Understanding geolocation data with Device Fingerprinting

Geolocation data will fortify your fraud detection capabilities while also ensuring compliance with geolocation regulations. By combining geolocation data from multiple sources, SEON's SDKs can accurately identify potential fraudulent activities and suspicious user behavior. In addition, businesses can leverage geolocation data to optimize marketing campaigns, tailor user experiences, and gain insights into customer behavior across different regions.

Geolocation data provides valuable information about the geographical location of a device accessing your platform. By analyzing this data, businesses can gain insights into user behavior, detect suspicious activities, comply with regulations, validate user’s addresses, and personalize user experiences based on location.
Geolocation data reveals a user's physical location, which can be sensitive and personal information. 

Therefore, it is essential to obtain explicit consent from users before collecting, processing, or sharing geolocation data. This consent must be informed, meaning that users understand what data is being collected, why it is being collected, and how it will be used.

Types of geolocation data sources

SEON's SDKs gather geolocation data from a variety of sources to ensure the highest levels of accuracy and reliability:

• GPS and location services: For mobile devices, SEON's SDKs can leverage device GPS data and location services, providing highly accurate and real-time location information.
• IP address and IP location: The user's IP address can provide information about their geographical location. SEON's SDKs analyze IP addresses in conjunction with other data points to detect potential fraud and ensure compliance.
• WebRTC: WebRTC (Web Real-Time Communication) can provide insights into a device's local IP address, which helps identify discrepancies between the local IP and the external IP provided by the user's connection.
• Region and language settings: SEON's Device Fingerprinting SDKs gather geolocation data from various sources, including the region and language settings on a device. These settings often align with the user's actual location and can be cross-referenced with other geolocation data points for greater accuracy.

Several privacy regulations govern the collection and use of geolocation data, including the General Data Protection Regulation (GDPR) in the EU, the California Consumer Privacy Act (CCPA), and other data protection laws worldwide. Ensure your practices align with these regulations, including:

• Obtaining explicit consent: Obtain clear, affirmative consent from users before collecting geolocation data.
• Providing rights to users: Grant users rights such as access, rectification, erasure, and the right to data portability concerning their geolocation data.
• Conducting data protection impact assessments: Assess the impact of collecting and processing geolocation data on user privacy, and implement measures to mitigate risks.

Location spoofing is the act of faking or altering the reported geographical location of a device. Fraudsters use various techniques to achieve this, such as GPS spoofing, VPNs, proxies, emulators, instrumentation tools, and app tampering. These methods allow them to evade location-based restrictions, such as geo-blocking, or conceal their true whereabouts to engage in fraudulent activities.

Common techniques for location spoofing

• GPS spoofing: Manipulating GPS data to simulate a different location on the device, thereby misleading applications or systems that rely on location data.
• VPNs and proxies: Using virtual private networks (VPNs) or proxy servers to mask the device's IP address and location.
• Emulators and instrumentation tools: Running apps in emulators or using instrumentation tools to fake location data within apps.
• App tampering and cloning: Modifying or injecting code into apps to manipulate location-related behavior.

Motivations behind location spoofing

• Evading geo-blocking: Fraudsters use location spoofing to bypass geographical restrictions on content or services such as streaming, gaming, and gambling.
• Committing fraud: Spoofing can facilitate identity theft, account takeovers, SIM swap attacks, and other fraudulent activities.
• Hiding illegal activities: Criminals may use fake locations to obscure their involvement in crimes such as theft, rental car fraud, or kidnapping.

To protect against location spoofing, businesses should employ robust fraud detection and prevention technologies that go beyond simple IP or GPS checks. Device fingerprinting, network behavior analysis, and advanced algorithms can help identify and mitigate the risks associated with location spoofing.
By understanding the techniques and motivations behind location spoofing, businesses can better safeguard themselves and their users from this growing threat. Implementing comprehensive security measures is essential to stay ahead of fraudsters and protect valuable data and assets.

IP location spoofing

Proxies and VPNs are commonly used by fraudsters to conceal their true location and identity, making it challenging for traditional fraud detection systems to identify malicious activities. SEON's Device Fingerprinting SDK employs sophisticated algorithms to detect proxies and VPNs, enabling businesses to differentiate between legitimate and fraudulent users effectively.

How VPN, web and datacenter proxies can be detected

Sending the client’s IP address to our IP API can reveal a lot of information, including whether it is a known VPN or proxy address, which ports are open, and whether this address is included in a spam list or not. The drawback is that these checks are based on IP reputation and, as such, are not adequate for the detection of residential or mobile proxies.

Learn more: Check our IP API documentation for more information.

How VPN and residential proxies can be detected with Device Fingerprinting

Integrating the SEON’s JavaScript SDK can help you detect users who are trying to hide their real IP addresses on your website. The module collects multiple data points from the browser using JavaScript and the TCP/IP and TLS fingerprints. By analyzing this information, we can accurately identify whether the user uses a proxy or VPN connection to access the website. This feature can detect residential and mobile proxies since it doesn’t rely on IP reputation; it actively checks data collected from a browser visit.

Learn more: Check our article on residential proxy and VPN detection in our Knowledge Base.

GPS location spoofing

As GPS spoofing becomes a prevalent method for fraudsters to manipulate location data, businesses need advanced tools to detect and prevent these deceptive tactics. SEON's Device Fingerprinting SDKs offer robust mechanisms for detecting GPS spoofing, providing businesses with reliable ways to verify user locations and safeguard against fraudulent activities.

By leveraging SEON's Device Fingerprinting SDKs and best practices for mitigation, businesses can effectively detect and prevent GPS spoofing. This not only protects against fraudulent activities but also ensures compliance with regulations and the integrity of geolocation data. SEON's comprehensive approach to fraud prevention empowers businesses to stay ahead of fraudsters and secure their operations.

Emulators and instrumentation tools

Emulators and instrumentation tools provide fraudsters with powerful means to manipulate device data and conduct fraudulent activities undetected. By simulating different devices and altering app behavior, fraudsters can evade security measures and mask their true identity and location. These tools allow fraudsters to test and refine their methods, making them more effective in bypassing security protocols and carrying out malicious activities.

Businesses must employ robust fraud detection and prevention measures to counter these sophisticated techniques and secure their systems and data. Device fingerprinting analyzes multiple data points, such as hardware and software characteristics, network configurations, and other unique attributes to create a comprehensive profile of each device. This helps identify suspicious behavior and inconsistencies that may indicate the use of emulators or instrumentation tools.

Integrating SEON's Device Fingerprinting SDK is straightforward, and businesses can customize their fraud prevention strategies using advanced rules and parameters. Custom rules empower businesses to tailor fraud detection algorithms to their specific needs, ensuring maximum effectiveness in identifying suspicious activities.

Businesses can leverage geolocation data to optimize marketing campaigns, tailor user experiences, and gain insights into customer behavior across different regions.

The first step is to integrate SEON’s code into your platform. This is done either via Javascript, iOS SDK, or Android SDK. This code lets us collect parameters about the user and reveals them through the SEON interface.

Our scoring algorithm recognizes suspicious tools, setups and settings on desktop and mobile devices. We base this on specific characteristics our data science team discovered with fraud and bot attempts. This gives you more accuracy in detecting fraud.

SEON’s Scoring Engine can use any collected and generated data fields for the scoring algorithm. Custom rules can be created based on them, or they can be added to black/white lists. Machine learning and heuristic rule creation modules are also taking these data fields into account.

Integration steps

A high-level of the steps to enable are outlined below:

1. On the web or mobile application, the client application requests permission from users for geolocation data.
2. The SEON Device Fingerprint SDK is configured to collect location data.
3. The Fraud API request to SEON is configured to "include": "device_location” OR “extended_device_location". You should see fields in the device_location object of the response payload confirming the feature is working correctly.
4. Configure rules to use location or extended location data. If you do not have these device location fields in your rule configuration, reach out to the SEON customer success team.

Available device location-related data fields and detections

Device Location Data

• Coordinates (latitude and longitude)
• Accuracy
• Country
• Region (US State)
• City
• Postal Code (ZIP)

Device IP Data

• Address
• Coordinates (latitude and longitude)
• Country
• Region (US State)
• City
• Proxy
• Tor

Network analysis

• Residential proxy detection
• TLS fingerprint-based VPN detection
• WebRTC IPs

Suspicious characteristics

• Root and Jailbreak detection
• Emulator detection
• Screen sharing and remote access detection
• Location spoofing detection

Device parameters

• Type
• Region
• Language

Tip: If you have any questions or need assistance with implementing geolocation data privacy measures, please contact our support team for expert guidance. Let’s work together to ensure a privacy-first approach while leveraging geolocation data for your business needs.