IP Geolocation for Fraud Detection

Stop 80% of payment fraud attempts before they reach your checkout.

Fraudsters hide behind proxies, VPNs, and Tor exit nodes. They use stolen cards from one country while sitting in another. Every e-commerce, fintech, and SaaS checkout flow needs location-based risk scoring — and the cheapest place to get it is at the IP layer, before the transaction even starts.

The business problem

Payment fraud costs online merchants ~1.8% of revenue (Juniper Research, 2024). The first signal you can check — before collecting card data, before 3DS, before a charge attempt — is where the request is actually coming from.

Typical fraud indicators at the IP layer:

• Buyer’s billing country ≠ IP country
• IP is a known VPN, proxy, hosting provider, or Tor exit
• IP originates in a high-risk country (OFAC sanctions, high-fraud geography)
• ASN is associated with commercial hosting (DigitalOcean, AWS EC2) — residential users don’t normally shop from server farms
• Velocity: 10+ signups from same /24 subnet in 1 hour

Implementation: 3-line risk check

Before your /checkout endpoint runs card validation, add one IP lookup:

curl -s "https://api.ipgeo.10b.app/v1/lookup/203.0.113.42" \
  -H "Authorization: Bearer $IPGEO_API_KEY"

Returns:

{
  "ip": "203.0.113.42",
  "country_code": "NG",
  "country_name": "Nigeria",
  "city": "Lagos",
  "is_vpn": false,
  "is_proxy": false,
  "is_tor": false,
  "is_hosting": true,
  "asn": "AS37252",
  "org": "DigitalOcean LLC",
  "risk_score": 78
}

JavaScript / Node.js example

async function scoreRequest(ip, billingCountry) {
  const res = await fetch(`https://api.ipgeo.10b.app/v1/lookup/${ip}`, {
    headers: { Authorization: `Bearer ${process.env.IPGEO_API_KEY}` }
  });
  const geo = await res.json();

  let risk = geo.risk_score; // 0-100, server-side scored
  if (geo.country_code !== billingCountry) risk += 20;
  if (geo.is_vpn || geo.is_proxy || geo.is_tor) risk += 25;
  if (geo.is_hosting) risk += 15;

  return {
    block: risk > 80,
    review: risk > 60,
    risk,
    reason: { country_mismatch: geo.country_code !== billingCountry, ...geo }
  };
}

Python / FastAPI example

import httpx, os
from fastapi import HTTPException

async def fraud_check(ip: str, billing_country: str):
    async with httpx.AsyncClient() as c:
        r = await c.get(
            f"https://api.ipgeo.10b.app/v1/lookup/{ip}",
            headers={"Authorization": f"Bearer {os.environ['IPGEO_API_KEY']}"},
            timeout=2.0
        )
    geo = r.json()
    if geo["is_tor"] or (geo["is_hosting"] and geo["is_vpn"]):
        raise HTTPException(403, "High-risk IP")
    return geo

Why IP Geo API for this use case

• VPN / Proxy / Tor flags included on every response — no separate threat-intel endpoint, no bundling surcharge.
• Hosting / data-center detection — ASN classification separates residential ISPs from AWS, GCP, OVH, Hetzner, etc.
• Risk score (0-100) — our scoring combines country-risk (OFAC, fraud-prevalence data), hosting-provider weight, and Tor/VPN signal into a single integer you can threshold.
• Median response time ≤ 40 ms (EU), ≤ 80 ms (US). Fast enough to sit in the critical path of a checkout request.
• Predictable pricing — € 0,0001 per lookup at the Business tier. 1 million checkouts/month = € 100.

Pricing math for a typical ICP

At Starter tier, blocking just one fraudulent € 50 order per month already pays for the entire subscription.

When IP geolocation is NOT enough

Honest: IP geolocation is a signal, not a verdict. For high-value transactions (> € 500), combine with:

• 3-D Secure 2 (issuer-side authentication)
• Device fingerprinting (FingerprintJS, ThreatMetrix)
• Behavioral analytics (mouse movement, typing cadence)
• Address verification (AVS) on the card itself

IP geolocation’s job is to cheaply filter the obvious so the expensive signals are only invoked for ambiguous cases.

Related use cases

• Geoblocking for compliance — see ./geoblocking-compliance.md
• Bot / WAF filtering — see ./bot-security.md
• Visitor analytics — see ./visitor-analytics.md

Related comparisons

• IP Geo API vs MaxMind — ../seo-pages/vs-maxmind.md
• IP Geo API vs ipinfo.io — ../seo-pages/vs-ipinfo-io.md

Read also

Five narrative deep-dives comparing IP Geo API to the providers most often shortlisted in the IP-geolocation market:

• IP Geo API vs ipinfo.io in 2026: When the EU Alternative Wins (and When It Doesn’t) → — code-level migration sketch + 2026 pricing math at 100K / 1M / 10M req/mo.
• IP Geo API vs MaxMind in 2026: SaaS vs DB Download — Which Stack Wins? → — when GeoIP2 binary still wins, when EU-hosted SaaS wins, and how the math changes at 1M+ req/mo.
• IP Geo API vs ipstack in 2026: HTTPS-on-Free, EU Hosting, and the Security Module Question → — why HTTP-only free tiers break browser-side calls, bundled threat-detection vs add-on Security Module.
• IP Geo API vs ipapi.co in 2026: Free-Tier Generosity vs Predictable Latency → — how the bundled-everything pricing model plays out at 100K / 1M req/mo.
• IP Geo API vs ipgeolocation.io in 2026: Bundled Endpoints, Bundled Threat-Detection, and the EU-Residency Question → — separately-priced Security API vs bundled threat block, USD vs EUR billing, ~600B vs ~1.4KB payload.
• IP Geo API vs IP2Location in 2026: REST-First vs Database-Download — Which Model Wins for Your Stack? → — REST-only managed API vs annual BIN/CSV/MMDB licensing, IP2Proxy bundling cost, EU residency.
• IP Geo API vs DB-IP in 2026: REST-First vs DB-Download — Which EU Vendor Wins for Your Stack? → — attribution-free free tier, EU-edges-only, bundled threat detection vs per-axis subscription stack.

Plus seven hands-on migration guides for teams switching from an incumbent provider — code-level field-shape walkthroughs, edge-cache patterns, and rollback notes:

• Migrate from MaxMind GeoIP2 to IP Geo API (2026 walkthrough) → — drop the weekly .mmdb sync, swap to a REST call with the same field shape, edge-cache patterns + CSV→JSON field map.
• Migrate from ipinfo.io to IP Geo API (2026 walkthrough) → — loc-string parsing, org ASN+name regex split, and Authorization-header edge-stripping gotchas.
• Migrate from ipstack to IP Geo API (2026 walkthrough) → — HTTP→HTTPS scheme flip, security.* empty-vs-populated branch behaviour, connection.asn integer typing.
• Migrate from ipapi.co to IP Geo API (2026 walkthrough) → — per-day rate-limit fragmentation, org ASN+name regex, attribution-backlink scrub for paid-tier customers.
• Migrate from ipgeolocation.io to IP Geo API (2026 walkthrough) → — separately-billed Security API SKU consolidation, apiKey-in-URL log-leak hardening, and latitude/longitude string-vs-number gotchas.
• Migrate from IP2Location to IP Geo API (2026 walkthrough) → — BIN/CSV/MMDB-download decommission, IP2Proxy SKU consolidation, USD-annual-prepay-to-EUR-monthly billing migration, and proxy_type enum-vs-split-booleans gotchas.
• Migrate from DB-IP to IP Geo API (2026 walkthrough) → — MMDB/CSV-download decommission, IP-to-Threat / Anonymous / Datacenter SKU consolidation, CC-BY-4.0 attribution-backlink scrub, and countryCode3 ISO-3 vs ISO-2 gotchas.

Get started

• Free tier: 1 000 lookups / day, no credit card. → /pricing
• Starter €29/mo: 33 K lookups / day, all threat fields.
• Business €99/mo: SLA-backed, priority queue, VPN + Tor + risk score.

Sign up at https://ipgeo.10b.app/pricing and start scoring risk in under 5 minutes.

Industry deep-dives

• IP Geolocation for Fintech — KYC, Sanctions Screening, Fraud, and EU Residency → — fintech-specific deep-dive: the three IP-control surfaces (KYC country-of-origin, OFAC/EU sanctions, payment-fraud risk), EU-hosted GDPR posture, EUR billing, ASN-level hosting detection, and ≤40 ms median EU-edge latency for 800-1200 ms PSP authorisation budgets.

• IP Geolocation for Ad-Tech — RTB Enrichment, SIVT/IVT Filtering, and Click-Fraud Attribution → — ad-tech-specific deep-dive: the three IP-control surfaces (RTB bid enrichment with ≤40 ms latency budget + OpenRTB 2.6 device.geo/device.ext, SIVT/IVT filtering with IAB-confirmed datacenter ASN block-list, click-fraud post-back attribution + risk scoring), EU-hosted GDPR + ePrivacy + IAB-TCF v2.2 posture, bundled threat fields, ASN-level granularity, and predictable EUR billing.

• IP Geolocation for iGaming — Licence-Jurisdiction Enforcement, VPN-Circumvention Scoring, and Self-Exclusion Register Routing → — iGaming-specific deep-dive: the three IP-control surfaces (licence-jurisdiction enforcement with hard-fail-closed posture across MGA/UKGC/KSA/DGOJ/ANJ/ADM/DAS, anti-circumvention scoring with residential-proxy ASN block-list covering Bright Data + Oxylabs + Smartproxy + IPRoyal, self-exclusion register routing to GamStop/CRUKS/ROFUS/Spelpaus/OASIS by IP-country), EU-hosted GDPR + EGBA posture, bundled threat fields, ASN-level granularity, and predictable EUR billing.

• IP Geolocation for SaaS Monetization — Geo-Pricing, EU-VAT/DAC7 Tax-Routing, Trial-Abuse Scoring, and OFAC/EAR Export-Controls → — SaaS-specific deep-dive: the four IP-control surfaces (PPP-anchored geo-pricing with ≤40 ms checkout-flow budget, EU-VAT-MOSS + OECD DAC7 tax-routing to the right Stripe/Adyen/Braintree/Paddle tax-id, trial-abuse detection with residential-proxy ASN block-list across Bright Data/Oxylabs/Smartproxy/IPRoyal, and OFAC SDN + EAR export-controls feature-gating), EU-hosted GDPR posture, bundled threat fields, ASN-level granularity, and predictable EUR billing.

• IP Geolocation for Streaming Media — Content Licensing, VPN-Bypass Defence, CDN POP Steering, and SSAI Ad-Insertion → — Streaming-media-specific deep-dive: the four IP-control surfaces (per-territory licensing enforcement with hard-fail-closed HTTP 451 on ambiguous resolve, VPN/proxy/Tor circumvention defence with residential-proxy ASN block-list across Bright Data/Oxylabs/Smartproxy/IPRoyal, CDN POP steering and adaptive bitrate-ladder selection across Akamai/Cloudflare/Fastly/BunnyCDN/Lumen, and SSAI ad-insertion targeting with sports blackout windows via Haversine GPS-distance), ≤40 ms session-init budget on EU edges, studio-grade 24-month audit trail, threat fields on every plan, ASN-level granularity, and EU-hosted GDPR + AVMSD (Directive 2018/1808) posture.

• IP Geolocation for E-commerce — Tax-Jurisdiction Routing, BIN-vs-IP Carding Defence, PPP-Adjusted Currency Display, and Shipping-Zone Fulfilment Routing → — E-commerce-specific deep-dive: the four IP-control surfaces (EU OSS distance-sales 27-rate map + UK VAT 20% + CH-VAT 7.7% + NO MVA 25% + US Wayfair 13-state nexus + CA GST/HST per-province + AU/SG/IN/BR/JP GST/ICMS/JCT with sanctions hard-stop on IR/KP/SY/CU/BY/RU/MM/VE at checkout; BIN-vs-IP carding + refund-fraud 6-factor weighted score at place-order with residential-proxy ASN block-list across Bright Data/Oxylabs/Smartproxy/IPRoyal/Tier3; PPP-adjusted 7-tier pricebook on first paint with VPN/proxy fall-back to BIN-billing-country; 9-warehouse fulfilment routing FRA/AMS/MAD/MIL/DOV/IAD/LAX/DEL/SIN with DDP/DDU duty pre-calc and lithium/aerosol/prescription destination-gates), ≤40 ms checkout-first-paint budget, DAC7/GDPR/EU OSS audit posture, bundled threat fields on every plan, ASN-level granularity, and EUR billing.

• IP Geolocation for Healthcare — Cross-Border Telehealth Licensing, HIPAA PHI/EPHI Access Geofencing, EU Patient-Data Residency w/ Schrems II Routing, and Cross-Border Pharma + DEA Schedule Gating → — Healthcare-specific deep-dive: the four IP-control surfaces (cross-border telehealth licensure match at consult-init w/ US IMLC 41-state partial + CA/FL/NY/TX independent + EU MRPQ Directive 2005/36/EC + DE Bundesärztekammer + NL BIG + FR ONM + UK GMC + HTTP 451 hard-fail-closed on jurisdiction-mismatch + NO_RECIPROCITY hard-stop on IR/KP/SY/CU/BY/RU/MM/VE/AF/SO; HIPAA 45 CFR §164.308(a)(4) PHI/EPHI access geofencing w/ clinical-ASN allowlist Epic/Cerner/Allscripts/Mayo/MGH/Cleveland/Kaiser + residential-proxy ASN reject Bright Data/Oxylabs/Smartproxy/IPRoyal/Tier3 + home-office BAA-attested workstation allowlist + risk_score < 30 soft-allow; EU patient-data residency w/ GDPR Art. 9 special-category + EDPB Recommendations 01/2020 supplementary technical measures + Schrems II SCC flag for US-shard + routing to 6 EHR shards EU-FRA/EU-AMS/UK-LON/US-IAD/CA-YYZ/AU-SYD w/ VPN/proxy → fall-back to EU-FRA highest protection; cross-border pharma + controlled-substance gating w/ DEA Schedules I-V + Ryan Haight Act §3 in-person-eval requirement for telemed Rx + EU Falsified Medicines Directive 2011/62/EU originator-country audit + per-country bans for cannabis/CBD/psilocybin/MDMA/kratom), ≤40 ms consult-init budget, HIPAA/GDPR Art. 9/Schrems II/DEA/EU FMD audit posture, bundled threat fields on every plan, ASN-level granularity, and EUR billing.

• IP Geolocation for Travel + Hospitality — Geo-Rate Enforcement + Dynamic-Pricing per Booking Origin, OTA Carding + ATO Defence, OFAC/EU CONSILIUM/UK OFSI Sanctions Screening at Booking-Init, and GDS + EU OSS / DAC7 Reporting → — Travel/hospitality-specific deep-dive: the four IP-control surfaces (geo-rate enforcement + dynamic-pricing per booking origin w/ 8-tier pricebook T1 EU-Lux 1.00x → T8 Africa 0.75x + VPN/proxy/Tor fall-back to T2_NA_LUX anti-arbitrage + SANCTIONS_HARDSTOP on IR/KP/SY/CU/BY/RU/MM/VE/AF/SO HTTP 451 at search-render + BIN-billing-country pin at checkout; OTA carding + ATO defence at booking checkout w/ corporate-travel-platform ASN allowlist AS-CWT/Amex GBT/BCD/FCM/Egencia/Navan/Amadeus/Sabre fast-lane + consumer-OTA reject on VPN/Tor/relay + residential-proxy ASN block Bright Data/Oxylabs/Smartproxy/IPRoyal/Tier3 + 6-factor carding score threshold ≥70; OFAC + EU CONSILIUM + UK OFSI sanctions screening at booking-init w/ sanctioned-origin hard-stop regardless of session residency + EU 6AMLD compelled-disclosure on VPN/proxy + US-Cuba 31 CFR §515 General License gate + luxury-segment AML thresholds yacht €10K / private jet €20K / villa €5K/night / heli €3K + PEP screen + source-of-funds eval; GDS + inventory routing + EU OSS / DAC7 reporting w/ Amadeus EU/UK + Sabre US/CA + Travelport APAC + 27 EU-MS destination-VAT rates DE 19% → HU 27% + NO 25% + CH 8.1% + UK 20% + DAC7 Directive 2021/514 reportable-platform-operator evidence-log 5-year retention + Jan-31 lead-MS annual report), ≤40 ms search-render budget, OFAC/EU CONSILIUM/UK OFSI/DAC7/EU OSS/HOTREC audit posture, bundled threat fields on every plan, ASN-level granularity, and EUR billing.