How to Ensure Cyber Security With ipstack© Integration

Introduction

When a customer is independently creating a loan application (from the Web), it might be difficult to check how reliable their connection is and and how trustworthy they are. This makes a cyber security check an important part of the overall company security.

For this purposes, TurnKey Lender supports integration with ipstack© - a powerful, real-time IP to geolocation API capable of looking up accurate location data and assessing security threats originating from risky IP addresses.

Learn:

Available ipstack© Parameters

Integration with ipstack© allows to check a number of security parameters including the following ones, used by the TurnKey Lender application:

  • Proxy usage: Сhecks if the customer is using an intermediary server between them and the application page (a “proxy server”) when applying for the loan. Proxy servers may be used to mask the true origin of the request to the Application. For example source country or network

  • Tor system usage: Сhecks if the customer is using the onion routing system (used for anonymization of communication) when applying for the loan.

  • Crawler usage: A crawler is a computer program that can be used to steal sensitive data.

  • IP location details: The IP address and location (country, region, city, zip) from which the loan application has been physically created. In particular the system can check if the IP location matches information provided in the loan.

  • Network threat level: An automatically defined parameter based on the assessment of all the collected data and passed by the ipstack© API. Can be defined as low, medium or high.

The ipstack© Check Results Usage

The results of the ipstack© checks are used for two purposes:

The ipstack© Check Results on the Underwriting Workplace

The results of the connection check are visible on the Underwriting workplace under the Risk Score section.

The ipstack© Check Result Details

Results of the checks on the use of proxy server, crawler and Tor system are displayed. If the threat has not been detected, the result is displayed in green.

 

 

Otherwise, the result is displayed in red.

 

 

 

IP Location Check

The IP location parameters (country, region, etc.) are checked against the location details of the customer defined in the loan application. If a discrepancy is defined, a warning is issued.

Hover over the IP location line to see the details:

 

 

The ipstack© Check Results for Automatic Decision

Along with that, the ipstack© check results are used by TurnKey Lender’s decision engine (to make an automatic decision on the loan application approval/rejection). By default, the rules on all three parameters are used and the application is rejected in case of:

  • a Proxy usage detection

  • a Tor system usage detection

  • a network threat level of medium or high

The number of rules met is displayed at the bottom of the tile on the “Underwriting” workplace.

 

Alter the Decision Engine Rules

To change the rules, go to the “Settings workplace”, open the “Decision engine” tab and scroll down to the “Network security rules” section.

These rules can be updated in the same manner as any other Decision engine rules.

If you have unchecked the rule, it will not be used by the decision engine, but this will not affect the list of parameters collected for manual assessment.

How to Integrate with ipstack©

Integration process with ipstack© is rather straightforward for our users:

  • Create an ipstack© account and get the API Access Key, as described in the ipstack documentation.

  • Request the integration from TurnKey Lender team and provide them with your API Access Key value.