Read the other articles

How a Geolocation Database Helps Detect Online Fraud

How a Geolocation Database Helps Detect Online Fraud

IP intelligence obtained from an IP geolocation database can help combat online fraud, and that isn’t just a band-aid solution to the growing problem.

Geolocation databases are a real solution to a real problem. In fact, IP geolocation databases can even help pinpoint the location of phishing threats and, therefore, prevent such crime from happening. Similarly, it can detect online fraud and thereby reduce risks.

Why Worry about Online Fraud

Anyone who has become a victim of online fraud can say that the crime is costly. In 2019 alone, 23% of the 1.7 million reported fraud cases involved financial loss. In the same year, consumers reportedly lost $1.9 billion to fraudsters. Each victim experienced a median loss of $320, although the older the victim, the more significant was the damage.

Why Worry about Online Fraud
Image from

Credit card fraud remains the top identity theft type. In 2019, a total of 271,823 credit card fraud reports were recorded, while the volume of bank fraud reports reached 58,723. These numbers pertain to fraud reports in the U.S. alone, although the problem is reflected globally.

However, consumers aren’t the only ones paying the cost of these fraudulent transactions. Online retailers also stand to lose a significant amount of their revenue. Card-not-present (CNP) fraud can cause retailers to lose $130 billion from 2019 to 2023. As more people opt to shop online, the risk of online fraud continues to increase.

Detecting Online Fraud with an IP Geolocation Database

An IP geolocation database can effectively identify the location of a user based on his or her IP address. Apart from the user’s country, the details given by IP Geolocation Data Feed drills down to the user’s city, postal code, and latitude and longitude coordinates. And with more than 30 million IP records, the database can help combat the global problem of online fraud. But how is that done?

Unauthorized Access to Online Banking Accounts

Banks and other financial institutions should follow the Know Your Customer (KYC) regulation. The KYC regulation is a set of guidelines that require financial service providers to verify their clients’ identity and address before every transaction. Banks, therefore, already have their clients’ addresses on file. Proper adherence to the KYC regulation, along with an online fraud geolocation database, can help ward off abusers. Find out how below.

Once a client’s account is used in an online transaction with a device and IP address located in a place different from that in the bank’s file, these scenarios could occur:

  • The bank could pose additional security questions to verify the client’s identity. When the user answers the questions correctly, access is granted. Otherwise, access is denied, and the bank sends an alert to the client’s email address or phone number on file.
  • The bank could send a message to the client’s email address or phone number, alerting him or her of potential unauthorized access from a new device and location.
  • The bank sends a one-time personal identification number (PIN) or password to the client’s email address or phone number. This user needs this PIN or password to log in from a new device and location to access his or her account.

As part of this, banks derive the location of the IP address from a geolocation database. Therefore, the quality of the IP geolocation database is paramount.

Unauthorized Credit Card Transactions

Similarly, an IP geolocation database can help assess whether an incoming credit card transaction is legitimate or fraudulent. When the location where the purchase is made (based on the IP address) does not coincide with the credit card holder’s address on file, an alert goes off.

Consider a credit cardholder whose past transactions have been made in the U.S. alone. When the credit card company detects incoming transactions bearing the IP address 185[.]110[.]132[.]220, it finds out through a geolocation database that the buyer is from Kyiv, the capital city of Ukraine.

Below is a screenshot of its location details as they appeared on IP Geolocation API, which gets data from IP Geolocation Data Feed.

Unauthorized Credit Card Transactions

Since the location differs from the usual client location, the credit card company can flag the transaction as a potential attempted online fraud and alert the client immediately.

Unauthorized Online Purchases

Online retailers may also employ an online fraud geolocation database to detect illicit transactions. Even Facebook uses IP geolocation to protect its users from hackers. When an account is used from a location different from the previous sites, Facebook alerts the user.

Unauthorized Online Purchases

Similarly, by matching the client’s billing address with the user’s current location, online stores can help reduce instances of carding and other online fraud.

Online shops can also use IP Geolocation API to keep track of transactions made from high-risk locations. They can also put additional security measures in place when a purchase is made through a proxy server.

Preventing Online Fraud with Other Data Sources

Aside from detecting and preventing one fraudulent transaction at a time, IP Geolocation Data Feed can also help stop cybercrime in the future. In our example above, the credit card company can investigate the Ukrainian IP address further.

A defrauded organization would then find out that the IP address was identified as an indicator of compromise (IoC) by IBM X-Force Exchange for ties to credit card skimmers. A threat intelligence platform would, in fact, alert users that the IP address has been tagged as a malware host. Thus, the credit card company and online shops can better protect their clients by blacklisting the IP address.

Fraud investigators can further deepen their investigation by mapping out the domain associations of the malicious IP address. They can use a reverse IP/DNS solution, for instance. And it would reveal that six domains use the IP address 185[.]110[.]132[.]220.

The domain intelligence gleaned from passive Domain Name System (DNS) records would provide anti-fraud and security teams with more details to prevent online fraud and other types of cybercrime. Without IP geolocation data, however, that would not be possible.


The responsibility of preventing online fraud rests on the shoulders of both the account holder and the financial institution. Account holders should be educated about phishing and other means by which fraudsters can gain access to their accounts. They should be reminded to treat their passwords and one-time PINs with utmost secrecy.
At the same time, financial institutions and online merchants should employ strict security measures. Aside from setting password complexity standards and launching cybercrime education campaigns, they can use technology to their advantage. Keep in mind that even cybercriminals use IP geolocation data to target their victims. Online retailers, banks, and other financial institutions can use the same technology to detect online fraud. By doing so, they could even prevent fraudsters from targeting consumers.

Read the other articles
Access full information on a given IP address
Get started
Have questions?

Or shoot us an email to