According to recently announced FTC data, consumers lost more than $12.5bn to fraud last year, which represents a 25% increase over the prior year. With the advent of AI and other modern technology advancements that enable financial criminals, fraud schemes are getting increasingly more sophisticated. Financial organisations, especially those relying on legacy fraud systems, face an uphill battle as they struggle to distinguish between legitimate users and malicious actors.

In fact, modern-day fraudsters can easily bypass traditional, outdated detection techniques such as IP-based geolocation, leveraging advanced spoofing tools to mask their identities. They have gotten so good at obfuscating their locations that they can withstand detection efforts not only from a bank, but even from the authorities. The increasingly popular pig butchering investment scheme where bad actors gain the trust of victims over time, is one example of how fraudsters find geolocation loopholes to scam victims. According to GeoComply’s internal data, more than 92% of identified devices from regions associated with pig butchering are connected to Wi-Fi, and, while government bodies have been intervening to shut off access, scam compounds continue their operations through alternative sources like Starlink terminals.

A key challenge for banks with traditional fraud detection systems is that their information is often based on a noisy collection of unrelated data points, ranging from IP addresses to device IDs and even some behavioral patterns, but many of these identification and location sources are unreliable or can be faked using VPNs, proxies, Tor, device emulators and similar instruments. More context is necessary to link together and verify all of these bits and pieces of information to better detect and prevent fraud. The complexities of today’s digital financial crime landscape require a multi-layered approach that can flag not only the obvious risk factors but also subtle anomalies that point to fraud.

Contextual clues for ferreting out fraud

Honing precision in fraud detection requires organisations to layer in multiple pieces of ground-truth data sources to widen their context and improve data quality. To do so, it is first essential to define and track unusual account access patterns and then link them with real-time location information. Account access aberrations include:

• Multi-accounting – With multi-accounting, a single user is controlling multiple accounts and accessing them simultaneously, typically to exploit financial systems. Common schemes include marketing promotion abuse through fake signups, money laundering via small, structured transactions, synthetic identity fraud using fabricated personas. Some fraudsters may also use collusive P2P payments to simulate legitimate activity and account takeover staging to test compromised credentials. These activities typically involve shared devices, IPs, or automation tools.
• Device manipulation and unusual device interactions – Repeated device hard resets are a common tactic used in fraud to avoid detection and bypass security measures. This includes erasing device fingerprints, removing security software, and concealing tampering like rooting or jailbreaking. Patterns of resets often align with failed login attempts, suspicious account activity, or high-risk transactions—indicating deliberate efforts to evade fraud detection systems.
• History of past incidents – Frequent chargebacks, repeated claims of unauthorised access, and transactions with high-risk merchants or linked accounts previously blocked for fraud further increase a user’s fraud risk profile.

When suspicious activity is flagged, financial organisations can cross-reference physical location data points as a critical next step in verifying user intent. For instance, when it comes to location, a key indicator is “location jumping,” where suspicious login behaviours defy typical geographic patterns. This includes impossible travel times, simultaneous logins from distant regions, and access from high-risk countries inconsistent with a user’s account and location history. Other red flags include rapid shifts across continents, logins from locations with no prior user activity, and VPN or proxy use that masks a user’s true origin. These anomalies often signal account compromise, synthetic identity use, or coordinated fraud efforts.

Some scams only become discernable when tracking multiple data points in real-time. While an IP address alone may not trigger an alert, when it is combined with more accurate and robust location sources, like GPS coordinates, Wi-Fi network details, and cell tower triangulation, a seemingly legitimate transaction can quickly become an obvious attempt to scam the business. Thanks to the many new signals available today through multi-source geolocation intelligence, the ability to map a customer’s digital footprint with location data, device intelligence, and user behaviour signals has become unprecedented. This has created the potential for a new level of transparency for financial transactions.

User experience at stake with traditional fraud prevention protocols

One side effect of some of the more stringent fraud detection policies used by banks is friction in the customer experience, particularly if triggers are based on non-contextual data points. For instance, an overly sensitive security measure could trigger authentication loops, account lockouts, or similar, causing frustration for legitimate customers, especially those who are not tech-savvy. A recent survey by 10x Banking revealed that banks lose 20% of customers due to poor customer experience, and nearly two thirds of the overall respondents (63%) blamed the lack of new customers on their organisation’s slow digital transformation and tech adoption.

As the online banking sector continues to adopt more contextual practices to verify customer interactions, security measures are likely to become more seamless, handled on the back end using the customer’s digital footprint.

All in all, banks are like candy stores for fraudsters with a taste for financial crime. An effective, precise and holistic fraud detection strategy is vital. This requires financial organisations to adopt a multi-layered approach with several lines of defence that leverage modern technologies to reduce the risk of system breaches, eliminating reliance on a single point of failure.

Marco Stotani, Chief Business Officer, GeoComply