IP geolocation estimates an applicant location from their IP address. Sumsub collects this signal automatically during verification. You can also pass it via API in other flows, such as pre-KYC sign-up verification, Transaction Monitoring, and Behavior Monitoring.

Sumsub provides IP geolocation collection by default. You can strengthen it further with Advanced IP Check or Device Intelligence, which adds more network and device context.

You can use IP geolocation to:

• Spot fraud patterns, such as account sharing or location spoofing.
• Identify compliance risks, such as activity from restricted jurisdictions.

This signal does not require user permission and is always available, which makes it one of the most widely used inputs in risk analysis.

How IP geolocation works

Every internet-connected device uses an IP address assigned by an Internet Service Provider (ISP). The IP address itself does not include location data. Instead, geolocation providers estimate location by matching IP ranges to network and infrastructure intelligence.

To build that estimate, the following data sources are used:

• IP allocation records.
• ISP infrastructure data.
• Network routing and latency patterns.
• Observed usage and infrastructure mapping.

IP data may be also correlated with stronger location sources from the device or network environment.

For this reason, IP geolocation does not show an exact location. It shows an estimate. Accuracy changes with network conditions, infrastructure quality, and IP type.

IP geolocation and GPS

IP geolocation and device-based location (GPS) solve different problems.

IP geolocation works automatically, does not require user consent, and stays available for every request. At the same time, it offers lower accuracy, and users can change it with VPNs or proxies.

Device-based geolocation uses signals such as GPS, Wi-Fi, and cellular data. It usually provides much higher accuracy, often within meters, but it requires user permission and may not always be available. Users can also manipulate it with GPS spoofing tools.

👍

Tip

• Use IP geolocation as the baseline location signal in your flow.
• When you need stronger proof of location, rely on device-based geolocation.
• When you need to detect spoofing more effectively, combine IP geolocation with Device Intelligence or Advanced IP Check.

Geolocation accuracy

IP geolocation accuracy changes from case to case. Network design, IP assignment, and traffic routing all affect the result.

Sumsub returns a location estimate together with a confidence radius. You receive a latitude and longitude point plus an area where the applicant is likely located.

Several factors reduce accuracy:

• Mobile networks often share the same IPs across large areas, so one IP can represent users in different cities or regions.
• Dynamic IP allocation also affects reliability because mappings change over time.
• In other cases, traffic passes through centralized gateways, and the detected location reflects the gateway rather than the user.

Accuracy usually improves on fixed broadband networks with static or semi-static IPs and well-mapped ISP infrastructure. In these environments, city-level estimates often provide useful location context.

Do not treat IP geolocation as an exact point. Treat it as a probable area. This distinction matters when you make risk decisions.

For example, when devices from distant IP locations appear in one session, the pattern may suggest account sharing, link sharing, account farming, or social engineering. At the same time, low geolocation accuracy or unstable networks can produce the same result, so you need to interpret this signal in context.

IP data collection in Sumsub

IP addresses can enter the system from different sources, depending on your integration:

• In WebSDK and MobileSDK flows, Sumsub collects the IP address automatically during verification, so you do not need extra setup.
• You can pass the IP address when you create an applicant via this API method. This option helps when the session takes place outside the SDK flow. Request example:
  cURL

  curl -X POST \
    'https://api.sumsub.com/resources/applicants?levelName=basic-kyc-level' \
    -H 'Content-Type: application/json' \
    -d '{
            "externalUserId": "someUniqueUserId",
            "email": "[email protected]",
            "phone": "+449112081223",
            "fixedInfo": {
                "country": "GBR",
                "placeOfBirth": "London"
            }
        }'

• In Transaction Monitoring and Behavior Monitoring, you can include IP addresses in events and track location changes over time.
• With Device Intelligence enabled, Sumsub collects IP data automatically together with other device and network signals.

To keep risk analysis reliable, collect IP data consistently and pass it across all relevant flows. Missing IP data weakens location-based checks and reduces the value of related risk signals.

Available data

For each IP address, Sumsub provides enriched geolocation data, including country, region, predicted city, latitude, longitude, and confidence radius.

Interpret this data in the following way:

• Treat country as the most reliable baseline signal.
• Treat city as indicative rather than certain.
• Read the coordinates as the center of the estimated area.
• Use the confidence radius to judge how precise that estimate is.

How to use IP geolocation

IP geolocation works best as a consistency check, not as a standalone decision factor. Use it to assess whether:

• Applicant location matches their profile.
• Location fits the expected behavior.
• Location remains stable over time.

IP geolocation helps detect mismatches and suspicious patterns. For example, you can flag cases where devices from distant IP locations were used in one verification flow with risk labels.

In Workflow Builder, IP geolocation supports country-based conditions, restricted-location checks, and step-up verification.

In Applicant Risk Scoring, it adds context alongside other signals and helps reduce false positives.

In Transaction Monitoring and Behavior Monitoring, it helps detect sudden location changes and abnormal behavior across sessions.

Location mismatches often provide another useful signal. For example, the IP country may differ from the applicant address country, the ID document country, or the country where a photo was created. This pattern can suggest geo-restriction bypass, synthetic identities, or third-party identity usage. At the same time, legitimate travel can create the same result, so you should not treat a mismatch as conclusive evidence on its own.

IP geolocation delivers the best results when you combine it with other signals rather than treat it as final proof on its own.

VPNs, proxies, and hosting IPs

VPNs, proxies, and hosting providers reduce the reliability of IP geolocation because the visible IP address belongs to an intermediary service rather than the end user.

In these cases, the detected location reflects the VPN exit node, proxy server, or data center, not the actual location. As a result, the location itself becomes less trustworthy.

👍

Tip

When this happens, focus on the IP type rather than the reported location:

• VPN can show that the user is hiding their location.
• Proxy can show that traffic passes through another system.
• Hosting IP can point to automation or abuse.

These characteristics often matter more than the geolocation result itself.

In most cases, you cannot reliably determine the real location behind a VPN. Some advanced methods attempt to infer it, but they do not provide stable coverage or consistent accuracy.

How to act on IP geolocation signals

Use IP-based signals as one input in a broader decision system. You can include them in Applicant Risk Scoring and use them in Workflow Builder to trigger additional checks, adjust the onboarding flow, or route a case to manual review.

IP geolocation helps you identify inconsistencies, prioritize review, and add context to other signals, but you should not make your decision based explicitly on those signals.