How Rupt uses geolocation for account sharing detection and prevention

People share a single paid account with others. Sharing is done for financial, convenience or fraud reasons. Whatever the reason, account sharing leaves a trail of “signals” behind it. One of the signals of account sharing is geolocation. In this post, I’ll dive deeper into geolocation and how it can be used effectively for sensitive and sensible fraud and growth applications for SaaS.

What is “geolocation”?

The above sentence was written by my AI copilot :). Wordy and formal, but accurate. In line with our transparency culture, I’ll highlight AI-generated content and show a percentage of each post which is generate by AI v.s. human (read more here).

In our specific case, geolocation can be obtained from the IP address used to access the application. This is widely used in many analytics tools and is not unique to Rupt.

How does an IP address represent a geographic location?

Many services have aggregated all the available information about IP address blocks in databases and provide access to these databases as a service. Popular providers include MaxMind, IPWHOIS and many others.

As IP addresses change location, rotate from one user to another, and ISPs change blocks, these geolocation providers update their database content to keep the data fresh and accurate.

How IP geolocation is determined. Illustration source

How accurate is IP address geolocation?

The short answer is that it’s accurate enough to be used as a supplemental indicator but not as a standalone signal of fraud or account sharing.

As IP address change, the accuracy of these geolocation databases depends on many factors. How often do they update their DB, what are their sources and much more. Furthermore, they are not very precise (the may go to a city-level precision but often no more than that) for many reasons, including security and privacy. (For more details you read MaxMind’s article about geolocation accuracy: https://blog.maxmind.com/2021/07/how-accurate-is-ip-geolocation/)

You can often find how updated or accurate many of these providers are by visiting their websites and comparing what they geo-locate your own IP address to. You’ll notice some of them have incorrect locations but often update after a while.

How can IP geolocation be used to detect account sharing?

To reiterate an important note, IP geolocation alone should note be used for account sharing detection or security applications. But it can be used alongside fingerprinting and other technologies as an indicator especially if history of IP is tracked.

One of the ways to rely on IP as a signal of account sharing is to detect if the user changes places frequently in an amount of time which cannot be achieved by today’s travel means. This is called “impossible travel”. This is a good signal of an account being used by multiple people.

Another way is to listen for concurrent or near concurrent accesses from different IP address on different devices from the same account. One can generally assume there are multiple people using this account.

Beware the traps!

When using IP geolocation for fraud or growth applications (such as account sharing detection), be aware the top two traps:

1. Accuracy and precision of the IP geolocation. Do not rely on the exact location, but rather listen to changes, frequency, and the history of IP address from a single account.
2. VPNs, proxies, relays. These services are designed to anonymize traffic and can throw off your algorithms. Be sure to include devices or browser fingerprints in any of your applications. A single device can have multiple IPs and one IP can have multiple devices.

💡 If you are looking to use IP geolocation to detect account sharing on your application, consider using Rupt. It uses geolocation along with many other signals to provide the best solution for account sharing detection and prevention.