I am getting a million fradulent orders. All from different U.S.-based IPs. Since most of those orders come in at night, I assume there is a big chance that they originate from overseas through U.S.-based anonymous proxies. Does anybody know how you can check if the customer is using an anonymous proxy by his IP address?
I actually am using maxmind to check IP addresses for anonymous proxies, but according to maxmind those are not anonymous proxies. Here are just some examples of IPs of the person that was trying to steal. Is there a different way to check if they are anonymous proxies?
Are you using the minFraud service? If so, the proxyScore output field should tell you that these IPs are open proxies. The anonymous proxy indicator only covers a limited set of proxies. For more details on how we categorize the open proxies vs anonymous proxies, go to maxmind.com /app/ipauthentication
If you migrated over from the old Credit Card Fraud Detection service from a few years back, you might not be seeing the proxyScore field, since that field was added a couple of years ago. I would check your script to make sure you are capturing the proxyScore output from MaxMind.
Thanks TJ. Below is an extended list of IPs that this guy was using (I got tired of writing down his IPs after a while) yesterday. Are you saying minFraud was supposed to indicate to me that every single of them is an open proxy?
I do see it, and I just checked all the responses for all those orders. For every single of the proxyScore equals to 3.00. Only one order has a value of 1.50 (IP: 18.104.22.168). Is 3 generally high enough? I see that your scale for that field is from 0 to 10.