To beat fraud, it’s critical that financial institutions establish their customers’ true identities during the KYC and onboarding process. But the use of IP addresses to verify location – a vital identity attribute – misses the mark. That’s because IP addresses are the easiest location data point to spoof, thanks to VPNs, proxies, fake location apps and other anonymizers.
Trusting an unreliable data source like IP addresses creates massive security holes fraudsters love to exploit, enabling them to mask their identity in order to commit all manner of cyber-crime.
The Unsuccessful Role of IP Addresses in Fraud Detection
The point of location verification is to determine that customers are who and where they say they are. But the truth is IP addresses often do exactly the opposite – they show where users are not.
To test the accuracy of IP addresses for geolocation, GeoComply audited the location checks of three major financial services apps. In two instances, the location indicated Houston, Texas, and the other auto-filled the location as California. The true location during the audit was Vancouver, British Columbia.
The use of IP addresses as a sole data source for verifying location is an antiquated practice best left back in the 1990s. It’s time to embrace new techniques and sources for verifying a user’s true location. It’s time to take a look at modern geolocation technology.
Geolocation: The New Location Standard for Fighting Fincrime and Detecting Fraud
Regulators and industry experts are slowly recognizing the importance of geolocation beyond IP addresses in detecting financial fraud and mitigating the risk of money laundering and terrorist financing.
In its 2020 “Guidance on Digital Identity,” The Financial Action Task Force (FATF) recognized the role of geolocation data in strengthening digital identity. It specifically highlighted geolocation as an example of dynamic, digital customer data sources that enable regulated entities to capture essential authentication information.
And as of March of this year, the Mexican government requires its banks to collect and maintain the real-time geolocation of customers accessing digital services. Customers must share their location, a common-enough practice since research shows that 80% of smartphone users enable location services on their devices.
How to Detect Financial Fraud in the 21st Century
Financial institutions need a modern solution that does what IP addresses alone cannot: precisely identify a user’s location to help verify their true identity. They need a fraud detection solution that captures both accurate location data and detects location spoofing attempts. They need GeoComply.
GeoComply’s solutions help mitigate fraud risks through three key steps:
- Gather multi-source location data. GeoComply collects geolocation signals from multiple sources – rather than relying on a single source – including GPS, WiFi, GSM, browser/HTML5 and yes, even IP addresses.
- Verify location accuracy. Our rules engine runs 350 checks on every transaction to analyze suspicious activities – from spoofing apps to device and user integrity.
- Analyze location behavior. GeoComply combines real-time and historical data to detect and flag patterns of location fraud. Our models are constantly updated using both machine learning and human intelligence.
Cyber-criminals are experts at IP address fraud and other forms of location deception, reducing the confidence financial institutions have in the true identity of their customers. Banks, payments service providers and other FIs need to build confidence and accuracy back into their fraud detection tools. GeoComply does just that.