I spoke with one of our clients recently about their fraud-fighting challenges. They are a dating/ social-networking site, and have experienced some fraud in ways that tend to focus on using the dating site to con people out of money. (Think of Nigerian airline ticket scams, or Russian Bride scams)
These folks would sign up for the service, then meet their intended victims on the client's site. The end goal was really to scam someone of thousands of dollars, but of course the scammer is willing to use a stolen credit card in the process.
I can't go into all of the details of how the merchant fights this type of fraud (for obvious reasons) but here are the highlights of one aspect:
The merchant noticed an interesting thing: The scammers were sophisticated enough to spoof their IP address when they signed up, so they could elude many of the geo_IP checks that come with credit card validation. However, sometimes they were not as careful when they logged back into the site to troll for victims.
Our merchant implemented a system that watches the geo_IP for every contact with their users. If folks showed up in unusual places (ie. someone who's profile says they are from Boston, but the IP shows up from Nigeria) they'd flag the account for immediate review.
It's a good thing to do- cross checking real usage against what was stated during sign-up. There's no one fool-proof technique for beating the scammers, but this put an interesting twist on it.
Douglas J. Smith
VP, Client Services
Vindicia, Inc. 19 Davis Drive Belmont, CA 94002
