Have you seen the film ‘Catch me if you can’? A young fraudster forges cheques and becomes one of the world’s most wanted criminals. His method of cheque fraud was simple but ingenious: he would make out cheques from far-off banks, and the fact that cheques were still delivered by post to the supposed bank back then meant he could cash them without suspicion until they reached the bank, where the fraud would then be discovered. Times have changed since then, and other methods of fraud have overtaken check fraud. The banks have also equipped themselves to prevent fraud and money laundering. However, a person’s location still plays a role today: geo-velocity and geo-location can help uncover fraud attempts by detecting suspicious transaction patterns or activities in different geographical regions and countries. Read our latest blog post to learn how this is done and how the two methods differ:
Definition: geo-location and geo-velocity and how they differ
Geo-location and geo-velocity are two risk checks that are performed during the authentication process and help protect bank accounts, for example. The identity provider can use geo-location to determine the device's physical location from which an attempted account login is made. This allows the geographical location to be determined. Different features, such as the IP address or IP velocity, can be analysed in the process.
This, in turn, enables the prevention of different fraud scenarios, especially when it comes to validating geographical authenticity or detecting anomalies in location information.
Geo-velocity focuses on the speed of movement between geographic positions. Essentially, the identity provider measures the distance between a person’s current location and the last location from which the same user logged in. For example, it would be impossible for a user to log into their bank account at 9 a.m. from Zurich and then again two hours later from Munich. Even the fastest means of transport cannot cover the distance between these two cities at this time.
Uncovering fraud attempts
Geo-location is primarily concerned with checking anomalies in the location information. As a result, these measures are suitable for revealing threats such as identity theft, account takeovers and phishing.
Geo-location makes it possible to detect if a customer is logging in from an unusual location. The system at the bank can then decide whether to request additional authentication measures.
However, geo-velocity can also be an invaluable aid when it comes to detecting unusual activities. For example, if a bank account is regularly used from two locations that are geographically distant from one another, this can point to the misuse of stolen login data.
The combined use of both tools significantly increases the efficiency of fraud detection and prevention. Based on location and movement patterns, financial institutions can gain a comprehensive overview and intervene promptly in the event of attempted fraud.
Security and privacy
Geo-location is constantly criticised for causing problems related to the GDPR. After all, the data used in this case is sensitive and particularly worthy of protection. In addition to securing the consent of users to the collection and processing of their data, organizations must be transparent about what happens to this data.
By contrast, geo-velocity has fewer direct consequences for data protection because it relates to aggregated data rather than personal data. Nevertheless, it is important to anonymise this data, minimise its volume and provide suitably robust security measures. Organisations using geo-velocity are also advised to inform the affected people and communicate clearly that their data is being processed for fraud prevention.
Detecting fraud before it’s too late
Geo-location and geo-velocity are suitable measures for adaptive authentication. This enables fraud attempts to be detected and prevented before customers suffer financial losses.