CA RiskMinder Administration Guide › Geolocation and Anonymizer Data

Geolocation and Anonymizer Data

RiskMinder uses geolocation and IP checking in close conjunction to prevent high risk activity. These capabilities use the IP address of end users to:

• Verify that they are not accessing from a country or region that you have blacklisted.
• Verify that they are not moving faster than is actually possible.
• Verify that they are not hiding their location.
• Verify that they are not coming from an IP address that you have blacklisted.

You can decide the mitigating action that you want to choose, which may range from alerting your fraud or security team of possible compromise, automatically requiring additional authentication from the end user, or simply denying access.

This appendix discusses the use of IP geolocation data and Negative IP checks in RiskMinder. Together, these two capabilities provide one of the major components of RiskMinder fraud and high risk access detection. They support the following checks that are provided as part of the RiskMinder out-of-the-box rule settings:

• Geolocation (Negative Country List)
• End user change in access location (Zone hopping)
• Anonymizer data (Negative IP Types)
• Administrator-defined negative IPs (Negative IP Address List)

This appendix covers the following topics:

• Understanding Geolocation and Anonymizer Data
• Using Geolocation Data in RiskMinder Rules
• Using Anonymizer Data
• Using the Negative IP Address List