In the volatile world of digital assets, it’s critically important for cryptocurrency exchanges to manage their regulatory risk – nobody wants to pay hefty fines for sanctions violations or for failing to register in the jurisdictions in which they operate.
Many operators won’t even serve customers in high-risk jurisdictions that have tough penalties for noncompliance. To effectively block users from these jurisdictions, it’s imperative for crypto exchanges to deploy advanced geofencing technologies that help keep them on the right side of the law.
What Is Geofencing and How Is IP Used for Location?
Geofencing creates a virtual perimeter around a real-world location, such as a country or region. It uses location data from a user’s device to enable (or disable) certain actions when the user enters or exits the geofenced location. For crypto exchanges, that action might be to prevent a user in a certain jurisdiction from setting up an account or transacting on their platform.
Most crypto exchanges and FIs use IP addresses as a way of locating a particular user. If the user’s IP address indicates they’re located in a high-risk jurisdiction, then they’re denied access to the trading platform. The exchange avoids the regulatory risk associated with that country or region – or so they think.
Why Aren’t IP Addresses Enough for Location?
But there are a couple of important reasons why IP addresses are not enough for location. First, they are the easiest location data points to spoof, thanks to VPNs and DNS proxies. In fact, many VPN providers are actively marketing their products to crypto traders as a way to specifically circumvent geographic restrictions.
In addition, mobile IP addresses will always be associated with the location or country where the device was activated. For example, if a mobile device was purchased and activated in the United States with a U.S. SIM card, its IP address will always show the device as being located in the U.S., regardless of where the device is actually being used.
So a user’s mobile IP address may identify their location as Hong Kong, for example, but they’re actually in the United States. This means the exchange may be subject to U.S. regulations without realizing it.
Using IP for geofencing has another unintended consequence: potentially blocking users in jurisdictions where an exchange wants to – or is permitted to – do business. The CEO of a trading platform using IP addresses for location checks admitted, “Our experience is that the vast majority of affected users of such checks are actually not U.S. persons at all, but we have to take those actions to do what we can to not have actual U.S. persons on the platform.”
To De-Risk Their Platforms, Exchanges Need to Use Advanced Location Data
To significantly reduce their regulatory risk, exchange operators need to set up geofencing restrictions based on multi-source location data that is more accurate and reliable in establishing a user’s true location. This data includes two critical elements:
- Modern device-based geolocation technology to identify users within a high degree of accuracy for both mobile and desktop devices
- The ability to authenticate this data, to determine whether it is fraudulent or spoofed
The limitations of using only IP addresses for location are becoming better understood by financial regulators. For example, the Financial Action Task Force (FATF) specifically identified multi-source geolocation data (e.g., Wi-Fi, GPS, GSM/cell tower triangulation, HTML5, etc.) as a necessary part of digital identity and KYC verification.
Geofencing technology that uses accurate, authentic and unaltered location data enables exchange operators to effectively block users based on where they actually are – not where they say they are. In this way, crypto exchanges can exclude users in high-risk jurisdictions while welcoming the customers they want on their platform.
Download our white paper, “Geolocation Data: Crypto Exchanges’ Secret Weapon to Slash Regulatory Risk and Fight Financial Crime.”