Using Geolocation to Prevent Fraud

Xsolla clients are protected against online and wire fraud because we are using more than one method to combat it. Today, we will be talking about one of the most effective tools you can use to detect suspicious transactions – geolocation.

Earlier, we have shared some details of what parameters are used to identify user location. This time, Xsolla experts explain how information about a user’s geographical location allows us to identify a suspected fraudster .


Location-based services provide information about any user’s location, connection speed, domain, localization, and language browser. This information is used to determine where the user is at the time of purchase. Once you know this information, you can start working to prevent fraud.

Geolocational info is used by a number of large companies. For example, just this past February, MasterCard announced a partnership with Syniverse, hoping to improve the ways they prevent and combat fraud through check geolocation. This spring, they also led a campaign that ensured that customers who wished to pay online by credit card could only do so when their cell phone was activated. This way, they can store and transmit data about a user’s location via network.

How to use the geolocation to avoid possible fraudulent payments in online gaming, we inquired with Xsolla’s experts, Elena Musinova and Vladimir Karnishin.

Learn to Identify and Look Beyond Proxy Servers

Proxy servers help conceal customer information and reroute data through another location. For example, a payment system can notify you when player makes a purchase from a place that is extremely remote from a user’s billing address.

Xsolla once found a Chinese fraudster who routed a payment from Mexico while posing as an American. How did this happen? People were able to steal a user account, create a new account with fake data and then continue to use a stolen card. According to Xsolla’s support manager, Elena Musinova, it’s possible to identify fraudsters using proxy simply by carefully analyzing their requests:

“Most of the questionable calls in regards to operating stolen cards come from the CIS, China, South America and Africa. Criminals often use a proxy and try to pass themselves off as Americans, and pay with credit cards that have been stolen from the United States. If they contact customer support, often we will notice that their requests are significantly misspelled. These are not mistakes that native speakers would make. Most likely, the support tickets have been translated into English using an online service. With such clues as this, we can catch fraudsters who are using the best proxies.”

Follow User Language

Make sure to take a look at what the language or localization of the site is that the user chooses. It’s a different case if a user says that he is on a business trip to China from the US and therefore pays from that location, but why would a business traveler choose Chinese as their primary language and not English? When a person goes on vacation, they may choose to set their watch or phone clock to a local time zone, but they hardly ever change their main computer. If you notice such discrepancies, it’s a red flag.

Require All Possible Payment Parameters

Head of Risk Management and Acquiring Vladimir Karnishin says that to be sure you are successfully combating fraud is to offer the maximum amount of payment parameters possible. To effectively use geolocation, you must be able to gather as much information as you can to nail down a user’s location.

This does not necessarily mean requiring this parameters from a user, but rather being able to identify them based on the information provided. Some useful parameters to pay attention to include:

Billing Address
– The physical address when a user registers a payment account
Postal Code Number
– The region in which the bank or financial institution that issued the card is located
Regional IP Addresses
The IP addresses of the computer or device that uses the account
Browser Language
-The language that a user has set their computer’s browser to as a default
Time Zone of the Computer
-You can identify a user’s area by how their computer has been set to identify their time zone.

Get Familiar with Analysis Algorithms

The process of comparing user data to identify a potential fraudulent user will vary and depends on each situation and market. Sometimes it is enough to compare a bank address and an IP address and refuse a transaction service if they don’t match up. However, more often than not, fraud charges are initiated within more complex algorithms than that.

“Sometimes you are able to notice fraudulent activity by tracking an address change made by a user, even when the other attributes of payment remain the same. Address changes within a certain time frame are extremely suspect. For example, payment from the U.S. and then a subsequent payment from the CIS within a few minutes indicates a high probability that the first payment’s data has been compromised and the user is trying to make a payment from a stolen card.” says Vladimir Karnishin.


Thanks to geolocation checks, developers can rest assured that orders from users will be paid out. Special techniques and filters can be used for analyzing location information to help avoid transactions from suspicious customers. Maintaining and analyzing data about a user’s location supports the creators of games to add significant additions to their marketing as well as security opportunities, as well.

Tagged , , , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s