How Merchants Can Use Proxy Piercing to Help Prevent Fraud
As an eCommerce merchant, you don't typically see your customers. So, when you’re taking online orders, you can't really know for certain that the buyer is an authorized cardholder. In fact, because the internet is all about anonymity, you may not even know if the “buyer” is a human being at all.
Unfortunately, fraudsters know all of this, and they use it to their advantage. The longer they remain anonymous, the more fraud they can get away with. One of the ways they accomplish this is by using proxy servers, which make it seem like their activities are coming from someone else.
Fortunately, there are technologies you can use to fight back. One such tool is proxy piercing. In this post, we’ll talk about proxies, plus look at the role a proxy piercing solution may have in your overall fraud management strategy.
Recommended reading
- What is 3-D Secure? Fraud Prevention Solution Explained
- What are Velocity Checks? How Do They Stop Fraud Attacks?
- ECI Indicators: How to Understand 3DS Response Codes
- Visa Secure: What This Tool Does & How to Get Started
- Account Takeover Protection: Best Practices for Businesses
- How Digital Risk Protection Protocols Keep You Safe
What is a Proxy Server?
To understand proxy piercing, we first need to examine what a proxy server is.
Anytime a device is used online, an IP (internet protocol) address ties that device to the user’s online activity. However, you can use an intermediary—or “proxy”—server, which has its own separate IP address. The proxy server talks to other parties on your behalf, while your identity remains hidden.
There are many different types of proxies. For our purposes, we’ll focus on two in particular: data center proxies, and residential proxies. A data center proxy simply uses the IP address of the host server. Residential proxies, on the other hand, use actual residential IP addresses, making them look more like real consumers.
Data Center Proxy
The user accesses a website through a proxy. The website owner sees the IP address belonging to the data center, while the user’s IP address remains hidden.
Residential Proxy
The user accesses a website with an IP address that belongs to an actual residence. The site will typically recognize the IP data as a residence, and therefore see it as more legitimate.
For obvious reasons, an IP address originating from a home connection seems safer than one coming from an anonymous host. That's why savvy fraudsters usually favor residential proxies.
How Do Fraudsters Use Proxy Servers?
Fraudsters love using proxy servers because it keeps you from knowing who they are. Your having that information won’t stop them, but it can make their job more difficult.
For example, account takeover, card testing, and other online fraud techniques depend on repetitive testing of stolen card data. By using a proxy server, fraudsters can bypass prevention methods designed to detect repeated failed login attempts. They can also quickly switch between multiple proxies to make repetitive orders appear to come from different IP addresses.
As of this writing, the top ten geolocations for internet scamming are Mexico, Ukraine, Hungary, Malaysia, Colombia, Romania, Philippines, Greece, Brazil, and China.
Fraudsters also understand the value of spoofing their IP geolocation information to mask the transaction’s origin. Some regions generate so many fraud transactions that all orders from there are considered inherently risky. Using a proxy server can let users bypass this.
Finally, fraudsters can set up multiple addresses on different proxies and use them to commit affiliate fraud. Rapidly switching between addresses allows them to rapidly click on ads over and over and receive unearned income.
What Is Proxy Piercing?
- Proxy piercing
Proxy piercing is a technology that enables hosts to determine whether a customer is attempting to mask their IP address by using a proxy server.
[noun]/* prôk • sē • pir • sing/
It’s a fancy term, but the definition of proxy piercing is pretty straight-forward. Using proxy piercing simply means you’re checking to see if a buyer is using a third-party server to mask their identity. This involves a small test that typically happens in the background, unobserved by the user.
There are legitimate reasons for using a proxy, such as protecting sensitive data or defending against malware. There could also be very good reasons why a user might want to keep their location and identity secure from outside parties.
Using a proxy server can indicate fraud…but it’s not a sure thing.
We can help you create a more effective overall strategy to stop fraud attacks.
Of course, the same things that make proxies legitimately useful also make them an excellent tool for fraud. Criminals can use a proxy server to hide their activity from you. This is why proxy piercing tools exist in the first place.
The most basic detection programs can tell you that a proxy is being used. They won’t reveal the user’s actual IP address, though. More sophisticated programs may be able to “pierce” the veil of the proxy server, providing the user’s original IP address and even their physical location.
How Does Proxy Piercing Work?
The goal of proxy piercing is to flush out fraudsters who use some kind of intermediary to hide their identity. It works by deploying a small bit of code on the user’s device to determine if the real IP address matches the one being used in the transaction.
Most detection efforts kick in when the user connects to your website. The technology immediately attempts to analyze where the connection is coming from. If a proxy is detected, the program can ban the server’s IP address, blocking any current or future interaction. That’s the easiest route.
However, detecting a proxy doesn’t always give you the whole story. You could easily end up rejecting legitimate buyers due to false positives.
It makes more sense to review the situation using more than just the originating IP address. For example, you could check the customer’s purchasing history, location of the order, and whether the order used a data center proxy or a residential proxy. These may all play a role in deciding if the user is a bad actor.
How Effective Is Proxy Piercing?
Proxy piercing does work. It’s relatively easy for a skilled fraudster to get around it, though.
The utility of knowing an IP address is limited because IP addresses are usually temporary. They’re not like a phone number, which can only be assigned to one phone. Most residential IPs are dynamic, meaning they can change, sometimes within hours (and sometimes not for years).
In other words, an IP address you put on your blacklist may or may not be tied to a completely different device tomorrow. A blacklist can be outdated almost as quickly as it’s created.
There are many cases where a proxy server can be detected. However, even the best proxy-piercing services or software can’t catch every one.
Is Proxy Piercing Worth It?
While using a proxy is not a guaranteed sign of fraud, it can be a helpful indicator. Once you have the true IP address, you can compare it against lists of known "good" and "bad" IP addresses.
But, as we’ve seen, those lists may not be reliable. Overreliance on proxy detection to prevent fraud is risky, and will inevitably lead to some criminal fraud attacks going unnoticed.
Plus, even the best fraud prevention methods will still not help against post-transaction chargebacks. Friendly fraud—illegitimate disputes coming from actual cardholders—can happen months after the sale. At that point, knowing which IP address the order came from is meaningless.
Effective protection from the long-term impact of fraud and chargebacks requires a comprehensive approach that addresses every aspect of the problem. Unfortunately, implementing and maintaining such a strategy can take up a lot of time and resources.
The experts at Chargebacks911 have been involved with all areas of chargeback prevention and revenue recovery for over a decade. We can save you time and headaches and up your ROI. For more information, contact us today.
