probability that all transactions from that device are fraudulent. This is fraud control through more effective identity verification.
Fraud Control Device Fingerprinting Solutions | Identity Theft & efraud Account Abuse Solutions for Social Media Communities | Identity Theft & efraud Account Compromise Solutions for Financial Services | Identity Theft & efraud Cheating Solutions for Media and Gaming | Identity Theft & efraud Phishing Account Compromise Solutions for Saas Enterprise | CNP Chargeback Prevention Credit Card Verification Solutions for High Risk Merchant | IPGeolocation Botnet Proxy Reputation | Online Identity Verification Alternative
ThreatMETRIX.com · Terms of Service · Privacy Policy · Sitemap · Contact Us
Copyright © 2007-2008 ThreatMETRIX