Cipher Soul
Junior Contributor
Regular Member
- Joined
- Mar 6, 2023
- Threads
- 11
- Post Replies
- 52
- Status
- away
- Last seen
In my last post, "Deep Dive," we reviewed VBV/Non-VBV Cards. With that concluded, the next step is to only dig into payment processors, gateways, and bank processing. I am delving into that information and its inner workings to the best of MY understanding. I'm always open to discussions, research points, or corrections. (I firmly believe I learn best by peer review and teaching)
This entire series is in honor of a GOAT genshing. That's why I'm providing generalized working information that is UP-TO-DATE for free.
Let's start by explaining the primary differences between Payment processors and gateways and how banks act between them.
Payment processors, gateways, and banks play different roles in the payment process. Payment processors are third-party services that process payments on behalf of merchants. They handle the transaction between the customer's and merchant's banks, ensuring the funds are transferred securely. On the other hand, payment gateways are the software that connects merchants' websites (or other sales channels) to payment processors. They securely transmit payment data from the customer to the payment processor for processing.
Banks play a crucial role in the payment process as well. They act as intermediaries between the payment processor and the merchant's bank. When a payment is made, the customer's bank sends the funds to the payment processor, which then sends the funds to the merchant's bank. Banks also perform fraud checks and other security measures to ensure the transaction is legitimate.
Payment processors and gateways are necessary for merchants to accept customer payments, while banks facilitate funds transfer between them.
As we build a strong foundation of knowledge on the fundamentals of banking and online purchases, we can gradually explore these topics and gain a more in-depth understanding of them.
Payment Gateways:
Payment gateways play a vital role in the payment process by securely transmitting payment data from the customer to the payment processor for processing. They act as a bridge between the merchant's website and the payment processor. Payment gateways collect sensitive payment information such as credit card details and personal details like customer name, address, email address, and phone number. They then encrypt this information and transmit it securely to the payment processor for further processing. Payment gateways work to prevent fraudulent transactions by using several security measures, such as AVS (Address Verification Service), CVV (Card Verification Value), and 3-D Secure.
Payment Processors:
Payment processors are third-party services that handle transactions between customers and merchant banks, ensuring that funds are transferred securely. Payment processors collect transaction data from payment gateways and transmit it to the customer's bank. They also handle refunds, chargebacks, and other payment-related issues. Payment processors typically gather/rely on information such as customer name, email address, phone number, billing address, and payment details. Payment processors use advanced fraud detection tools such as machine learning algorithms, velocity checks, and behavioral analysis to prevent fraud.
Banks: Banks act as intermediaries between the payment processor and the merchant's bank. When payments are made, the customer's bank sends the funds to the payment processor, which then sends the funds to the merchant's bank. Banks also perform fraud checks and other security measures to ensure the transaction is legitimate. Banks gather and verify information such as the customer's name, account number, routing number, and transaction details. They use anti-fraud measures such as two-factor authentication, biometric verification, and transaction monitoring to prevent fraudulent transactions.
In summary, payment gateways, processors, and banks play crucial roles in the payment process. They gather and transmit different types of information and use different anti-fraud measures to protect customers and merchants from fraudulent transactions. Working together, they ensure that payment transactions are secure, efficient, and convenient for everyone involved.
You may need clarification at this point. However, the information I am sharing with you is commonly available online and is known as "Clear net" information. The good news is that all of these security measures, except for their exact inner workings, are publicly available for further research. To save everyone's time and provide accurate information, I will list the primary factors that Payment Gateways, Processors, and Banks consider. You will notice that many of these factors are checked repeatedly in different ways throughout the process, which is why the fraud rates for credit cards have decreased more than ever in the last four years.
Below is a list of information that payment gateways gather and send to banks and payment processors ranked from most to least important in determining fraud:
1. Card Verification Value (CVV): A three or four-digit security code on the back of a credit or debit card that verifies the card's authenticity and helps prevent fraudulent transactions.
2. Address Verification Service (AVS): This system compares the billing/shipping address provided by the customer with the billing/shipping address on file with the credit or debit card issuing bank. If the two addresses do not match, they may indicate a fraudulent transaction.
3. Cardholder Name: The name of the person who owns the credit or debit card and is making the transaction. Payment gateways verify this information for accuracy.
4. Card Number: The 16-digit number on the front of a credit or debit card. Payment gateways send this information to payment processors and banks to ensure the card is valid and not stolen.
5. Expiration Date: Payment gateways verify the expiration date of the credit or debit card to ensure that it is still valid.
6. Billing Address: The address where the credit or debit card statement is sent. Payment gateways verify this information for accuracy.
7. Email Address: Payment gateways collect and send the customer's email address to payment processors and banks for communication and transaction verification.
8. Phone Number: Payment gateways collect and send the customer's phone number to payment processors and banks to assist with communication and transaction verification.
9. Payment Amount: The amount charged to the customer's credit or debit card. Payment gateways send this information to payment processors and banks to ensure the transaction is legitimate.
10. Merchant Name: The name of the business accepting the payment. Payment gateways send this information to payment processors and banks to ensure the transaction is legitimate.
While all of the above information is important in determining the accuracy of a transaction, the CVV and AVS are the most crucial in identifying potential fraudulent transactions. Payment gateways use various methods to verify this information, including machine learning algorithms, velocity checks, and behavioral analysis, to prevent fraudulent transactions and protect customers and merchants.
Below is a list of additional information (Decline triggers) that payment gateways collect and send, ranked from most to least important in determining fraud:
1. Unusual or Large Transactions
2. Card Tagging
3. Copy & Paste Credentials
4. Address Verification (Hand & Hand with IP Address)
5. IP Address
6. Shipping Address/Billing Address
7. System Clock and Time Zone
8. Connection Speed
9. Browser Fingerprinting
10. User-Agent
11. Cookies and Caches
12. HTTP Headers
13. Email Domain Authenticity and Age
14. Residential/Data-center/Spam RDP/Socks (Hand & Hand with IP)
15. Screen Size and Zoom
16. System Fonts
[List not perfectly ranked. Based on personal experiences and research. Very processor and bank dependent]
Here's a breakdown of each for more details.
1. Card Tagging: Payment gateways check whether the card has been tagged as fraudulent by the issuing bank or other payment processors.
2. IP Address: Payment gateways collect and send the IP address of the customer's device to payment processors and banks to verify the location of the transaction. (Upcoming: IP Fraud Score)
3. Unusual or Large Transactions: Payment gateways flag transactions significantly larger or different from the customer's usual spending patterns.
4. Browser Fingerprinting: Payment gateways collect and send data that identifies the unique characteristics of the customer's Browser, including its type, version, and installed plugins.
5. HTTP Headers: Payment gateways collect and send HTTP headers that contain additional information about the customer's device and Browser.
6. Operating System: Payment gateways collect and send the operating system of the customer's device.
7. User-Agent: Payment gateways collect and send the user-agent string of the customer's Browser.
8. Cookies and Caches: Payment gateways collect and send data stored in cookies and caches on the customer's device.
9. System Clock and Time Zone: Payment gateways collect and send data that identifies the time and time zone of the customer's device.
10. Connection Speed: Payment gateways check the connection speed of the customer's device, which can indicate the use of a proxy.
11. Address Verification: Payment gateways verify the customer's name, date of birth, social security number, and address with the issuing bank to ensure the transaction is legitimate.
12. Copy & Paste Credentials: Payment gateways flag transactions where the customer has copied and pasted their credentials, which may indicate fraudulent activity.
13. Screen Size and Zoom: Payment gateways collect and send data that identifies the screen size and zoom of the customer's device.
14. System Fonts: Payment gateways collect and send data identifying the system fonts used on the customer's device.
15. Email Domain Authenticity and Age: Payment gateways verify the authenticity and age of the customer's email domain. .edu domains are considered more trustworthy.
16. Residential/Data-center/Spam RDP/Socks: Payment gateways check the type of IP address used in the transaction to determine if it is residential, data-center, spam RDP, or socks.
17. Shipping Address/Billing Address: Payment gateways verify customers' shipping and billing addresses to ensure they match and are legitimate. Gathering and sending the above information helps payment processors and banks identify and prevent fraudulent transactions, protecting customers and merchants.
As you can understand from the above, something as simple as card tagging could quickly cause an issue and increase the Fraud Score by a large fraction. We'll discuss fraud scores next.
[Recap]
1. Differences in Payment gateways, processors, and banks
2. Anti-fraud systems used in each
3. What data is collected and sent between
A quick explanation of the fraud score allows us to understand better what payments are deemed fraudulent or legitimate. The above things (Which I've rated as most important to least necessary) have associated scores. The most straightforward format for this (And what most anti-fraud-related systems used to date) is a metric score. 1.0x is an average amount of fraud score generic to the actual user, <0.9x being patterns often only seen in legitimate purchases. >1.1x patterns/data typically seen in fraudulent transactions. Now. At the surface level, with that knowledge, we know anything above 1.0 indicates fraud and anything below is not. How do all these work together, though? That's where it comes down to the exact system, as BOA (Bank of America) and Chase Bank. They will have different rankings for all the data they care about and what Fraud Metric(*1) they're assigned. The same goes for each Payment processor.
Generalizing the rules above. We'll be able to get a TFM (Total fraud metric) to determine the likelihood of fraud in a linear sense. Again, this is only partially accurate. A 1.2x for location is a FAR harsher red flag than a 1.2x for HTTP Headers. Now, most Payment processors that SHOW data like this accurately adjust these so that more important ones will be a higher value regardless. But be careful when analyzing these systems yourself. (Stripe Radar is a great example. Even with the removal of their public metric data)
If you'd like to calculate a TFM. Take all the Fraud metrics and multiply them together over the base fraud score (Typically around 10-15. But can be up to 30 depending on Bank, BIN, Location, and User data)
Now, that method is not foolproof, as again. Things are weighted much higher in specific processes, and there is no (to my knowledge) accurate way to get a base fraud score other than reverse engineering a purchase where you've determined accurate metrics.
1. The Fraud Metric is a value associated with each piece of data or behavioral pattern and ranked independently by the Processor/Bank.
I want to clarify that the Fraud and IP Fraud scores are two entirely different subjects. I'll provide a short passage on IP Fraud score, What determines it, and why it matters.
Now, multiple factors play into IP Fraud scores alone (IPFS). As with Fraud Scores, we'll provide a list of major factors sorted below after the detailed overview.
Anything retaining the user's IP Address & Geo Location will be used to determine this score: VPN Usage, Geo spoofing, Emulators, IP Reputation... The List goes on below. The main takeaway here is IP Fraud scores are used at the FINAL stages of signups & FIRST stages of checkouts to validate the information before sending it off to banks and processors. This is NOT to say that Banks won't be notified about the attempt. It will just be sent with the information that it is likely fraudulent and (with rare exception) being declined.
Now. every fraud system has their own rules. And a majority of them are configurable. But I'll now give examples of points that could be added or deducted.
1. VPN Usage - [+10-20] VPNs have a noticeable and untrusted path. Often, an instant decline, if not high points
2. IP Blacklists - [+10-20] IP Blacklists are from known data breaches, new centers, or abnormal/past fraudulent traffic. You manually remove the IP by contacting the List. Though usually, it's time-based. (Often instantly declining as well)
3. IP Reputation—[+5-10] / [-0-5] This is based purely on transaction history, cards used, emails used, and frequency with the IP Address.
4. SSH Ports—[+5-10] Scans IP Addresses for suspicious open ports. Typically, it looks for one ML (Machine Learning) associated with the fraud.
5. Geo Spoofing - [+5] If IP & Location mismatch. While it's possible to happen even on legitimate purchases, it will lead to a slightly higher BFS (Base Fraud Score)
6. Location Risk - [+5-25] Certain countries and even states are commonly more fraudulent. Thus incurring a higher amount of authority
7. Emulators—[+10] If you're using any type of Browser or phone emulation and it's detected, it will increase your score; if not, it will prompt an instant decline.
Critical features of IP Analytics and fraud detection for them are as follows: This will help you summarize the IP Portion.
Geolocation: As we've previously seen, a legitimate IP address should reveal where the user is based worldwide. This is a basic feature, but it is still useful to see if it matches the card country or if the customer is traveling too fast.
Internet Service Provider: Finding out who the ISP is can help us determine whether the IP is residential, from a normal residential connection, public library, or web server/data center. The latter is particularly useful to know as they are often used by bots, VPN providers, and TOR exit nodes.
Open port scan: All proxies tend to have at least one open port, and so do computers functioning as servers. By performing a scan, we can measure how risky the situation appears. For instance, some proxy providers resell hacked SSH connections, where port 22 is usually open. A proxy detection service or proxy detection API can help.
Spam checklist scan: Two useful lists, DNSBL (Domain Name System Blackhole List) and RBL (Real-time Blackhole List), catalog IP addresses used for email spamming. If these IP addresses appear in the search results, we can suspect the operation is fraudulent.
Now, I could write a MUCH more in-depth dive (Its deep dive) into IP Analytics themselves. But we'll save that for another time as there is not much more relevant information. For now, let's close with a flow example of the process these services take to determine IPFS (IP Fraud Score)
An IP address points to China. A risk rule states that non-US IPs should add +5 points to the score.
The ISP points to a residential address. According to a second risk rule, this removes -2 points from the risk score.
An open port scan reveals a suspicious SSH connection. This adds +8 points to the risk score.
The total IP fraud score for this user is 11 (5-2+8=11). Your anti-fraud system can decide whether this score makes the user high, medium, or low risk based on your own thresholds. This all ties into Section 2 of our previous List. "IP Address" Along with its associated things. As you likely assume. These factors will often be heavily credited to your Fraud Metric. (Example: a 1.2 in IPFS Would be like a 4.0 in Connection Speed. Extremely High Risk)
Comprehending all the above is very important. We'll now dive into how this all interconnects. And the REAL process leading anti-fraud systems take to determine fraud with minimum redundancy and maximum effect.
Merchant Site begins tracking user behavior (Often by Gateway or site Anti-Fraud)
Merchant Sites and payment gateway gather user data and information for specific actions (e.g., Adding items to a cart, Creating accounts, Checking out, Confirming purchases, Typing details, etc.)
Data from Step 2 is fed into the Anti-Fraud system, Running it through Risk rules & evaluations. (Only runs data on specific events such as checkout or account creation)
The fraud value is then soft-determined, increasing and decreasing throughout the experience. It is finalized at checkout and sent with data and predicted score to the Payment processor and bank.
We've concluded by providing an in-depth grasp of payment processors, banks, gateways, and a few touches on merchant sites, Anti-fraud, and IP anti-fraud.
I'm delighted to provide an informative read that has (hopefully) motivated you to explore further. You should conduct your research and gather more information. Please do not hesitate to ask for references for your search.
Next topics.
Counterintelligence, Spoofing, and Fooling Anti-Fraud
Anti-Fraud Decline Triggers & IP Fraud Score
Stripe Radar Deep Dive (STILL RESEARCHING)
[ IF THERE IS ANYTHING ELSE YOU'D LIKE A DIVE INTO. LET ME KNOW BELOW ]
Comment on whether you'd understand Decline triggers*1) like Email authentication or Countermeasures fraudsters use to bypass.
Eventually, I'd like to begin including images and videos on some of these to detail outflow patterns and other aspects of how systems work.
As always, if this post helped improve your knowledge or taught you something new, spread it around and drop a +1 Score for more. Not only does it help spread this post, It allows me to gauge topics of interest and if this is worth pursuing in the modern dread culture.
This entire series is in honor of a GOAT genshing. That's why I'm providing generalized working information that is UP-TO-DATE for free.
Let's start by explaining the primary differences between Payment processors and gateways and how banks act between them.
Payment processors, gateways, and banks play different roles in the payment process. Payment processors are third-party services that process payments on behalf of merchants. They handle the transaction between the customer's and merchant's banks, ensuring the funds are transferred securely. On the other hand, payment gateways are the software that connects merchants' websites (or other sales channels) to payment processors. They securely transmit payment data from the customer to the payment processor for processing.
Banks play a crucial role in the payment process as well. They act as intermediaries between the payment processor and the merchant's bank. When a payment is made, the customer's bank sends the funds to the payment processor, which then sends the funds to the merchant's bank. Banks also perform fraud checks and other security measures to ensure the transaction is legitimate.
Payment processors and gateways are necessary for merchants to accept customer payments, while banks facilitate funds transfer between them.
As we build a strong foundation of knowledge on the fundamentals of banking and online purchases, we can gradually explore these topics and gain a more in-depth understanding of them.
Payment Gateways:
Payment gateways play a vital role in the payment process by securely transmitting payment data from the customer to the payment processor for processing. They act as a bridge between the merchant's website and the payment processor. Payment gateways collect sensitive payment information such as credit card details and personal details like customer name, address, email address, and phone number. They then encrypt this information and transmit it securely to the payment processor for further processing. Payment gateways work to prevent fraudulent transactions by using several security measures, such as AVS (Address Verification Service), CVV (Card Verification Value), and 3-D Secure.
Payment Processors:
Payment processors are third-party services that handle transactions between customers and merchant banks, ensuring that funds are transferred securely. Payment processors collect transaction data from payment gateways and transmit it to the customer's bank. They also handle refunds, chargebacks, and other payment-related issues. Payment processors typically gather/rely on information such as customer name, email address, phone number, billing address, and payment details. Payment processors use advanced fraud detection tools such as machine learning algorithms, velocity checks, and behavioral analysis to prevent fraud.
Banks: Banks act as intermediaries between the payment processor and the merchant's bank. When payments are made, the customer's bank sends the funds to the payment processor, which then sends the funds to the merchant's bank. Banks also perform fraud checks and other security measures to ensure the transaction is legitimate. Banks gather and verify information such as the customer's name, account number, routing number, and transaction details. They use anti-fraud measures such as two-factor authentication, biometric verification, and transaction monitoring to prevent fraudulent transactions.
In summary, payment gateways, processors, and banks play crucial roles in the payment process. They gather and transmit different types of information and use different anti-fraud measures to protect customers and merchants from fraudulent transactions. Working together, they ensure that payment transactions are secure, efficient, and convenient for everyone involved.
You may need clarification at this point. However, the information I am sharing with you is commonly available online and is known as "Clear net" information. The good news is that all of these security measures, except for their exact inner workings, are publicly available for further research. To save everyone's time and provide accurate information, I will list the primary factors that Payment Gateways, Processors, and Banks consider. You will notice that many of these factors are checked repeatedly in different ways throughout the process, which is why the fraud rates for credit cards have decreased more than ever in the last four years.
Below is a list of information that payment gateways gather and send to banks and payment processors ranked from most to least important in determining fraud:
1. Card Verification Value (CVV): A three or four-digit security code on the back of a credit or debit card that verifies the card's authenticity and helps prevent fraudulent transactions.
2. Address Verification Service (AVS): This system compares the billing/shipping address provided by the customer with the billing/shipping address on file with the credit or debit card issuing bank. If the two addresses do not match, they may indicate a fraudulent transaction.
3. Cardholder Name: The name of the person who owns the credit or debit card and is making the transaction. Payment gateways verify this information for accuracy.
4. Card Number: The 16-digit number on the front of a credit or debit card. Payment gateways send this information to payment processors and banks to ensure the card is valid and not stolen.
5. Expiration Date: Payment gateways verify the expiration date of the credit or debit card to ensure that it is still valid.
6. Billing Address: The address where the credit or debit card statement is sent. Payment gateways verify this information for accuracy.
7. Email Address: Payment gateways collect and send the customer's email address to payment processors and banks for communication and transaction verification.
8. Phone Number: Payment gateways collect and send the customer's phone number to payment processors and banks to assist with communication and transaction verification.
9. Payment Amount: The amount charged to the customer's credit or debit card. Payment gateways send this information to payment processors and banks to ensure the transaction is legitimate.
10. Merchant Name: The name of the business accepting the payment. Payment gateways send this information to payment processors and banks to ensure the transaction is legitimate.
While all of the above information is important in determining the accuracy of a transaction, the CVV and AVS are the most crucial in identifying potential fraudulent transactions. Payment gateways use various methods to verify this information, including machine learning algorithms, velocity checks, and behavioral analysis, to prevent fraudulent transactions and protect customers and merchants.
Below is a list of additional information (Decline triggers) that payment gateways collect and send, ranked from most to least important in determining fraud:
1. Unusual or Large Transactions
2. Card Tagging
3. Copy & Paste Credentials
4. Address Verification (Hand & Hand with IP Address)
5. IP Address
6. Shipping Address/Billing Address
7. System Clock and Time Zone
8. Connection Speed
9. Browser Fingerprinting
10. User-Agent
11. Cookies and Caches
12. HTTP Headers
13. Email Domain Authenticity and Age
14. Residential/Data-center/Spam RDP/Socks (Hand & Hand with IP)
15. Screen Size and Zoom
16. System Fonts
[List not perfectly ranked. Based on personal experiences and research. Very processor and bank dependent]
Here's a breakdown of each for more details.
1. Card Tagging: Payment gateways check whether the card has been tagged as fraudulent by the issuing bank or other payment processors.
2. IP Address: Payment gateways collect and send the IP address of the customer's device to payment processors and banks to verify the location of the transaction. (Upcoming: IP Fraud Score)
3. Unusual or Large Transactions: Payment gateways flag transactions significantly larger or different from the customer's usual spending patterns.
4. Browser Fingerprinting: Payment gateways collect and send data that identifies the unique characteristics of the customer's Browser, including its type, version, and installed plugins.
5. HTTP Headers: Payment gateways collect and send HTTP headers that contain additional information about the customer's device and Browser.
6. Operating System: Payment gateways collect and send the operating system of the customer's device.
7. User-Agent: Payment gateways collect and send the user-agent string of the customer's Browser.
8. Cookies and Caches: Payment gateways collect and send data stored in cookies and caches on the customer's device.
9. System Clock and Time Zone: Payment gateways collect and send data that identifies the time and time zone of the customer's device.
10. Connection Speed: Payment gateways check the connection speed of the customer's device, which can indicate the use of a proxy.
11. Address Verification: Payment gateways verify the customer's name, date of birth, social security number, and address with the issuing bank to ensure the transaction is legitimate.
12. Copy & Paste Credentials: Payment gateways flag transactions where the customer has copied and pasted their credentials, which may indicate fraudulent activity.
13. Screen Size and Zoom: Payment gateways collect and send data that identifies the screen size and zoom of the customer's device.
14. System Fonts: Payment gateways collect and send data identifying the system fonts used on the customer's device.
15. Email Domain Authenticity and Age: Payment gateways verify the authenticity and age of the customer's email domain. .edu domains are considered more trustworthy.
16. Residential/Data-center/Spam RDP/Socks: Payment gateways check the type of IP address used in the transaction to determine if it is residential, data-center, spam RDP, or socks.
17. Shipping Address/Billing Address: Payment gateways verify customers' shipping and billing addresses to ensure they match and are legitimate. Gathering and sending the above information helps payment processors and banks identify and prevent fraudulent transactions, protecting customers and merchants.
As you can understand from the above, something as simple as card tagging could quickly cause an issue and increase the Fraud Score by a large fraction. We'll discuss fraud scores next.
[Recap]
1. Differences in Payment gateways, processors, and banks
2. Anti-fraud systems used in each
3. What data is collected and sent between
A quick explanation of the fraud score allows us to understand better what payments are deemed fraudulent or legitimate. The above things (Which I've rated as most important to least necessary) have associated scores. The most straightforward format for this (And what most anti-fraud-related systems used to date) is a metric score. 1.0x is an average amount of fraud score generic to the actual user, <0.9x being patterns often only seen in legitimate purchases. >1.1x patterns/data typically seen in fraudulent transactions. Now. At the surface level, with that knowledge, we know anything above 1.0 indicates fraud and anything below is not. How do all these work together, though? That's where it comes down to the exact system, as BOA (Bank of America) and Chase Bank. They will have different rankings for all the data they care about and what Fraud Metric(*1) they're assigned. The same goes for each Payment processor.
Generalizing the rules above. We'll be able to get a TFM (Total fraud metric) to determine the likelihood of fraud in a linear sense. Again, this is only partially accurate. A 1.2x for location is a FAR harsher red flag than a 1.2x for HTTP Headers. Now, most Payment processors that SHOW data like this accurately adjust these so that more important ones will be a higher value regardless. But be careful when analyzing these systems yourself. (Stripe Radar is a great example. Even with the removal of their public metric data)
If you'd like to calculate a TFM. Take all the Fraud metrics and multiply them together over the base fraud score (Typically around 10-15. But can be up to 30 depending on Bank, BIN, Location, and User data)
Now, that method is not foolproof, as again. Things are weighted much higher in specific processes, and there is no (to my knowledge) accurate way to get a base fraud score other than reverse engineering a purchase where you've determined accurate metrics.
1. The Fraud Metric is a value associated with each piece of data or behavioral pattern and ranked independently by the Processor/Bank.
I want to clarify that the Fraud and IP Fraud scores are two entirely different subjects. I'll provide a short passage on IP Fraud score, What determines it, and why it matters.
Now, multiple factors play into IP Fraud scores alone (IPFS). As with Fraud Scores, we'll provide a list of major factors sorted below after the detailed overview.
Anything retaining the user's IP Address & Geo Location will be used to determine this score: VPN Usage, Geo spoofing, Emulators, IP Reputation... The List goes on below. The main takeaway here is IP Fraud scores are used at the FINAL stages of signups & FIRST stages of checkouts to validate the information before sending it off to banks and processors. This is NOT to say that Banks won't be notified about the attempt. It will just be sent with the information that it is likely fraudulent and (with rare exception) being declined.
Now. every fraud system has their own rules. And a majority of them are configurable. But I'll now give examples of points that could be added or deducted.
1. VPN Usage - [+10-20] VPNs have a noticeable and untrusted path. Often, an instant decline, if not high points
2. IP Blacklists - [+10-20] IP Blacklists are from known data breaches, new centers, or abnormal/past fraudulent traffic. You manually remove the IP by contacting the List. Though usually, it's time-based. (Often instantly declining as well)
3. IP Reputation—[+5-10] / [-0-5] This is based purely on transaction history, cards used, emails used, and frequency with the IP Address.
4. SSH Ports—[+5-10] Scans IP Addresses for suspicious open ports. Typically, it looks for one ML (Machine Learning) associated with the fraud.
5. Geo Spoofing - [+5] If IP & Location mismatch. While it's possible to happen even on legitimate purchases, it will lead to a slightly higher BFS (Base Fraud Score)
6. Location Risk - [+5-25] Certain countries and even states are commonly more fraudulent. Thus incurring a higher amount of authority
7. Emulators—[+10] If you're using any type of Browser or phone emulation and it's detected, it will increase your score; if not, it will prompt an instant decline.
Critical features of IP Analytics and fraud detection for them are as follows: This will help you summarize the IP Portion.
Geolocation: As we've previously seen, a legitimate IP address should reveal where the user is based worldwide. This is a basic feature, but it is still useful to see if it matches the card country or if the customer is traveling too fast.
Internet Service Provider: Finding out who the ISP is can help us determine whether the IP is residential, from a normal residential connection, public library, or web server/data center. The latter is particularly useful to know as they are often used by bots, VPN providers, and TOR exit nodes.
Open port scan: All proxies tend to have at least one open port, and so do computers functioning as servers. By performing a scan, we can measure how risky the situation appears. For instance, some proxy providers resell hacked SSH connections, where port 22 is usually open. A proxy detection service or proxy detection API can help.
Spam checklist scan: Two useful lists, DNSBL (Domain Name System Blackhole List) and RBL (Real-time Blackhole List), catalog IP addresses used for email spamming. If these IP addresses appear in the search results, we can suspect the operation is fraudulent.
Now, I could write a MUCH more in-depth dive (Its deep dive) into IP Analytics themselves. But we'll save that for another time as there is not much more relevant information. For now, let's close with a flow example of the process these services take to determine IPFS (IP Fraud Score)
An IP address points to China. A risk rule states that non-US IPs should add +5 points to the score.
The ISP points to a residential address. According to a second risk rule, this removes -2 points from the risk score.
An open port scan reveals a suspicious SSH connection. This adds +8 points to the risk score.
The total IP fraud score for this user is 11 (5-2+8=11). Your anti-fraud system can decide whether this score makes the user high, medium, or low risk based on your own thresholds. This all ties into Section 2 of our previous List. "IP Address" Along with its associated things. As you likely assume. These factors will often be heavily credited to your Fraud Metric. (Example: a 1.2 in IPFS Would be like a 4.0 in Connection Speed. Extremely High Risk)
Comprehending all the above is very important. We'll now dive into how this all interconnects. And the REAL process leading anti-fraud systems take to determine fraud with minimum redundancy and maximum effect.
Merchant Site begins tracking user behavior (Often by Gateway or site Anti-Fraud)
Merchant Sites and payment gateway gather user data and information for specific actions (e.g., Adding items to a cart, Creating accounts, Checking out, Confirming purchases, Typing details, etc.)
Data from Step 2 is fed into the Anti-Fraud system, Running it through Risk rules & evaluations. (Only runs data on specific events such as checkout or account creation)
The fraud value is then soft-determined, increasing and decreasing throughout the experience. It is finalized at checkout and sent with data and predicted score to the Payment processor and bank.
We've concluded by providing an in-depth grasp of payment processors, banks, gateways, and a few touches on merchant sites, Anti-fraud, and IP anti-fraud.
I'm delighted to provide an informative read that has (hopefully) motivated you to explore further. You should conduct your research and gather more information. Please do not hesitate to ask for references for your search.
Next topics.
Counterintelligence, Spoofing, and Fooling Anti-Fraud
Anti-Fraud Decline Triggers & IP Fraud Score
Stripe Radar Deep Dive (STILL RESEARCHING)
[ IF THERE IS ANYTHING ELSE YOU'D LIKE A DIVE INTO. LET ME KNOW BELOW ]
Comment on whether you'd understand Decline triggers*1) like Email authentication or Countermeasures fraudsters use to bypass.
Eventually, I'd like to begin including images and videos on some of these to detail outflow patterns and other aspects of how systems work.
As always, if this post helped improve your knowledge or taught you something new, spread it around and drop a +1 Score for more. Not only does it help spread this post, It allows me to gauge topics of interest and if this is worth pursuing in the modern dread culture.