Picture this:
It’s opening night of one of the most anticipated sporting events on earth. Hundreds of millions of people are glued to a screen in one moment.
The match loads. The right content goes to the right viewer. The stream is in their language. Everyone gets the ads they’re supposed to. It all just works. But behind that seamless moment is a battle being fought in every direction.
Pirates who have been preparing for this broadcast since the draw was announced.
Credential attackers who know your subscribers will be distracted.
And your rights holders, who will be watching extra close to see whether their content goes exactly where it’s supposed to.
The 2026 World Cup—the world’s biggest, most-watched global sporting event—is clocking in at over 192 million unique viewers (just in the first round). The most recent Winter Olympics saw over 110 million unique users. Even the U.S. centric Super Bowl saw around 125 million viewers.
unique users
viewers
viewers, first round
Underlying all these major sporting events is a licensing map that shifts region by region. A surge in viewers glued to a screen at the same moment. A once-a-cycle subscriber-acquisition window. And a fraud surge timed to the exact minute.
This is the scale, precision and complexities that GeoComply was built to manage for over a decade.
We sat down with James Clark, GM of Media & Entertainment at GeoComply, to talk through how streaming platforms prepare for the biggest live windows in sport and entertainment. The process, the decisions, and the thinking that goes into protecting rights, revenue, and viewers when the whole world shows up at once.
But first, let’s set the scene.
When a major sporting event kicks off, millions of fans hit play at the same time.
That means that the verification layer underneath (the location checks, identity signals, fraud detection, etc.) is absorbing enormous, sudden spikes in demand.
For a platform, the stakes are real. If the wrong content reaches the wrong region, a rights holder notices. If a real viewer is locked out at kickoff, they don’t wait around. And in a market where one bad moment sends a subscriber to the next app, a protection failure doesn’t just cost a stream. It costs your relationship with paying customers and rights owners.
This is the world GeoComply’s media and entertainment team prepares for. Champions League finals. Olympic Games. Super Bowls. Grand Slams. And most recently, at a scale the world has never seen: the World Cup.
And that’s the exact mindset James and the team built the playbook around.
The World Cup is one of the most watched events on the planet. When you started thinking about what a moment like that means for a streaming platform, what was your first reaction?
The audience surge is the obvious story, and it’s the one everyone has to get ready for. Live sport is a challenge for a streaming platform for many reasons; least of all being that if something goes wrong, you only have one chance to fix it.
Plus, you don’t have long to do so. I think a crucial step that is often not given as much attention as it requires is what happens before an event. Threats don’t show up in your dashboards on broadcast day. They actually start to show up weeks earlier, in places you’re not necessarily looking yet.
The reframe we always come back to with partners is that this isn’t a broadcast-day problem. It’s a months-out problem. The pirate spinning up infrastructure to restream the final has been working on it since the bracket was set. The credential ring testing your login flow isn’t waiting for kickoff. So if your plan only starts a few weeks out, you’re already reacting to something that’s been building for months.
And it’s never just one problem. A single match is a compliance problem, a revenue problem, and a trust problem at the same time. The platforms that come through these windows well are the ones who stopped treating those as separate workstreams.
How does preparation actually work? When does it start, and who’s involved?
Months before the event. And it’s not just one team. There are many pieces fitting together.
The first is the rights picture. What are the exact licensing boundaries, territory by territory? What does the studio or league need to see in the audit afterward? Which markets carry the most exposure? You can’t protect a boundary you haven’t mapped precisely, and “roughly the right country” isn’t good enough when a valuable rights deal is on the line.
The second is risk intelligence. What spoofing and proxy methods are we seeing emerge right now? The techniques change between every major window, so we spend real time understanding what the sophisticated operations are testing before the event, not after.
The third is platform readiness. Ensuring uptime with no disruptions, tuning the detection models, mapping geofences to the rights map across every device type, setting the false-positive thresholds so a legitimate fan never feels any of this. That’s the work.
The important thing is that readiness isn’t a meeting where someone says “we’re good.” It’s a sequence. You identify the gaps, you close them one at a time, and the work shapes the plan. Readiness isn’t a single state. It’s an ongoing process.
And most critical of all, the platform needs to make money. How are you ensuring you know who each of your viewers are? How are you ensuring you’re maximising the value of each eyeball you’ve worked so far to attract?
You mentioned platforms should be maximizing value for every view. What does this look like in practice?
It starts with treating a view as a piece of context, not just a metric. Two people watching the same match aren’t the same viewer. One’s on the sofa. One just walked into the stadium with your app open. One’s commuting, streaming on cellular in a second language. Same content, three completely different moments. Most platforms serve all three the identical experience because they can’t tell them apart.
One’s on the sofa.
One just walked into the stadium with your app open.
One’s commuting, streaming on cellular in a second language.
Once you can verify where someone actually is and how they normally behave, every one of those moments becomes something you can act on. The subscriber who crosses a venue perimeter can get exclusive pre-game content, an in-venue offer or a sponsor activation you can’t deliver without knowing they physically walked in. The viewer in a specific market sees the catalog, language, and recommendations built for where they actually are, not where they’re guessed to be. The ad they’re served is cleared for their jurisdiction and priced against verified reach, which is why location-based inventory can drive materially higher engagement and CPMs than broad targeting.
And it compounds. The behavioral baseline you build—where someone watches, on which devices, at what times—makes the next session more relevant than the last. For a growth team, that’s the difference between a viewer who showed up for one match and a subscriber who stays for the season. The event hands you the acquisition spike. What you do with every view is what turns that spike into sustainable growth and retention.
So far, you mentioned rights enforcement, risk intelligence, uptime and revenue. In your experience, what technologies in the market are most essential in addressing these challenges?
The honest answer is that no single signal or solution does it all. Anyone selling you a silver bullet fix is selling you a blind spot. What actually holds up across all four is a combination of signals that give you a more holistic picture: location, device, identity and behaviour, corroborated together and layered over time.
Location is the anchor. Where a device physically is, verified against the licensing map, is what enforces rights and catches the spoofer.
Device signals tell you whether that location can be trusted in the first place, whether something’s been tampered with, jailbroken or run through a tool built to fake it.
Identity and behavioural signals tie it to a real person and their regular patterns, which is what separates a household from a fraud ring and a traveling subscriber from a compromised account.
Each has gaps on their own. Together, they cross-reference each other, so one spoofed input doesn’t open the door.
The reason that combination answers all four challenges at once is that it’s the same underlying read. The signal that proves a viewer is inside a licensed territory is the same signal that flags the piracy ring, the same signal that confirms the account is legitimate, and the same signal that tells you who’s really watching. You’re not running four systems. You’re extracting different insights from the same set of signals.
Walk me through how these location, device and identity signals actually work under the hood.
The clearest way to think about it is in two layers. The one most of the industry still relies on looks at the network level—conventional signals we’re all familiar with like IP geolocation. The one we’ve been describing above looks deeper: at the device itself, the person using it, and the location.
IP geolocation
IP geolocation lives at the network layer. It’s cheap, it’s everywhere, and it’s unintrusive, which is why it’s the industry standard. But at best it’s accurate to within about 100 kilometers, and when a residential proxy is active, it’s effectively blind. A piracy ring routing through a real home IP looks like a local subscriber.
Where the device really is
The device and identity layer is where you actually hold the line. GPS, WiFi, and cell tower signals confirm where a device and user physically is down to a couple meters, not where its network suggests it might be. Layer behavioural baselines on top, the locations and devices an account normally uses, and the picture sharpens further.
A family sharing one login across a city looks completely different, at a signal level, from a ring sharing credentials across a continent. Same with tamper detection: a spoofing tool leaves fingerprints an IP lookup never sees.
The prep work is building those baselines before the event and making sure it all behaves consistently across web, mobile, smart TV, and set-top box. A gap in one environment is the gap someone finds on match day.
IP-based geolocation is the standard a lot of platforms already rely on. Why isn’t it enough for a moment like this?
It’s the industry standard but frankly, quite outdated as a standalone solution. The problem is what it can’t see. Most of modern piracy now runs through residential proxies, and those don’t light up the VPN blacklists everyone’s built their defenses around. The obvious data-center VPN is the one you catch. The sophisticated operation, the one doing the real commercial damage, walks straight through the front door looking like a local fan.
The way I put it to partners is simple: the residential proxy that fools an IP blacklist doesn’t fool real world signals that know exactly where a user or device is. Once you’re verifying at the device and identity level, the blind spot closes.
An independent third party backed this up. When Cartesian shared results from a series of tests it ran across various streaming services for a sports rights owner, even everyday tech-savvy consumers were getting past basic IP guardrails. This isn’t a fringe problem anymore. It needs to be addressed at the infrastructure level.
How does revenue tie into the other anti-fraud and uptime processes required for event readiness?
It’s the same signal doing all of these jobs. The verified location that keeps a stream inside its licensed territory or detects a piracy ring is the same data that tells you who’s really on the platform, where they are and what they enjoy streaming.
But first, let’s start with revenue leaks, because they’re quieter and often a bigger problem than most platforms are led to believe. Password sharing, price arbitrage, gray-market access. The thing that makes those hard isn’t detecting them, it’s detecting them without torching the experience for real subscribers. A household sharing one login across a city looks identical to a fraud ring if all you have is network level data.
Once you can tell those apart at a deep signal level, you can prompt the sharer toward their own subscription and leave the real household completely alone. That distinction is the whole game. When Netflix tightened up location-based controls, they added 9.3 million subscribers in a single quarter. Blocking led to buying.
Price arbitrage is the same story. The price gap between markets can run over 800% more, so people spoof into the cheap region at signup and watch premium content for a fraction of the price. Verify true location at signup and at billing, and that loophole closes. And the gray-market viewer everyone writes off as a lost cause mostly isn’t. Close the illegal stream off cleanly and a large share of those viewers will take out a real subscription. They wanted the content. They just took the easy door.
Then there’s the upside.
Plugging revenue leaks is one part of the equation. Can you elaborate more on the upside you just mentioned?
Verified geographic reach is the cleanest audience signal you can leverage yourself or hand an advertiser. Inventory you can prove is real fans in real places, free of bots and spoofed impressions, commands materially higher in a lot of cases, because it’s brand-safe in a way generic IP targeting can’t match.
The same precision powers location-based personalization, regional recommendations, venue-specific offers when a verified fan walks into a stadium. One of our partners added 15% to their revenue projections building products with precise location, after coming to us to solve a compliance problem.
That’s the pattern. Platforms come for the rights enforcement and stay for what the same signal does to grow the bottom line.
It’s the day before a major match. What’s on the pre-game checklist?
I’d generally group them into a few buckets: rights, risk, uptime and growth.
Are the geofences mapped correctly to every territory’s licensing terms, and is that holding across every device type a fan might watch on?
Are the proxy, spoofing, and tamper models tuned, and are the false-positive thresholds set so legitimate fans get in without friction? Catching pirates is only half the job. Not catching the traveling subscriber is the other half.
Is the verification layer scaled for the spike, and tested against it? A surge that knocks out a CDN is the platform’s problem to absorb. A surge that slows the location check is ours. When millions hit play in the same few seconds, every one of those checks has to clear in milliseconds, or the friction you engineered out comes straight back at the worst possible moment.
Is the verified-location signal actually feeding the teams that turn the event into revenue? Ad targeting and compliance boundaries set for every market, personalization and localization ready for the audiences tuning in, conversion prompts ready for the sharers and gray-market viewers the match brings to the door.
And underneath all three, one question: are the rights, trust and safety, ad, and customer experience teams aligned and aware of what’s coming? We want to know what each side is expecting before the match, not find out from a spike.
What does redundancy look like if something unexpected gets through?
The first principle is that no single signal carries the whole defense. Location, device, and behavior cross-reference each other, so one spoofed input doesn’t open the door.
The next layer is how you respond. Step-up authentication should only trigger when an anomaly actually warrants it. A subscriber who traveled for work and logged in from a new city continues without noticing anything. The genuine account compromise, the login from an impossible location minutes after normal use, gets challenged at the door. Most platforms set that switch too aggressively and end up taxing their best customers. We treat near-zero false positives as the floor, not the ceiling.
The layer that protects the rights relationship is the audit trail. Tamper-proof evidence that you enforced the boundary, ready for the studio or league when they ask. That’s the safety net that turns “we tried” into proof. The goal with all of it is that the legitimate viewer never feels any of it happened.
The World Cup is a six-week tournament, not a three-hour game. How does that change things?
That’s one of the more interesting parts. A single game, you brace for it, you watch it happen, you stand down. Six weeks of multiple matches a day is a different discipline entirely.
The threat patterns shift as the tournament moves. What you see in the group stage isn’t what you see in the knockouts. The audiences change, the stakes change, and the pirates and arbitrage operators adjust with them. So you don’t set it once. You recalibrate per stage: watch how the proxy, spoofing, and sharing patterns actually behaved in one round, and tune for the next. It’s continuous calibration, not a fixed setting.
And there’s a compounding upside most platforms don’t price in. Apart from building more precise user profiles to deliver the best content and ads, every clean window is evidence. A World Cup, an Olympics, a Champions League season you came through without a leak is a track record you can put in front of a rights holder. Over time, that’s what earns you preferential treatment for the best content in the next negotiation.
Table of Contents
What to ask your vendor partners before a major event
What James described isn’t a set of heroic fixes deployed under pressure. It’s a repeatable process, refined across years of major live windows. Here’s the framework, distilled for any platform team, risk team, rights team, or revenue team thinking about readiness going into a high-stakes event.
The attackers prepared the moment the draw was announced. If your content-protection plan kicks in two weeks before kickoff, you’re reacting to infrastructure that’s been built and tested for months. Final checks happen in the last month. The real work needs runway.
“Roughly the right country” isn’t an audit answer. The question is whether your enforcement matches the exact boundaries in the rights deal, and whether it holds across web, mobile, smart TV, and set-top box. A gap in one environment is the one that gets found on match day.
Most modern piracy runs through residential proxies that look identical to a local fan on an IP check. If your defense is built on IP geolocation and VPN blacklists, ask specifically how you catch the residential proxy that never lights them up.
A family sharing a login across a city and a ring sharing credentials across a continent look the same through a network-origin lens. The question isn’t just whether you can detect sharing. It’s whether you can distinguish intent precisely enough to prompt an upgrade without locking out a real subscriber.
A viewer whose stream dies mid-match doesn’t wait around. That’s a churned subscriber, a refund request, a chargeback, a reputational disaster or a lost acquisition opportunity that the event was supposed to deliver. Anticipate what happens in the single busiest second of the game and ensure your platform is load-tested against that spike.
When the studio or league asks how the content stayed inside its territory, “we tried” isn’t enough anymore. The question is whether you can hand over irrefutable, tamper-resistant proof. That evidence is increasingly a condition of the licensing deal itself.
A single-game approach applied to a six-week event will either overspend or under-protect. A real plan observes the threat patterns in each stage and recalibrates for the next. Static settings for a dynamic event is a red flag.
The verified-location signal that enforces your rights boundaries is the same signal that commands higher CPMs, powers personalization, and converts gray-market viewers into paying subscribers. If protection and growth are running as separate workstreams, you’re paying for the same intelligence twice and using it once.
Keeps a stream inside its licensed territory.
The cleanest audience signal you can offer an advertiser.
Tells a household from a sharing ring.
Content protection and revenue growth don’t have to be separate workstreams. They can run on the same intelligence layer. The verified-location data that keeps a stream inside its licensed territory is also the cleanest audience signal you can offer an advertiser, the thing that tells a household from a sharing ring, and the trigger that turns a fan walking into a stadium into an engaged subscriber.
The next major window is already on the calendar. The question was never whether it would be targeted. It’s whether your platform is the one that handled it, or the one explaining to a rights holder why their content ended up somewhere it wasn’t supposed to be.
Want to talk through what event readiness looks like for your platform?
James Clark | GM Media & Entertainment
Leading GeoComply’s Media and Entertainment division, James helps organizations use location to secure their services, reduce fraud, and protect their users. He has been involved with the ever-evolving challenge of secure media delivery throughout his career in the digital entertainment sector. James combines a technical understanding of security technologies with extensive experience working closely with businesses to fight piracy and fraud.