This risk check initiates when the number of distinct IP addresses a shopper has used in the configured timeframe exceeds the configured threshold.
Fraudsters often use randomize proxies to commit fraud. Their fraud profile often spans multiple IP addresses. This check is aimed at identifying users whose IP address diversity fits the profile of a fraudster.
Adyen dynamically determines if an IP address is a shared IP address and does not include these in the rule calculation. This is to reduce the effect that using networks such as Wi-Fi hotspots have on good users' scores. The shared IP address check allows merchants to flag for the use of these shared IP addresses if needed.
- You can establish a threshold for both the number of unique IP addresses and the timeframe allowed. The default is 2 times over 3 days.
- The risk check fires on the transaction after the set threshold. So, if you set a threshold of 2 in 3 days, it fires after the shopper makes a purchase from the third distinct IP address recorded in that 3-day period (not counting shared IPs).