IP Geolocation for Fraud Detection
Stop 80% of payment fraud attempts before they reach your checkout.
Fraudsters hide behind proxies, VPNs, and Tor exit nodes. They use stolen cards from one country while sitting in another. Every e-commerce, fintech, and SaaS checkout flow needs location-based risk scoring — and the cheapest place to get it is at the IP layer, before the transaction even starts.
The business problem
Payment fraud costs online merchants ~1.8% of revenue (Juniper Research, 2024). The first signal you can check — before collecting card data, before 3DS, before a charge attempt — is where the request is actually coming from.
Typical fraud indicators at the IP layer:
- Buyer’s billing country ≠ IP country
- IP is a known VPN, proxy, hosting provider, or Tor exit
- IP originates in a high-risk country (OFAC sanctions, high-fraud geography)
- ASN is associated with commercial hosting (DigitalOcean, AWS EC2) — residential users don’t normally shop from server farms
- Velocity: 10+ signups from same /24 subnet in 1 hour
Implementation: 3-line risk check
Before your /checkout endpoint runs card validation, add one IP lookup:
curl -s "https://api.ipgeo.10b.app/v1/lookup/203.0.113.42" \
-H "Authorization: Bearer $IPGEO_API_KEY"
Returns:
{
"ip": "203.0.113.42",
"country_code": "NG",
"country_name": "Nigeria",
"city": "Lagos",
"is_vpn": false,
"is_proxy": false,
"is_tor": false,
"is_hosting": true,
"asn": "AS37252",
"org": "DigitalOcean LLC",
"risk_score": 78
}
JavaScript / Node.js example
async function scoreRequest(ip, billingCountry) {
const res = await fetch(`https://api.ipgeo.10b.app/v1/lookup/${ip}`, {
headers: { Authorization: `Bearer ${process.env.IPGEO_API_KEY}` }
});
const geo = await res.json();
let risk = geo.risk_score; // 0-100, server-side scored
if (geo.country_code !== billingCountry) risk += 20;
if (geo.is_vpn || geo.is_proxy || geo.is_tor) risk += 25;
if (geo.is_hosting) risk += 15;
return {
block: risk > 80,
review: risk > 60,
risk,
reason: { country_mismatch: geo.country_code !== billingCountry, ...geo }
};
}
Python / FastAPI example
import httpx, os
from fastapi import HTTPException
async def fraud_check(ip: str, billing_country: str):
async with httpx.AsyncClient() as c:
r = await c.get(
f"https://api.ipgeo.10b.app/v1/lookup/{ip}",
headers={"Authorization": f"Bearer {os.environ['IPGEO_API_KEY']}"},
timeout=2.0
)
geo = r.json()
if geo["is_tor"] or (geo["is_hosting"] and geo["is_vpn"]):
raise HTTPException(403, "High-risk IP")
return geo
Why IP Geo API for this use case
- VPN / Proxy / Tor flags included on every response — no separate threat-intel endpoint, no bundling surcharge.
- Hosting / data-center detection — ASN classification separates residential ISPs from AWS, GCP, OVH, Hetzner, etc.
- Risk score (0-100) — our scoring combines country-risk (OFAC, fraud-prevalence data), hosting-provider weight, and Tor/VPN signal into a single integer you can threshold.
- Median response time ≤ 40 ms (EU), ≤ 80 ms (US). Fast enough to sit in the critical path of a checkout request.
- Predictable pricing — € 0,0001 per lookup at the Business tier. 1 million checkouts/month = € 100.
Pricing math for a typical ICP
| Your volume | Tier | Cost/mo | Cost per lookup |
|---|---|---|---|
| < 30 K checks/mo | Free | € 0 | € 0 |
| < 1 M checks/mo | Starter | € 29 | € 0,00003–0,001 |
| < 10 M checks/mo | Business | € 99 | € 0,00001–0,0001 |
| > 10 M | Custom | on request | < € 0,00001 |
At Starter tier, blocking just one fraudulent € 50 order per month already pays for the entire subscription.
When IP geolocation is NOT enough
Honest: IP geolocation is a signal, not a verdict. For high-value transactions (> € 500), combine with:
- 3-D Secure 2 (issuer-side authentication)
- Device fingerprinting (FingerprintJS, ThreatMetrix)
- Behavioral analytics (mouse movement, typing cadence)
- Address verification (AVS) on the card itself
IP geolocation’s job is to cheaply filter the obvious so the expensive signals are only invoked for ambiguous cases.
Related use cases
- Geoblocking for compliance — see
./geoblocking-compliance.md - Bot / WAF filtering — see
./bot-security.md - Visitor analytics — see
./visitor-analytics.md
Related comparisons
- IP Geo API vs MaxMind —
../seo-pages/vs-maxmind.md - IP Geo API vs ipinfo.io —
../seo-pages/vs-ipinfo-io.md
Get started
- Free tier: 1 000 lookups / day, no credit card. →
/pricing - Starter €29/mo: 33 K lookups / day, all threat fields.
- Business €99/mo: SLA-backed, priority queue, VPN + Tor + risk score.
Sign up at https://ipgeo.10b.app/pricing and start scoring risk in under 5 minutes.
Get early access — 50% off for 12 months
First 100 signups lock in 50% off any paid plan for the first year. No credit card required — we’ll email you at launch.