In the volatile world of digital assets, it’s critically important for cryptocurrency exchanges to manage their regulatory risk – nobody wants to pay hefty fines for sanctions violations or for failing to register in the jurisdictions in which they operate.
Many operators won’t even serve customers in high-risk jurisdictions that have tough penalties for noncompliance. To effectively block users from these jurisdictions, it’s imperative for crypto exchanges to deploy advanced geofencing technologies that help keep them on the right side of the law.
What Is Geofencing and How Is IP Used for Location?
Geofencing creates a virtual perimeter around a real-world location, such as a country or region. It uses location data from a user’s device to enable (or disable) certain actions when the user enters or exits the geofenced location. For crypto exchanges, that action might be to prevent a user in a certain jurisdiction from setting up an account or transacting on their platform.
Most crypto exchanges and FIs use IP addresses as a way of locating a particular user. If the user’s IP address indicates they’re located in a high-risk jurisdiction, then they’re denied access to the trading platform. The exchange avoids the regulatory risk associated with that country or region – or so they think.
Why Aren’t IP Addresses Enough for Location?
But there are a couple of important reasons why IP addresses are not enough for location. First, they are the easiest location data points to spoof, thanks to VPNs and DNS proxies. In fact, many VPN providers are actively marketing their products to crypto traders as a way to specifically circumvent geographic restrictions.
In addition, mobile IP addresses have little to do with a user’s true location. Mobile IP points only to the carrier who activated the device – not where the user actually is.
To test the accuracy of IP for geolocation, GeoComply audited the location checks of several major financial services apps. In two instances, the location indicated Houston, Texas, and the other auto-filled the location as California. The true location during the audit was Vancouver, British Columbia. This audit highlights how a business – such as a crypto exchange – that trusts IP addresses for geolocation may be subject to a certain jurisdiction’s regulations without realizing it.
Using IP for geofencing has another unintended consequence: potentially blocking users in jurisdictions where an exchange wants to – or is permitted to – do business. The CEO of a trading platform using IP addresses for location checks admitted, “Our experience is that the vast majority of affected users of such checks are actually not U.S. persons at all, but we have to take those actions to do what we can to not have actual U.S. persons on the platform.”
To De-Risk Their Platforms, Exchanges Need to Use Advanced Location Data
To significantly reduce their regulatory risk, exchange operators need to set up geofencing restrictions based on multi-source location data that is more accurate and reliable in establishing a user’s true location. This data includes three critical elements:
- Gathering modern device-based geolocation data to identify users within a high degree of accuracy for both mobile and desktop devices
- Verifying this data, to determine whether it is fraudulent or spoofed
- Analyzing historical geolocation transactions to detect and flag high-risk behaviors, such as location jumping
The limitations of using only IP addresses for location are becoming better understood by financial regulators. For example, the Financial Action Task Force (FATF) specifically identified multi-source geolocation data (e.g., Wi-Fi, GPS, GSM/cell tower triangulation, HTML5, etc.) as a necessary part of digital identity and KYC verification.
Geofencing technology that uses accurate, authentic and unaltered location data enables exchange operators to effectively block users based on where they actually are – not where they say they are. In this way, crypto exchanges can exclude users in high-risk jurisdictions while welcoming the customers they want on their platform.
Download our white paper, “How Virtual Currency Companies Can Raise the Compliance Bar”.