Proxy detection is the process of figuring out how users connect to your website. This helps identify harmful agents who disguise their connection details to commit fraud. While some people use proxies for privacy or to improve internet speed, detecting proxies is essential for keeping your business secure. Read more proxy and VPN detection service for businesses
Common Fraud Scenarios Involving Proxies
While not every proxy user is a fraudster, proxies can facilitate various types of fraud, such as:
- Multi-accounting: Fraudsters create multiple accounts using different emails and phone numbers, needing proxies to mask their IP addresses.
- Payment fraud: A criminal using stolen credit cards must hide their identity and might choose an IP address that matches the card’s country.
- Identity fraud: Someone might use a proxy to create an account with stolen IDs in a different region, leading to potential money laundering or loan fraud.
- Account takeover: Fraudsters might access customer accounts while trying to mimic the behavior of legitimate users.
How Fraudsters Use Proxies
Fraudsters use proxies to hide their IP addresses. For example, if a fraudster in Portugal wants to use stolen Australian credit cards, they might use a proxy to appear as if they’re connecting from Australia. This helps them bypass security measures when attempting to make purchases.
Types of Proxies Used by Fraudsters
- Datacenter Proxies: These come from data centers like AWS. They are easier to detect but can still mask an original IP address.
- Residential Proxies: These use IPs from internet service providers (ISPs). They are harder to detect and often more trusted, making them popular among fraudsters.
- Mobile Proxies: These use IP addresses from mobile networks. They can change frequently, helping fraudsters stay hidden.
- Virtual Private Networks (VPNs): While not technically proxies, VPNs serve a similar purpose by hiding IP addresses. They can also come from data centers or residential sources.
- Tor Network: This network hides IP addresses but can be detected more easily. It should be noted that just because someone uses Tor doesn’t mean they are committing fraud.
Techniques for Proxy Detection
- Ping Test: If a ping test doesn’t return results, it may indicate a proxy is being used.
- Latency Measurements: If a connection is slower than expected, it might suggest the use of a proxy.
- WebRTC Test: This can reveal the original IP address of users even when they use proxies.
- TCP/IP Fingerprint Test: Comparing the browser’s User-Agent with the one from a TCP/IP check can indicate proxy use.
- Open Port Scan: Proxies may leave certain ports open, which can be a clue.
- Datacenter IP Test: Checking if an IP falls within known data center ranges can identify proxies.
How SEON Detects Proxies
At SEON, we use a mix of techniques, like WebRTC checks and DNS leak tests, to detect proxies through our API. This gives you a good idea of whether an IP address might be associated with fraudulent activity.
By integrating these tools, businesses can quickly assess the risk of user connections, allowing for faster and more effective fraud prevention.
