Moving from unregulated to regulated markets: Applying Geolocation Compliance Tooling

Stuart Godfree, Managing Director of GeoLocs and mkodo outlines the processes that operators must go through to transition from grey to regulated markets. 

 

One of the biggest “sighs” I hear with my customers is the impact of adding Geolocation Compliance to their products when a market moves from being “grey” to regulated. Most recent examples of this are of course the infamous Ontario iGO and now the Brazilian market. 

Some prospects come to us and say “we have to add Geolocation to our product – how cheaply can you do this, and we’re talking to 10 different providers so what’s your best price?”.

Now you would not be surprised to hear from a vendor of any sort that this is perhaps not the best way to start selecting and negotiating on purchasing any form of product or service and I’m always reminded of the famous comment from John Glenn (Apollo Astronaut) when asked what it is like sitting in the Apollo Capsule. 

“My life depended on 150,000 pieces of equipment – each bought from the lowest bidder,” he said. 

So, if you are buying a compliance product, do you really want to be sitting on the 150,000 pieces from the lowest bidder? Perhaps you only value compliance as a tick in a check box, but then compliance is often the “what happens if”. I suspect compliance managers are the ones that wear cycle helmets, and the commercial people don’t as they ‘won’t ever fall off their bicycles’!

Facing location permission rejections

 

Either way, you now have a Geolocation Compliance solution embedded into your product. It is now regulated on your go-live day, and you are now operating in a regulated market. Your existing customer base come to your app or website and now see, during their conventional user journey, a new and quite concerning speedbump – a big dialogue popping up asking them for their Location Permission. 

I can guarantee that more than 70% of your existing subscribers will deny location permissions and then of course have a miserable experience as you cannot allow them to gamble in this new regulated world without knowing where your customers are physically located. Welcome to the new world of location compliance in a regulated market. 

My customers always ask what is the “normal” expectation of rejecting location permission and, of course, this is a very difficult question to answer. Though I expect you are expecting me to answer that question – otherwise what is the purpose of this article?

Therefore, here is what we see. In markets where there is a high predominance of grey operation, as I’ve said, the vast majority of your customers will see this as abnormal behaviour and will initially not authorise location permissions. Once they’ve realised that they need to provide location permission, a broad group of around 20% (varies a little +/- 5%) will use various nefarious ways to obscure their location, trying to use geospoofing tools, VPNs, and very, very occasionally, remote desktops – we’ve even seen a few remote log-ins into headless machines in data centres. 

But for all their cunning and wile, invariably we will catch them, and they eventually give up and accept location permissions.

Part of the client nurture, though, is to ensure you give insightful messaging to your customers. You need to explain why you need their location, it is critical, and one client I’ve recently worked with did an excellent job and put up hero boards and dialogues advising what was coming on “regulation day”. 

We still saw a high percentage of rejections, but where the behaviour was different, the user base quickly adapted and accepted the location permission request. I’ve also seen examples where the location error mapping has been posted to the customer as an error. This is not helpful, nothing has gone wrong, the customer’s location cannot be verified and this is hardly a “whoops” moment. More helpful and instructional messaging should be provided to guide the customer through the location permission journey.

Implementing normalised run rates

 

Once you are up and running,  you will see the location permission rejections start to reduce within a few days, coming down rapidly from the initial spike of some 70%, down to the ~20% and soon this will stabilise to your normal run-rate. 

Normal run-rates vary a lot from market to market. We measure rejections as a percentage of the total amount of Geolocation requests, others measure it as a percentage of unique locations requests. Clearly the latter will give you a lower failure rate, but we like to see the numbers of requests being made where the location request is rejected (either because location permission were not given, there was low trust in the location information, or the user was simply outside the Geo-Allowed Region) as a total percentage. 

In mature markets we see anything from 5% down to 1.5%. The 5% being at the top of the location rejections and generally on operators with a lower brand equity. Brands that have good customer retention or “stickiness” will see values around the 2.5-1.5%. My challenge with those operators is how can I get it below 1.5%, but in reality, it’s almost impossible as the vast majority of those 1.5% are people trying to access the service and gamble while outside of the territory. 

One of our clients investigated this in some detail and it was fascinating. They went to some considerable trouble to identify users over a one-week period that were consistently seeing location rejections. They physically called the customers, and the results probably won’t surprise you, but most were on holiday and wanted to check their account, buy a lottery ticket or place a bet. If they were not on holiday, they were working away. 

The last modest percentile admitted they were trying to mask their location and trying to see what tools would work to do so. Yes it was one of my Canadian clients and yes intrinsically even the nefarious Canadians are honest!

What’s next for geolocation compliance?

 

 So you have read all this and still want advice on how to remove the disruption your customers are facing when asked for Location Permissions. Ultimately, you have to be compliant to the regulations.

I’m very aware, as an example, that the Ontario regulator tests operators for location compliance regularly, so this cannot just be a tick box. Adding an app’s strategy to your web strategy is a really great way to alleviate the location permissions pain. 

In app’s the location request is asked once, either at app install or first use. Location in an app is far more reliable than web, both from acquisition and accuracy and as I’ve noted the user journey is much less disruptive to the user, please have a chat with us if you need some help to wrap your current site in an app.

We are constantly working to improve the user experience, reducing the false positives, mapping the changes in browsers to improve detection rates and critically ensure our solutions meet the regulatory controls in the appropriate jurisdictions. 

What’s next, though, in the geolocation compliance space? 

Well, we have some really exciting insight tooling coming along in Q2 this year, which I’m very excited about. As a teaser, it’s all about big data, AI and building a behavioural pattern of the player. 

Ultimately, location compliance is a necessary tool in the whole compliance portfolio, it can be used to benefit the operator and ultimately the customer. So, look at the value, the service offering and complete solution along with the “price” before making your selection.