Tue 10 Dec, 2013 08:30 am
I hope I came to the right place.
We (my company) are a credit provider for major retail stores in South Africa. We recently launched Web Applications, where customers can apply for credit online.
We have many fraud prevention methods in place - but never enough. As part of Phase 2 of the project we want to try and detect possible fraud by identifying an applicant's location and/or device. The general idea here is that this can be done by identifying the IP Address and flagging those that are used often. Quick research (but very limited knowledge) on this shows me that this is not that straight forward, since someone can have a static or dynamic IP address, meaning the same computer can be used but it may or may not have the same IP Address.
My question is fairly open-ended: Is IP Address tracking at all a viable option for fraud prevention?
If so, how much can be done by our own developers easily and relatively cheaply (i.e. we are not looking at buying the services of a company specializing in this).
Are there any other options/methods for identifying someone doing multiple applications from the same computer?
Thanks in advance,
The biggest problem you will encounter with this approach is that it is trivial to defeat.
There is a technology called TOR that is dedicated to defeating IP address-tracking schemes.
You're much better off tracking behavior.
I only noticed this message last night on a purchase. IP tracking has always been done, it's simple. Web logs catch the requesters address by default. Not that it's necessarily going to identify individuals even without using TOR or other proxying tools.
I think the message is a ploy to scare amateur fraudies who don't know much about the tech - kids with their parents credit cards for example.