Inferensys

Glossary

Geovelocity Checks

A real-time calculation of the speed required to travel between two geolocated events to determine if the movement is physically possible, a core component of impossible travel detection.
Security analyst reviewing fraud detection AI on multiple screens, alert dashboards visible, dark mode monitoring setup.
IMPOSSIBLE TRAVEL DETECTION

What is Geovelocity Checks?

A real-time security calculation that determines the speed required to travel between two geolocated digital events to assess if the movement is physically possible.

A geovelocity check is a real-time calculation that measures the speed required to travel between two geolocated events—such as logins, transactions, or access requests—to determine if the movement is physically possible. By dividing the distance between two geographic coordinates by the elapsed time between events, the system computes an implied velocity. If this velocity exceeds a predefined threshold (e.g., supersonic speeds), the event is flagged as an impossible travel anomaly, a core indicator of account takeover or credential theft.

Geovelocity checks are a foundational component of risk-based authentication and continuous authentication frameworks, operating alongside device fingerprinting and behavioral biometrics. The mechanism relies on accurate IP geolocation data and precise timestamp correlation across distributed systems. To reduce false positives, advanced implementations incorporate confidence radii for IP locations and account for legitimate high-speed proxies like corporate VPNs, ensuring that a user flying on a commercial airliner is not incorrectly blocked while a session hijacker is intercepted.

IMPOSSIBLE TRAVEL DETECTION

Key Characteristics of Geovelocity Checks

Geovelocity checks form the mathematical backbone of impossible travel detection, calculating the physical speed required to traverse between two geolocated events to determine if the movement violates the laws of physics.

01

Haversine Distance Calculation

The foundational geometric formula that computes the great-circle distance between two latitude/longitude coordinate pairs on a sphere. Unlike simple Euclidean distance, the haversine formula accounts for the Earth's curvature, providing accurate kilometer-level measurements essential for calculating the minimum travel distance between login events. This calculation ignores terrain and infrastructure, representing the absolute theoretical minimum path.

6,371 km
Earth Radius Used
02

Velocity Calculation Engine

The core computation divides the haversine distance by the time delta between two sequential events to derive a required speed. This speed is compared against a configurable threshold, typically the maximum speed of commercial aviation (approx. 900-1,000 km/h). The engine must account for clock synchronization issues, timezone offsets, and network latency to avoid false positives caused by timestamp inaccuracies rather than genuine fraud.

< 10 ms
Calculation Latency
03

Contextual Threshold Tuning

Static speed limits generate high false positive rates. Advanced geovelocity engines implement contextual thresholding that dynamically adjusts acceptable speeds based on:

  • User tier: VIP travelers vs. local-only accounts
  • Historical patterns: Frequent flyers have higher baseline velocities
  • Event type: Login vs. high-value transaction vs. password change This prevents locking out legitimate business travelers while maintaining strict checks on sensitive actions.
04

Multi-Factor Correlation

Geovelocity is rarely used in isolation. A true impossible travel detection system correlates velocity anomalies with other signals:

  • Device fingerprint mismatch: Same credentials, new device
  • Behavioral biometric drift: Typing cadence or mouse dynamics change
  • IP reputation: Known proxy, VPN, or TOR exit node
  • Time-of-day anomalies: Access at 3 AM local time This correlation transforms a single velocity flag into a high-confidence account takeover score.
05

Edge Case Handling

Production systems must gracefully handle scenarios that break naive velocity calculations:

  • VPN/Proxy passthrough: Apparent location is the exit node, not the user
  • GPS spoofing: Injected fake coordinates from emulators
  • Missing location data: Fallback to IP geolocation when GPS is unavailable
  • Multi-device sessions: Legitimate user on phone and laptop simultaneously Robust implementations degrade gracefully, assigning lower confidence scores when location data quality is poor.
06

Real-Time Enforcement Actions

The output of a geovelocity check feeds directly into a risk-based authentication engine that triggers proportional responses:

  • Low risk: Silent logging for future analysis
  • Medium risk: Step-up authentication (MFA challenge, biometric verification)
  • High risk: Session termination and account lockout
  • Critical risk: Real-time alert to SOC analysts This graduated response model balances security with user experience, avoiding blanket denials for borderline velocity calculations.
GEOLOCATION ANOMALIES

Frequently Asked Questions

Clear, technical answers to the most common questions about geovelocity checks, impossible travel logic, and the real-time calculation of physical movement feasibility in fraud detection systems.

A geovelocity check is a real-time security calculation that measures the speed required to travel between two geolocated events to determine if the movement is physically possible. The system timestamps two successive events—such as a login, transaction, or access request—extracts their latitude and longitude coordinates, calculates the great-circle distance between them, and divides that distance by the elapsed time. If the computed velocity exceeds a predefined threshold (commonly 500-600 mph for commercial air travel), the event is flagged as impossible travel. This check operates as a core component of rule-based fraud engines and is often combined with device fingerprinting and behavioral biometrics to suppress false positives caused by legitimate VPN usage or mobile network tower triangulation errors.

IMPOSSIBLE TRAVEL DETECTION

Real-World Applications

Geovelocity checks are a critical real-time defense against account takeover, applying the laws of physics to digital authentication. The following scenarios illustrate how the calculation of required travel speed between two events triggers automated risk responses.

01

Account Takeover (ATO) Prevention

The primary application of geovelocity checks is blocking credential-stuffed logins. If a user authenticates from New York and a second login attempt originates from London 15 minutes later, the required speed exceeds Mach 5. The system calculates the impossible travel flag and triggers a step-up authentication challenge or hard block, neutralizing the attack before the fraudster accesses the account.

< 50ms
Check Latency
99.9%
ATO Block Rate
02

Payment Fraud Interception

Card-not-present (CNP) transactions are validated against the cardholder's last known physical location. A point-of-sale transaction in Chicago followed by an e-commerce purchase claiming a billing address in Manila within 30 minutes generates a velocity anomaly. The fraud scoring engine integrates this impossible travel signal to decline the transaction before authorization, preventing financial loss in real-time.

03

Session Hijacking Mitigation

Active session tokens are continuously validated against geolocation. If a session established in Tokyo suddenly presents a new IP geolocated in Lagos without a plausible travel interval, the session fingerprint is invalidated. This passive check detects session hijacking and cookie theft instantly, forcing a re-authentication to restore the connection.

04

VPN & Proxy Correlation

Geovelocity checks are correlated with VPN detection and TOR detection signals. A login from a known VPN exit node in Amsterdam, immediately following a physical card-present transaction in Sydney, confirms the anonymized connection is being used for fraud. The combination of impossible travel and anonymizing service flags creates a high-confidence risk score.

05

Credential Stuffing Bot Mitigation

Large-scale credential stuffing attacks distribute login attempts across global botnets. Geovelocity checks analyze the sequential timing of failed logins across the distributed IP addresses. If the same credentials are attempted from five different continents within a 60-second window, the velocity check identifies the botnet pattern and blacklists the credential pair, protecting all accounts in the database.

06

Adaptive Risk-Based Authentication

Geovelocity is a core input into Risk-Based Authentication (RBA) engines. Rather than a binary block, the impossible travel score adjusts the authentication requirement dynamically. A low-risk anomaly might trigger a silent push notification, while a physically impossible jump forces a hardware token challenge, balancing security with user experience based on the calculated travel speed.

COMPARATIVE ANALYSIS

Geovelocity Checks vs. Related Techniques

A comparison of geovelocity checks against other session and location-based anomaly detection techniques used in fraud prevention.

FeatureGeovelocity ChecksImpossible TravelDevice Fingerprinting

Primary Signal

Time-distance physics calculation

Logical rule based on geovelocity output

Device attribute hash and consistency

Real-Time Capable

Requires Historical Data

Detects Credential Stuffing

Detects Session Hijacking

False Positive Rate

0.1-0.5%

0.3-1.0%

0.5-2.0%

Computational Overhead

Low (< 5ms)

Low (< 1ms)

Medium (10-50ms)

VPN/TOR Evasion Resistance

High

High

Low

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.