Introduction

When a customer is independently creating a loan application (from the Web), it might be difficult to check how reliable their connection is and and how trustworthy they are. This makes a cyber security check an important part of the overall company security.

For this purposes, TurnKey Lender supports integration with ipstack© - a powerful, real-time IP to geolocation API capable of looking up accurate location data and assessing security threats originating from risky IP addresses.

Learn:

What parameters are collected
How the ipstack© security check results are used in the application
How to integrate with ipstack©

Available ipstack© Parameters

Integration with ipstack© allows to check a number of security parameters including the following ones, used by the TurnKey Lender application:

Proxy usage: Сhecks if the customer is using an intermediary server between them and the application page (a “proxy server”) when applying for the loan. Proxy servers may be used to mask the true origin of the request to the Application. For example source country or network
Tor system usage: Сhecks if the customer is using the onion routing system (used for anonymization of communication) when applying for the loan.
Crawler usage: A crawler is a computer program that can be used to steal sensitive data.
IP location details: The IP address and location (country, region, city, zip) from which the loan application has been physically created. In particular the system can check if the IP location matches information provided in the loan.
Network threat level: An automatically defined parameter based on the assessment of all the collected data and passed by the ipstack© API. Can be defined as low, medium or high.

The ipstack© Check Results Usage

The results of the ipstack© checks are used for two purposes:

To display results to help make the loan approval/rejection decision on the Underwriting workplace.
To define rules for automatic loan application decision engine.

The ipstack© Check Results on the Underwriting Workplace

The results of the connection check are visible on the Underwriting workplace under the Risk Score section.

The ipstack© Check Result Details

Results of the checks on the use of proxy server, crawler and Tor system are displayed. If the threat has not been detected, the result is displayed in green.

Otherwise, the result is displayed in red.

IP Location Check

The IP location parameters (country, region, etc.) are checked against the location details of the customer defined in the loan application. If a discrepancy is defined, a warning is issued.

Hover over the IP location line to see the details:

The ipstack© Check Results for Automatic Decision

Along with that, the ipstack© check results are used by TurnKey Lender’s decision engine (to make an automatic decision on the loan application approval/rejection). By default, the rules on all three parameters are used and the application is rejected in case of:

a Proxy usage detection
a Tor system usage detection
a network threat level of medium or high

The number of rules met is displayed at the bottom of the tile on the “Underwriting” workplace.

Alter the Decision Engine Rules

To change the rules, go to the “Settings workplace”, open the “Decision engine” tab and scroll down to the “Network security rules” section.

These rules can be updated in the same manner as for any other Setting Up Rules.

If you have unchecked the rule, it will not be used by the decision engine, but will still be available in the Risk Score tab (Underwriting workplace).

Request the integration from TurnKey Lender team and provide them with your API Access Key value.

TurnKey Lender Knowledge Base

How to Ensure Cyber Security With ipstack© Integration