Definition:

IP geolocation: n. The geographic place of the end-user, derived from its Internet Protocol (IP) number which is  communicated to the Web site during a browsing session

The anonymity of the Internet is a mixed blessing for financial institutions. On the one hand, many of your best prospects find it more convenient to submit a loan or product application from the comfort and privacy of their own PC. Unfortunately, crooks all over the world find it equally convenient to submit fraudulent applications from the comfort of their local Internet café terminal. 

But unlike thornier fraud problems such as kids accessing their parent’s accounts without permission, fraudulent applications submitted from outside your geographic footprint can virtually be eliminated by a relatively inexpensive IP address-location tools offered by Quova and others.

For a mid-five figure investment, banks can use Quova’s so-called geolocation service inhouse or on a service bureau basis. With a fairly precise level of accuracy, Quova can identify the city and/or country housing the server your customer is using for their browsing session. According to audited numbers, Quova can identity the country of origin with 99% accuracy and coverage of 99% of the world. On a city level, the company can identify the city of origin with 94% accuracy across 94% of the world. And after the system went into production, accuracy would increase as it learned the legitimate IP addresses used by your customers.

www.digitalenvoy.net/security_fraud.shtml.

The service has applications in fraud prevention, marketing, and regulatory compliance:

1.       Inexpensive screening for out-of-area loan applications: Loan applications showing a mailing address in a city/state/country other than what’s listed on the application can be kicked out as fraudulent. In many cases, especially for applications originating outside your country, this early warning system could allow you to deny the application before incurring any costly application processing expenses, such as credit bureau checks.

2.       Early warning system for identity theft:
It could also be incorporated into your underwriting to help identify trickier identity theft applications where the crook may have all the necessary information, but is submitting the application from a suspicious location, for example, a city in the correct country but other than what’s listed on the application. In these cases, a call to the victim would quickly identify the problem, potentially avoiding costly fraud exposure.

3.       User-controlled login safeguard: The virtual equivalent of checking your picture ID at the point of sale, geolocation screening at login could eliminate anyone from logging in from an out-of-area IP address. Strictly applied, this would eliminate one of the benefits of online banking, the ability to access your account from any place at any time. So a more desirable implementation would be to let the customer choose whether or not to participate in the location screening, opting in or out depending on travel schedules. Even better, out-of-area customers could log in after correctly answering an additional challenge question.

4.       Monetary transaction safeguard: Geographic screening could be used in lieu of an additional password in front of bill payments and funds transfers out of your bank. As long as the geographic location of the bill-payment request matched the customer’s location, it would be approved; otherwise, the customer would have to answer challenge questions or input another password to get the transaction through.

5.       Transaction tracking: Even if you don’t immediately use IP location as a login- or application-screening tool, you might still be able to justify it as a tracking mechanism for disputes. For example, if a customer said they did not authorize an electronic transaction, you would have an electronic receipt showing the IP address of the originating request. If it matched the customer’s location, it would be more difficult for them to repudiate the transaction.

6.       Automatically present state- or city-specific pricing/programs: Many banks have different products, pricing, and services depending on where the end-user resides. This can lead to confusion and dissatisfaction if, for example, a customer in Pennsylvania finds out they could get a better deal if they lived in New Jersey. Even though you may ask customers to enter their zip code to get the “correct” Web pages, there’s nothing to keep curious customers from trying other zip codes to search for a better deal. You can avoid these problems by automatically serving the appropriate pages based on the geolocation of the user’s IP address.

7.       Automatically present state- or city-specific content/offers: Even if your pricing is the same across all cities/states, you can improve your Web site by delivering geographically targeted content automatically. For example, temperature and weather forecasts could be automatically presented based on the location of the customer’s login. Or, if you are running a promotion in a single city, only users logging in from that city will see the information.

8.       Customers from different states or countries often need to be treated differently due to the regulations of their home state/country. Geolocation services can be used to ensure that you follow all the proper rules and regulations.  

You can see geolocation in action at GeoBytes.
The system identifies visitor locations, including yours, in real-time.

www.geobytes.com/WhoIsOnNow.htm?WhoIsOnNow&buttonid=27358

Table 1

Geolocation Service Providers

Source: Online Banking Report, 3/03