Advanced Proxy Fraud Detection Service

Here you can see the results of using our advanced methodology for proxy detection. Please try different kinds of proxy servers and see the results of our estimation. We are sure you will be pleased with the results.

ProxyFraud.com Proxy Fraud Detection Web Service is a hosted, programmable XML Web Service that allows instant detection of the users hiding behind any kind of proxy server. The ProxyFraud.com Fraud Detection Web Service helps the Internet merchant to avoid loss of revenue and increase of operation costs in chargebacks and higher reserved funds as a result of online frauds.

Proxy Detection is emerging as a critical component for online fraud detection applications. Fraudsters are becoming more sophisticated in bypassing Geolocation controls by using proxies to spoof their IP address and location. Besides payment fraud, proxy checking is needed for any application where the IP Geolocation is used to authenticate online transactions, to protect from IP address spoofing.

For example, say a credit card fraudster located in Nigeria attempts to purchase goods online with a stolen credit card having a New York billing address. If the merchant uses Geolocation to block orders from Nigeria and other high risk countries, as well as to match up the billing location with the IP address location, the fraudster can bypass these checks by selecting a proxy located in New York. The IP address location appears to be legitimate since it is in the same city as the billing address. A proxy check would be needed to flag this order.

Transparent proxy (proxy that spill the user's real ip address, Level 5 proxy) adds to HTTP header variables that are unique to proxies, like X_FORWARDED_FOR, and from that variables the original IP address can be determined.

Anonymous proxy server (Level 3 and Level 4 proxy) lacks the X_FORWARDED_FOR. The user's ip address can not be determined but the presence of proxy variables tells the webserver about use of proxy. Another common element that can identify user behind proxy server in most cases is the presence of connection type "close".

Elite proxy server (High anonymous proxy server, Level 1 and Level 2 proxy) does not send any of proxy variables described and it is undetectable with basic proxy detection.

We have the largest public proxy server database in the net which is hourly updated and contains elite/high anonymous, anonymous and transparent/open proxy servers. Simply provide ProxyFraud.com with IP address of the user and we will check whether this IP is listed in our public proxy database.

Besides IP address we need to analyze HTTP request (which has information about referrer, browser, OS, language, type of connection etc) of the user's browser send to your website and try to find common proxy server variables. Nowadays is easy to find open and free proxy server. We have developed a sophisticated methodology to detect with a high probability the use of proxy servers with a high level of anonymity (so called elite proxy or Level 1 and Level 2 proxy) that does not send common proxy variables.

ProxyFraud.com Advanced Proxy Detection Methodology analyze not only headers that are present in HTTP request but goes one step closer to identify real proxy server. Advanced Proxy Detection can with success identify elite proxy, but also free web proxy server CGI proxy, php proxy etc).

API

A (potential) customer visits your website and is ready to subscribe for your services (or buy you product). You were able to determine his IP address (if not we can do it for you), which is used for calculating some costs, the customer should cover you (very simple example). Just after he has filled the subscription form you send an API request to our server with the customer IP and …. we determine that, yes, he is using a proxy. Now you know, that your customer is not a customer you expected him to be and you can decide, if he still need to be subscribed or additional security measures should be taken for further processing of this transaction.

You can send 2 kinds of request:
- only IP you want to exemine, this is Alternative A, (e.g. in PHP IP can be determined by getting the value of $_SERVER['REMOTE_ADDR']) or
- a set of all your Server and execution environment information variables. In this case we will find out the real IP by ourselves (e.g. in PHP these are values of the $_SERVER array ).
Please use POST or GET methods for sending the request data.
By sending Accept header you can specify whether you would like to receive the response in JSON (use "Accept: application/json") or in XML (use "Accept: application/xml")
The simplest example of request is: http://proxyfraud.com/api/?IP=123.123.123.123

<?
class api_request
{
protected $url;
protected $method;
protected $request_string='';
protected $accept_type;
protected $response_body;
protected $response_info;
protected $request_data;

public function __construct ($url = null, $method = 'POST', $accept_type='xml', $request_data = array())
{
$this->url = $url;
$this->method = $method;
//$this->accept_type = $accept_type;
$this->request_data = $request_data;

$this->response_body = null;
$this->response_info = null;

if ($accept_type=='json'){
$this->accept_type = 'application/json';
} else {
$this->accept_type = 'application/xml';
}

if (!empty($this->request_data)){
$this->set_request_string();
}
}

public function execute()
{
$ch = curl_init();

if(strtoupper($this->method)=='POST'){
curl_setopt($ch, CURLOPT_POSTFIELDS, $this->request_string);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_URL, $this->url);
} else {
curl_setopt($ch, CURLOPT_HTTPGET, 1);
curl_setopt($ch, CURLOPT_URL, $this->url.'?'.$this->request_string);
}
curl_setopt($ch, CURLOPT_TIMEOUT, 10);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array ('Accept: ' . $this->accept_type));
$this->response_body = curl_exec($ch);
$this->response_info = curl_getinfo($ch);

curl_close($ch);
}

public function set_request_string($data = null)
{
$data = ($data !== null) ? $data : $this->request_data;

if (!is_array($data))
{
die('Invalid data input. Array expected');
}

$this->request_string = http_build_query($data, '', '&');
}

public function set_accept_type($accept_type){
$this->accept_type=$accept_type;
}

public function set_method($method){
$this->method=$method;
}

public function show_response(){

//echo 'show response body<br>';
echo ($this->response_body);

//echo 'show response info<br>';
//print_r($this->response_info);
}
}

// setting the data array
$data=$_SERVER;

// preparing the request
$request = new api_request('proxyfraud.com/api/', 'post', 'json', $data);

/* Alternative method calling */
//$request->set_data($data);
//$request->set_acceptType('xml');

// executing the request
$request->execute();

// processing the results
$request->show_response();

ProxyFraud.com

Advanced Proxy Detection Service

API