How To Prevent Geo Pricing Abuse

How To Prevent Geo Pricing Abuse
  • Published: January 2, 2023

Geographical pricing, also known as "zone pricing" or "geo pricing", is a pricing strategy that involves charging different prices for the same product or service based on the geographical location of the customer. Geographical pricing is used by many companies that provide digital services, including Netflix, Spotify and YouTube.

While geographical pricing is a common practice in certain industries, it can also be abused by customers looking to take advantage of different prices for the same product or service in different locations. It is important for companies to be aware of these potential abuses of geo pricing and to take steps to prevent them.

How to determine a users true location

First, let us look at some of the different techniques available for determining the location. The most common mechanism to determine a users location are:

  • IP address: A user's IP address can often be used to determine their approximate location. Such GeoIP technology usually relies on a database that maps a IP address to a country or city. It is important to understand that GeoIP technology may not be accurate and give unreliable results. Furthermore, users may change their IP address by using VPNs or proxies to hide their real IP and location. You can use the Focsec VPN Detection API to check if a user is using a VPN or proxy.
  • Browser Geolocation API : Modern web browsers include a JavaScript-based Geolocation API. This API allows a website to determine a users location. The browser may use different methods to determine the location, such as GPS or Wi-Fi positioning. Accessing the browsers Geolocation API usually requires the user's explicit consent and is not availble by default. In practice, this means the user will have to click a permission popup from the browser to allow you to receive the location data.
  • Browser language settings: Certain browser-settings, such as the default language may be used to guess a users location. Most browsers will include the Accept-Language HTTP header that specifies the users preferred language using the ISO 639 country code. For example a Accept-Language value en-us may indicate that the users preferred language is English (en) as spoken in United States (us). Since users can set any language they want, this is not a reliable way to determine the users location and generally not recommended.
  • Payment method: Using a user's billing address or payment method to determine their location is another possible method. Many payment providers, such as Stripe, allow you to determine the country where the card used for payment was issued. If the card issuing country does not match the location provided of the user, this may be a sign that a user is trying to hide their location.

None of the methods above are 100% reliable, so it is important to understand the limitations and shortcomings of each method.

The browser Geolocation API location and browser language settings are unreliable methods, as they can be easily be changed by the user. Using a IP to determine a users approximate location is better method, but it is important to understand that users may fake their IP address.

How users may try to hide their real IP

A users may hide their real IP address by using any of the followings methods:

  • Virtual Private Network (VPN): A VPN allows users to mask their true location by routing their internet traffic through a server located in a different location. This will make the users IP address appear to be in a different country.
  • Proxy server: A proxy server acts as an intermediary between the user and the website they are trying to access. By routing traffic through a proxy server located in a different location, users can mask their true location.
  • Browser extensions: There are a variety of browser extensions available that allow users to change their location. These extensions often use VPN technology under the hood. Additionally such extensions may modify browser settings such as the preferred language to match the fake location.

If you need to detect if a user is using a VPN or proxy server, the Focsec VPN and Proxy Detection API offers a reliable all-in-one solution.

In addition to using geolocation detection measures, you may want to consider setting limits on the number of products or services that can be purchased from certain locations, as unusual high traffic from certain countries may be a indicator that your geo pricing model is being abused. Overall, it is important for both companies and customers to be aware of the potential for abuse in geographical pricing and to act ethically and responsibly in order to ensure a fair and transparent market.

Want to detect VPNs, Proxies, TOR, Bots, Hackers and more?

The Focsec API detects VPNs, TOR, Proxies and Bots. It helps prevent fraud and protect against suspicious logins and attacks.

Read more »