Spoofing-resistant location data - the missing piece to addressing digital trust and safety Featured Image

Spoofing-resistant location data - the missing piece to addressing digital trust and safety

Location data is essential for digital trust and safety, however, if not spoofing resistant it can do more harm than good

Most trust and safety teams, unfortunately, only have at their disposal traditional online fraud prevention tools that were designed with financial fraud in mind. Newer generation digital companies such as ride-hailing, food and grocery delivery, sharing economy, social media, online dating, local peer-to-peer marketplaces, and social gaming, are dealing with very different trust and safety and fraud issues.

The increased complexity of today’s trust and safety is because the digital channel is now responsible for connecting humans, which is a much more complex and unpredictable interaction than between just humans and computers.

When two individuals can interact online, any kind of online scam is possible. In industries, such as ride-hailing, delivery, and dating, it's even more complicated because users also meet in the physical world after connecting online. Trust and safety considerations extend from online to offline.

The main problem with traditional fraud prevention solutions applied to trust and safety use cases is that they are optimized to analyze human-to-computer interactions and rely on a lot of PII and payment information, usually not collected by these categories of apps.

The essential data point missing in traditional fraud prevention solutions and that is abundantly available for newer generation apps is location data. Apps like ride-hailing and dating have location services as mandatory user permission. However, unfortunately, most location-based apps are still not leveraging the full potential of location data for trust and safety use cases.

The role of location data in trust and safety

Location data helps trust and safety teams address complex trust and safety issues without needing payment and detailed PII information from users. The challenge though is that on mobile, simplistic location data from IP and GPS is easily spoofable and not precise enough to be used to block bad actors.

Currently, mobile location services leverage GPS and IP address data primarily. Geolocation data has been used for online authentication and fraud prevention since the early days of the internet. The IP address can detect the city where the user is located, but fraudsters then develop multiple techniques to hide their true IP location: VPNs, Proxies, Tor...

The problem with GPS is that the operating systems developed a feature that enabled developers to test these location-centric applications. This feature enabled the creation of many apps that spoof geolocation information and misguide mobile applications. Today, any end user can download these apps to spoof geolocation data. More sophisticated methods, emulators and instrumentation tools were created to spoof this data.

With IP and GPS spoofing being so accessible, geolocation data has never been leveraged at its full potential because of the lack of reliability. In addition, the lower precision of these technologies would lead to high false positive rates because entire cities, neighborhoods and buildings could be blocked if the old type of location data was used to stop fraud. 

To address the reliability and precision challenges regarding location data, Incognia has developed a proprietary location algorithm awarded in 2014 by some of the top academic institutions (ACM, IEEE, Microsoft Research) for the precision of our technology (8 feet or 2.8 meters). Eight years later, it has kept constantly evolving.

With one of the most powerful location technologies available, one that is spoofing resistant and multiple times more precise than the GPS (30x) and IP location, Incognia redefined location data for online authentication. This high precision enabled Incognia to develop a digital identity solution that is 17X more precise than FaceID, with an error rate of 1 in 17,000,000.

Let's break down the use cases that are enabled by using a spoofing resistant and more precise location technology.

Location watchlist (suspicious locations)

  • detect fraud farms (organized fraud operations)
  • re-identify recurring bad actors (professional fraud operation)
    • scammers and fraudsters creating fake accounts or taking over accounts

Address validation for user onboarding

  • Detect synthetic identities/ fake accounts, liveness spoofing detection

Address validation for online commerce / delivery services / lodging marketplaces

  • reduce chargebacks, ensure successful delivery, detect fake place listings

Trusted locations for frictionless device authorization and high-risk transactions

  • Prevent ATOs and fraud associated with stolen devices

Trusted locations for frictionless login

  • Remove the need for passwords and other authentication factors

Location verification - fake local reviews

  • Ensure that users posting content relative to a physical location have actually been there.


These use cases aren’t possible with IP and GPS technology because the data is easily spoofed, unreliable and not precise.

So if you want to provide trust and safety with a frictionless authentication experience, ensure you have access to spoofing-resistant location data and environment-level precision.