How to build impossible travel detection with GeoIP and user_id
How to build impossible travel detection with GeoIP and user_id
Impossible travel detection is one of the highest impact controls for account protection, payment fraud prevention, and access security. This guide explains how to build an accurate model with stable user_id correlation, geolocation distance math, and clear risk policies that teams can operate daily.
What impossible travel means in production
The core signal is simple: a single account appears in two distant locations in too little time. The production challenge is confidence. You need distance, elapsed time, network context, and user behavior to avoid false positives.
Implementation checklist
- Store a timeline of trusted user events: timestamp, latitude, longitude, country, ASN, IP risk fields.
- Compare every new event with the most recent trusted event for the same
user_id. - Compute distance and required speed in km per hour.
- Add confidence factors: proxy suspected, ASN switch, rare country transition, velocity burst.
- Apply action band: allow, step up, review, block.
Case study: account takeover detection
An ecommerce platform observed login from Berlin and then password reset from Sao Paulo 42 minutes later for the same account. The speed exceeded realistic travel, ASN changed to unknown hosting, and proxy suspicion was positive. Policy triggered step up + temporary action lock. Result: takeover was stopped before payment method update.
Reference pseudocode
const km = haversine(prev.lat, prev.lon, cur.lat, cur.lon);
const hours = Math.max(0.01, (cur.ts - prev.ts) / 3600000);
const speed = km / hours;
let score = 0;
if (speed > 850) score += 45;
if (prev.asn !== cur.asn) score += 20;
if (cur.proxy_suspected) score += 20;
if (prev.country !== cur.country) score += 10;
if (cur.failed_logins_15m > 3) score += 10;
const action =
score >= 80 ? "block" :
score >= 60 ? "review" :
score >= 40 ? "step_up" : "allow";Operational thresholds
- 40 to 59: passive challenge, session monitoring.
- 60 to 79: step up verification and temporary restrictions.
- 80 to 100: block sensitive actions and create security ticket.
Why this is SEO and business relevant
Search demand for terms like impossible travel detection, account takeover prevention, and GeoIP fraud scoring is high in B2B fraud and cybersecurity categories. Publishing implementation ready examples attracts qualified teams and shortens evaluation time.
Start faster with GeoIP.space
GeoIP.space provides geolocation, ASN context, proxy signals, and antifraud fields in one response so your team can ship impossible travel analytics faster. Create account and test with your own events.