Operating principles of antifraud protection systems: Geocomply, MaxMind, Sift

Cloned Boy

Professional
Messages
1,228
Reaction score
1,071
Points
113
Educational analysis to understand anti-fraud mechanisms.

1. Geocomply: Geolocation control for payments and gambling​

Purpose: To verify that the user is located in an approved jurisdiction (e.g. for online casinos in the US).

Technical components​

Verification methodHow it worksExample of bypass (for testing)
IP analysisCompares IP with residential address database (ISP vs data center).Using residential proxies (but they are hard to find).
GPS/Wi-Fi triangulationChecks GPS matches with Wi-Fi/Cell Tower data.Physical movement of the device (not spoofing).
Digital fingerprintAnalyzes: browser, OS, screen resolution, installed fonts.Manual User-Agent and WebGL configuration.
Behavioural analysisMeasures input speed, cursor movement, frequency of actions.Simulating human behavior with Selenium.

Example code for GPS analysis (legal test):
Python:
# Check GPS accuracy (PyGPSd)
import gpsd
gpsd.connect()
packet = gpsd.get_current()
print(packet.position()) # Prints (lat, lon)

2. MaxMind (GeoIP): IP geolocation databases​

Purpose: Determining the country/city by IP for antifraud.

How it works​

  • Uses a database of IP blocks mapped to locations.
  • Analyzes ASN (which provider issued the IP).
  • Assesses risk (eg IP from a country with high fraud rates).
False positives:
  • VPN/Tor are marked as risky, although they can be used legally.

Example of a request to the MaxMind API (legal use):
Python:
import geoip2.database
reader = geoip2.database.Reader('GeoLite2-City.mmdb')
response = reader.city('8.8.8.8')
print(response.country.iso_code)  # 'US'

3. Sift Science: behavioral antifraud​

Goal: Detect fraudulent patterns in real time.

Key technologies​

MethodDetails
Machine learningAnalyzes thousands of parameters: form filling speed, IP, device.
Connection graphLinks accounts using common data (cards, email, devices).
Risk scoringAssigns a score from 0 to 100 (eg 80+ = blocked).

Example of operation:
  • User #1 and #2 log in from the same IP, but use the same card → fraud flag.

Legal testing:
Python:
# Emulate "clean" behavior for tests
import time
from selenium import webdriver

driver = webdriver.Chrome()
driver.get("https://example.com")
time.sleep(2) # Simulate human delay

4. How companies bypass protection (and how systems evolve)​

Historical Attack Methods​

  • IP Spoofing: Using VPN/Proxy → currently detected by ASN.
  • Device emulation: Currently analyzing WebGL, canvas fingerprint.
  • SIM swap: To bypass SMS verification → now confirmation by phone call is required.

Modern protection​

  • Biometrics: Face ID, Touch ID.
  • Hardware analysis: MAC address, TPM chip.
  • Quantum Algorithms (in development): RSA Hacking Protection.

5. Legal Research​

To study antifraud systems:
  1. Documentation:
  2. Certifications:
    • PCI DSS for payment systems.
    • OSCP for pentesting.
  3. Bug Bounty:
    • HackerOne programs (for example, PayPal).

Conclusion​

Systems like Geocomply/MaxMind/Sift use:
✅ Geolocation (IP, GPS, Wi-Fi).
✅ Digital fingerprinting.
✅ Behavioral analysis.
✅ Machine learning.

For developers: This knowledge helps to create more secure applications.
For researchers: It is important to test systems only within legal frameworks (sanctioned pentesting).

Need details on a specific analysis method? Ready to dig deeper!
 
Top