Bank fraud issue: can IP addresses change?

Is it possible for the IP address for one computer in the same location using the same wireless account to change?

Just spoken to the bank to sort out a possible fraud case on a payment early this morning – it wasn’t fraud, it was me trying to pay for Mayhem entry and it was genuine. They’ve now resolved it and all is fine (and we’re in, nice).

However…the reason the bank flagged my payment this morning was that it was from a different IP address (starting 109, nr Birmingham, my home, and the correct IP that I just confirmed) to the one they have on their records for me from December ’14 (starting 81, nr Reading, god knows who, but online search confirms as down south). The strange thing is that the payment that was made in December ’14 was a genuine payment from me, from home on the 109 IP computer, and it went through fine.

Is it possible for IP addresses to change? Can the bank fraud system somehow get the wrong IP address that my transaction was made from?

Because they thought I should be on 81 IP they saw the transaction on 109 IP this morning and said ‘NO’.

What the heck is going on?

Yes your IP address can change, your internet provider can change it or you can use a vpn to do the same thing.

I log into my bank from various “postal” / IP addresses

Yes. Even more so if you’ve changed ISP.

If you are a home user then you are very unlikely to have a static IP address. However, it will usually be in the same range (one allocated to your ISP)

Ah you’re with BT they chang fairly regular you have an IP form just over Xmas that is a 81.

You’re current one is a 109.

You can also quite easily change it yourself to an IP located pretty much anywhere in the world.

Your ISP give (well, loan) you your IP address, so whether it’s likely to have changed or not will depend on your ISP’ policies. Often they’re ‘sticky’ so that where possible you’ll keep getting the same one. Rebooting your router may cause it to change (again, this is ISP-dependent).

It seems a bizarre reason to flag it as fraud though. What if you were at work or on your phone, or at a friend’s house?

Did they ring you? Did they know your details or could it have been a scam call?

A text message first came through at 8am. They’re automated text message system is off between 10pm and 8am as ‘we don’t want to disturb our customers when they’re probably asleep. I was driving so didn’t get chance to check. When I parked up at 9am I checked the message, it said it was from the bank asking ‘Suspicious activity. Is this transaction yours?’ and I needed to email ‘Yes’ or ‘No’. I didn’t really know who the text was from and was coaching my son’s hockey match so couldn’t really deal with it. I texted No then quickly phoned a friend and she did the Mayhem payment.

If the IP address changes again because I reboot or however it changes, this could happen again it seems.

Is the bank providing a good service here? Are they looking after me or are they causing me a right royal pain in the backside?

Are they looking after me or are they causing me a right royal pain in the backside?

b
changing isp WILL change rour IP address. Rebooting the router almost cerainly will.

Check your IP address here

http://whatismyipaddress.com/ or minimalist at http://icanhazip.com/

The bank will likely use various fraud mechanisms to track suspicious IP addresses and ‘in-session’ behaviour where within a connect-to-site, login, do-stuff, logout and also between sessions they will use a range of techniques to identify behaviour associated with legitimate and criminal use. These are initially automated followed by human analysis so computer-said-no for whatever reason.

An IP address typically doesn’t change mid-session at home however with phones and tablets moving between wi-fi hotspots and on/off cellular networks it is becoming more common.

IP’s starting with 81 are Virgin Medias, IP’s starting 109 are BTs.

Most people have one ISP, the IPs 81 and 109 would indicate two different service providors and probably raised suspicion.

Two years ago, I had to use hotspot shield to access any of my financial accounts due to the setup at work and home – four 100M cable lines, into a load balancing router. Each line it would appear changed its IP address a few times a second.

Needless to say, the whole Internet hated us, honey traps grabbed us every time we accessed sites, Google blocked us, banks refused to work.

So I can imagine they would block it for a change of ISP.

IP’s starting with 81 are Virgin Medias, IP’s starting 109 are BTs.

BT use 81 too.

Most people have one ISP, the IPs 81 and 109 would indicate two different service providors and probably raised suspicion.

Most people have many ways to connect to internet. It’s a foolish way to do it and glad my bank doesn’t use that method.

I don’t get it. There seems no definitive answer on why the IP address changed. Perhaps because the 81 IP payment went through and was done by me, and so was the 109 IP payment (even though it was blocked, perhaps that was because of the ‘new’ IP and the fact the bank said that FR systems Mayhem payment website was flagged as dangerous).

But is it something I need to worry about and take any further/do anything about?

I don’t get it. There seems no definitive answer on why the IP address changed.

There aren’t enough IP addresses in the IPV4 system for all users to have a unique IP address. So, ISPs like Virgin and BT dynamically allocate you one from their pool of IPs and this can (but not always will) change if you disconnect your modem or power cycle it. The system works because not all their customers are online at the same time and they can therefore serve a set of N customers with less than N IP addresses.

The only way to get a fixed IP is to pay extra for a service where your IP is fixed.

EDIT: although that wouldn’t necessarily explain a change of ISP unless BT/Virgin have a agreed an IP loan system. Or one has bought a block of IPs that used to belong to the other. NB Neither will exclusively own a full set of 81/109.xxx.xxx.xxx, they’ll just have a small subset of all 81/109.xxx.xxx.xxx addresses.

As above, on a domestic tariff your ISP will dynamically allocate you an IP but it would typically be within a defined range.

Just wondering – do you work from home at all and use VPN to connect in to your work network?

If so then depending on whether or not all traffic is routed over your work VPN you may present a different public IP (your work’s ISP’s) when connected to VPN than you would when connecting directly via your ISP.

Locations for IP addresses on online tools are pretty useless apart from the country that they are in, down to town level all it will show is where the ISP’s either registered it or where their main operation/gateways are located. For example I have a static IP address from my ISP and I’m located in Wales, yet if you look up that IP it’ll show as Sheffield (easy guess who the ISP is!)

The larger ISP’s will have multiple ranges to cope with the number of users and thru acquisition of other ISP’s thru mergers and so on.

With a dynamically allocated IP address all it needs is a reset/reboot of your router or perhaps a line drop, noting that any of this can occur at anytime so you might not have noticed unless you were using the internet at the time of the drop/reboot/reset for you to loose the current allocation and your router to re-login in to the ISP’s network and get allocated a new address. OR for the ISP to be doing some planned work/re-engineering and tinker with their gateways and introduce a new range or shift you onto a new range.

I think it’s Kudos to the bank for noticing something outside of your normal pattern of usage and doing something about it, perhaps with a reduction for not notifying you straight away.

I wouldn’t have thought they needed a huge amount less than N. Do many people turn their modem/router off?

Except, as discussed, it isn’t actually something outside his or the internet’s normal pattern of usage.

Nothing to do with the IP addressing it is to do with how fine tuned the criteria are on the banks systems for spotting items that may be outside of the normal patterns. It could be anything that triggers the alarm/block, in this case it was an IP address.

For example since December the bank may have had a rise in fraudulent activity that has caused them to alter their thresholds on common items associated with such activities. This may have been a deliberate choice or the banks learning systems may have done this automagically.

Hopefully in a well designed/operated system the fact that this will have been a false positive will have been recorded and fed back into the system, resulting in an alteration in the scoring criteria for the individual customer and perhaps on a much smaller scale for all/some of the banks customers. Resulting in a reduction of such false positives in the future however this will again will be weighed against the continued number of correct alarms for the banks customers. After all there are 16million odd IP addresses in the 109 range with various allocations of that 109 range to ISP’s across Europe.

IP’s starting with 81 are Virgin Medias, IP’s starting 109 are BTs.

^ Stuff like this is just misleading.

I work for a (not BT) ISP and we have several large subnets used for customer assignments (including some blocks beginning with 81 and 109), and they will be dished out in various ways, dynamic single IPs, static single, static blocks, static blocks routed to dynamic singles, static blocks routed to static singles etc.

It gets even murkier when you get into the land of resellers and wholesale connections as IP ranges can belong to one network provider but be used exclusively (or not) to provide services to one of their resellers,a nd the RIPE info won’t always make it clear who is who.

You can’t make blanket statements like the above with any degree of certainty.

If you have a particularly stable connection, even with a dynamic IP that changes on each reboot, you could have the same IP for weeks or months at a time, then again it could change every few days.

It is even possible to move provider and end up with an IP in the same range, as some ISPs will provide services to multiple resellers, and if you move from one reseller to another it’s possible you could still be using the same provider without knowing it. This happens rarely but it does happen. (I would give examples but can’t name companies for confidentiality reasons.)

As others have said above this is all down to how the banks have tuned their systems, basically they’ve spotted *something* that *for you* appears unusual, and it’s been flagged. This doesn’t mean a changing IP address will flag your mate up at the same bank as his history may show he always logs in from different IPs (or ranges).

You can’t make blanket statements like the above with any degree of certainty.

Exactly. The OP has IPs with BT starting with 109, 81, 31 and 86 all within the last 12 months.

😆 – was wondering whether you should be telling us that, but I suppose it doesn’t narrow it down much! Though I would take a punt that the others are his phone – TBH I’d expect to see a huge number of different IPs for my account for that reason.

Though I would take a punt that the others are his phone

Nope. They’re all BT.

Does this mean that if you had texted YES it would have all sailed through OK? Sounds like the Banks system is doing it’s job.

Nope. They’re all BT.[/quote]As a BT broadband user I get roaming WiFi on other BT users routers. I guess I would expect to see loads of IP addresses, especially if I moved round the country a lot.

As a BT broadband user I get roaming WiFi on other BT users routers. I guess I would expect to see loads of IP addresses, especially if I moved round the country a lot.

Correct. As do I but that’s still BT not a mobile network.

Yes, but could be his phone roaming rather than his computer, just as I suggested – so it doesn’t mean his home broadband is getting those addresses (when I suggested my multiple IPs I was thinking Wifi hotspots)

Yes, but could be his phone rather than his computer – so it doesn’t mean his home broadband is getting those addresses

Here’s me thinking her had one of extension cable.