Back to Resources

How to Detect Financial Fraud Using 21st-Century Geolocation Data

  • Blog
  • Financial Services

To beat fraud, it’s critical that financial institutions establish their customers’ true identities during the KYC and onboarding process. But the use of IP addresses to verify location – a vital identity attribute – misses the mark. That’s because IP addresses are the easiest location data point to spoof, thanks to VPNs, proxies, fake location apps and other anonymizers.

Trusting an unreliable data source like IP addresses creates massive security holes fraudsters love to exploit, enabling them to mask their identity in order to commit all manner of cyber-crime.

The Unsuccessful Role of IP Addresses in Fraud Detection

The point of location verification is to determine that customers are who and where they say they are. But the truth is IP addresses often do exactly the opposite – they show where users are not.

To test the accuracy of IP addresses for geolocation, GeoComply audited the location checks of three major financial services apps. In two instances, the location indicated Houston, Texas, and the other auto-filled the location as California. The true location during the audit was Vancouver, British Columbia.

GeoComply IP geolocation accuracy test

The use of IP addresses as a sole data source for verifying location is an antiquated practice best left back in the 1990s. It’s time to embrace new techniques and sources for verifying a user’s true location. It’s time to take a look at modern geolocation technology.

Geolocation: The New Location Standard for Fighting Fincrime and Detecting Fraud

Regulators and industry experts are slowly recognizing the importance of geolocation beyond IP addresses in detecting financial fraud and mitigating the risk of money laundering and terrorist financing.

In its 2020 “Guidance on Digital Identity,” The Financial Action Task Force (FATF) recognized the role of geolocation data in strengthening digital identity. It specifically highlighted geolocation as an example of dynamic, digital customer data sources that enable regulated entities to capture essential authentication information.

And as of March of this year, the Mexican government requires its banks to collect and maintain the real-time geolocation of customers accessing digital services. Customers must share their location, a common-enough practice since research shows that 80% of smartphone users enable location services on their devices.

How to Detect Financial Fraud in the 21st Century

Financial institutions need a modern solution that does what IP addresses alone cannot: precisely identify a user’s location to help verify their true identity. They need a fraud detection solution that captures both accurate location data and detects location spoofing attempts. They need GeoComply.

GeoComply’s solutions help mitigate fraud risks through three key steps:

  1. Gather multi-source location data. GeoComply collects geolocation signals from multiple sources – rather than relying on a single source – including GPS, WiFi, GSM, browser/HTML5 and yes, even IP addresses.
  2. Verify location accuracy. Our rules engine runs 350 checks on every transaction to analyze suspicious activities – from spoofing apps to device and user integrity.
  3. Analyze location behavior. GeoComply combines real-time and historical data to detect and flag patterns of location fraud. Our models are constantly updated using both machine learning and human intelligence.

Cyber-criminals are experts at IP address fraud and other forms of location deception, reducing the confidence financial institutions have in the true identity of their customers. Banks, payments service providers and other FIs need to build confidence and accuracy back into their fraud detection tools. GeoComply does just that.

Learn more in our new white paperWhy Your ‘90s Location Data Fails at Detecting Financial Fraud: How 21st-Century Location Fraud Detection Unmasks Bad Actors