Multiple Distinct IP Addresses Used by Shopper

This risk check initiates when the number of distinct IP addresses a shopper has been used in the configured timeframe exceeds the configured threshold.

Fraudsters often use randomize proxies to commit fraud. Their fraud profile often spans multiple IP addresses. This check is aimed at identifying users whose IP address diversity fits the profile of a fraudster. 

Adyen dynamically determines if an IP address is a shared IP address and does not include these in the rule calculation. This is to reduce the effect that using networks such as Wi-Fi hotspots have on good users' scores. The shared IP address check allows merchants to flag for the use of these shared IP addresses if needed.

Configuration options

  • Merchants can establish a threshold for both the number of unique IP addresses and the timeframe allowed. The default is 2 times over 3 days.
  • The risk check fires on the transaction after the set threshold. So, if a merchant sets a threshold of 2 in 3 days, it fires on the 3rd IP address recorded in that 3-day period (not counting shared IPs).