IP Intelligence playbook
Catch high-risk IPs before charging the card
Card-testing rings, BIN-attack scripts, and stolen-card cashout flows almost always ride through proxies or Tor before they touch a checkout form. By the time the card processor flags a chargeback, the loss is already booked. Adding IP risk to the pre-charge scoring step is the cheapest layer of payment-fraud defense and the one most often missing from custom checkouts.
The IP Intelligence response carries everything the score needs: country, ASN type, Tor / VPN / datacenter / residential-proxy flags, and a single recommendation.severity number from 0 to 2. Wire it in before the charge call. High-risk traffic gets a 3DS step-up or a hard decline; low-risk traffic stays on the express path.
Try it now
Free tier returns the same shape. Sign in for a key, replace the placeholder, watch the response.
curl -H "Authorization: Bearer dk_live_..." \ "https://dnschkr.com/api/v1/ip?address=$CUSTOMER_IP" # Add to the checkout risk score: # data.is_tor -> +30 (almost always block) # data.is_vpn -> +15 (step-up auth) # data.asn.type === "hosting" -> +20 (rare for real shoppers) # geo mismatch (IP vs billing) -> +10
What this catches
Tor exit nodes, public proxies, and major commercial VPN ranges are tracked from live feeds. Datacenter and hosting traffic is identified through ASN classification across 800+ hosting providers. Geo-mismatch scoring requires combining the response country with the billing country supplied at checkout; both signals together are stronger than either alone.
False positives matter more in payments than anywhere else. The recommendation field is calibrated so severity 1 traffic deserves a friction step (3DS, OTP) rather than a decline. Severity 2 covers Tor and the most aggressive public-proxy networks where declining is the right default for almost every store.