How Residential Proxies Enable Fraud

Residential proxies are becoming more popular with fraudsters and cybercriminals, allowing these users to easily engage in abusive behavior and bypass fraud filters.

Internet fraud is a perpetual thorn in the side of businesses, advertisers, consumers, and even payment processors. Businesses often bear the financial brunt of this behavior in the form of chargebacks, ad fraud, free trial abuse, ATO, account registrations, and similar fraudulent actions. Most companies today have some sort of fraud prevention, however residential proxies frequently bypass these measures and allow bad actors to operate unchecked. Solutions that can tackle evolving threats, such as IP reputation checks which can detect botnets and residential proxies are in high demand.

Residential Proxies, The Fraud Enabler...

Let's discuss credit card chargebacks, a frequent nuisance for businesses that cause billions of dollars in losses per year. It's typical for a eCommerce fraud prevention solution to focus solely on chargeback prevention. The idea is simple: A fraudster uses a stolen credit card—often purchased in bulk online—and eventually the card's true owner will notice the suspicious charge and file a dispute with their credit card company or bank. Chargebacks are typically filed about 30-60 days after the initial charge, leaving the business in the red after having shipped or delivered the initial service.

Residential Proxies Enable Fraud

So how are cybercriminals so successful at credit card fraud? Fraudsters know how to work the system. They hide and sneak around the Internet, masking their true identity by using proxies. Proxies are neither good nor evil; instead, they are one of the ways to remain anonymous or access information that would otherwise be unavailable. The intent of the user is what matters. For the purpose of this article, we're going to focus on the bad user, as IPQS' services are smart enough to detect user intent and differentiate between good and bad users.

When cybercriminals use proxies, the bad user—the fraudster—is using a data center or residential proxy connection. Both types of proxies enable fraud; however, residential proxies are more dangerous due to a stealthier footprint. Quickly detect residential proxies by using our free IP proxy detection test. To begin, let's examine the differences between the two types.

Data Center Proxies Versus Residential Proxies

To understand why residential proxies are worse at enabling fraud it's important to distinguish how they're different from data center or hosting service proxies.

  • Data Center Proxy: Uses the IP address of a server issued by a hosting company and are easily identifiable.
  • Residential Proxy: Uses residential IP addresses issued by an Internet Service Provider (ISP), often without the knowledge of the IP addresses' real owner. These connections are often generated by the user's device being infected with malware and connected to a botnet.

Let's talk about hosting and data center proxies. Without a proxy, you access a website from your computer. With a data center proxy, you access a website from the data center server. The datacenter proxy acts as an intermediary which protects your identity. The website sees the IP address of the data center instead of your own. Most bot detection solutions only focus on preventing data center IP addresses.

A residential proxy, on the other hand, uses an IP address that belongs to another residence. The other residence is the intermediary in this scenario. Unlike data center IP addresses, residential IP addresses are  seen as more legitimate to websites and usually do not raise any red flags. It's a matter of trust. An IP address is less likely to get flagged or banned if it's coming from a home connection. That's why residential proxies are more dangerous.

Detect Residential Proxies

The Story of Viktor Petrov: Fraudster

Let's walk through an example of how residential proxies enable fraud. Viktor Petrov is fictitious; however, this story is meant to illustrate the steps a bad actor takes to commit fraud.

Viktor lives in Belarus but he doesn't want Gamestore, Amazon, or PayPal to know that; instead, he claims to live in Chicago, IL. After all, he purchased a residential proxy. The home where the IP address is assigned to is located in Chicago. He could have chosen a data center proxy, but Viktor didn't want to take a chance the data center server would be banned. He also doesn't want his IP address to appear suspicious.

Viktor already has access to:

  • Credit card numbers
  • Card owner addresses
  • CVV security codes
  • Email addresses

His modus operandi is simple, yet effective: sell what he doesn't have and still make money. Let's dig a little deeper to examine the process.

Viktor successfully sells an Xbox One on Amazon for $200; however, he doesn't own one. Steve, the buyer, is expecting the new gaming console to be delivered within a few days. Viktor uses April's credit card to buy an Xbox One from Gamestore. He wants it to be shipped to Steve's home and after a few days, it arrives. There's only one problem, however: April notices a charge for $200 in her credit card account. She never shopped at Gamestore! She didn't even know that her credit card information was stolen and sold on the dark web a few months prior.

What happens next? April will call her credit card company and dispute the charge. Shortly thereafter, she'll be refunded; however, the credit card company will demand Gamestore pay them in the form of a chargeback.

We are here to mitigate this type of fraud and subsequent chargeback against your business.

Other Possibilities of Fraud with Residential Proxies

Chargebacks are just one of the major issues caused by residential proxies. Since these IP addresses are so difficult to recognize as compromised or being controlled by another user, most websites will not ban or limit residential connections. Therefore, these IP addresses are the premier choice for bad actors to use for creating duplicate accounts, bypassing geographic filters, taking advantage of free trials, engaging in ad or click fraud, submitting fake data through lead generation funnels, and practically any type of abuse you can think of.

According to a survey of IPQS customers in 2023, residential proxy fraud is most significantly contributing to fraudulent account registrations and account takeover attacks. These connections allow fraudsters to bypass standard fraud prevention techniques like CAPTCHA, device behavior analysis, bot detection, and VPN detection — greatly improving a bad actor's success rate in facilitating abusive behavior.

Residential Proxy Detection

Because residential proxies use residential IP addresses like Comcast, AT&T, Verizon, Spectrum, Optimum, Cox, and similar cable or DSL providers, they are difficult to detect and have a very small online footprint; however, IPQS' proxy detection service performs multiple tests to determine if an IP address is acting as a residential proxy or is active within a botnet. Using our service, it is possible to block residential proxies in real-time, minimizing the chance your business will be a victim of fraud or chargebacks.

Deploy our tools on your site in just minutes, and say goodbye to fraud! Start now with a free trial.

API Lookup Access

Easy API Lookups

Threat & Abuse Network

Largest Threat & Abuse Network

Fraud Prevention Detection

Industry Leading Fraud Prevention

Ready to eliminate fraud?

Start fighting fraud in minutes!

Questions? Call us at (800) 713-2618

Schedule a Demo Sign Up »

Get Started with 5,000 Free Lookups Per Month!