Why Location is Hard to Get Right
GPS is just the starting point for location-based fraud prevention
After working on location technology for the past nine years, and talking with many companies looking to deploy location-based solutions, the conversation often starts with a discussion of GPS. While applying location technology to mobile fraud prevention seems intuitive, GPS is just the beginning of what is needed. Three critical considerations for location-based fraud prevention that many solutions overlook are:
- Fraudsters today have easy access to tools and techniques to spoof GPS location data.
- Capturing location data typically drains the device's battery
- Location data is sensitive and needs to be handled carefully for user privacy
Fraud prevention solutions need to use more than GPS and IP addresses if they want to avoid being easily spoofed.
Since the boom of ride-sharing apps and location-based massively multiplayer online role-playing games (MMORPGs), GPS spoofing applications have become widely available. These apps not only enable gamers to fake their position to take advantage in a game, but they have also been adopted by fraudsters to mock their location to fool fraud detection systems. There are multiple other techniques that fraudsters routinely use to spoof location, including VPNs, Proxies, and emulators that are described in an earlier blog post entitled Five Ways Fraudsters Spoof Location.
To avoid spoofing, Incognia location technology does not rely solely on GPS coordinates but instead is based on the concept of environments, which map the unique characteristics of a location using sensor data on the device from Wi-Fi, Bluetooth, and cellular networks.
Each location has a unique signature of GPS coordinates, and available Wi-Fi, Bluetooth, and cellular network signals.
Incognia maps these signatures to create unique environments and uses this combined information to identify the location of a device with high precision and accuracy, even indoors. Incognia's approach to location is highly resistant to location spoofing. This data is very sensitive to variations, such as the removal or addition of a new Wi-Fi or Bluetooth connection for example. With this, Incognia is able to pinpoint the location of the smartphone with superior accuracy and precision.
Incognia combines this device data with location behavior and fraud network data to deliver highly effective fraud detection with low false-positive rates.
Another crucial aspect of location technology is battery consumption. Use of location has typically been very battery-intensive, causing many users to turn off location to preserve battery life. To enable continuous location-based fraud prevention Incognia uses geofencing and activity recognition techniques to identify when a device enters and exits a new location. By scanning Wi-Fi and Bluetooth signals, Incognia can detect displacements in position and confirm that the device is at a different location. In this way, Incognia minimizes battery consumption on the device to less than 0.5% in 24 hours, with background location data gathering enabled.
Last but not least is privacy. Location data can easily become very sensitive. That's why Incognia follows privacy by design in the development of our solution and we intentionally do not capture, store or associate any additional PII with location data. We provide special treatment to visit data associated with sensitive locations, such as the user's home, temples, hospitals, and others. We focus on hashing and encryption to protect the location data we collect, and intentionally do not collect additional PII. Other techniques we use include probabilistic set structure, differential privacy, and k-anonymity, bringing the data closer to full anonymization.
Using location technology for fraud prevention is extremely effective for mobile, however, it requires more than just GPS. To read more about considerations behind developing or adopting a location technology solution for fraud prevention read Location Technology Build vs. Buy - 5 Key Considerations.