Skip to main content

Incognia

Active competitor

Closest direct competitor in location-for-fraud. iLottery product directly targets GeoComply's home vertical. SDK-only (no web). Limited iLottery robustness evidence.

incognia.commaxim.mosinVerified 1mo ago
Compare
USEULATAMiLotteryFood deliveryRide-hailingFintechCrypto#new-verticals#direct-competitor#ilottery#behavioural-location#no-web-coverage#compete

Detection scorecard

How Incognia handles every spoofing technique we test for. Click any cell for findings.

Full matrix →
  • Detected
  • Partial
  • Missed
  • Not tested
CompetitorVPNProxyRemote accessFake GPS appGPS spooferEmulatorDevice farmJailbreak / RootResigned / tampered appSideload (PlayCover)Browser extensionMITM / replayTor

Strongest findings

Failed and partial test outcomes ranked for sales impact — what to lean on in a call.

No findings yet

Once tests land in updates/ with an outcome, they'll surface here.

All findings

Test results and intel tagged to Incognia.

Operator
Threat
No findings on file for this competitor yet.

Battle card

Talking points for a live sales call.

Incognia is GeoComply's **closest direct competitor in location-for-fraud**, operating specifically in iLottery and broader fintech/crypto. They combine device fingerprinting with location behavioural biometrics — building a persistent identity signal from a user's unique location-behaviour pattern — for compliance, account security, and fraud prevention. **Their iLottery product directly targets GeoComply's home vertical** with state-specific geofencing, player authentication, and location-tamper detection. **Two structural gaps:** (1) **No web browser coverage** — iOS + Android SDK only. iLottery products have both mobile + web; an Incognia-only deployment leaves web unprotected. (2) **No publicly documented gaming-commission certification** or regulatory audit trail — a decisive differentiator in state-licensed iLottery RFPs. Well-funded: $31M Series B (Jan 2024, led by Bessemer). Scaling in NA + EMEA. Competitive pressure in iGaming / iLottery will increase over the next 12-24 months.

Watch out for

  • Direct location-for-fraud overlap with GeoComply — the most technically comparable competitor in this set.
  • Multi-signal location: GPS + Wi-Fi + Bluetooth + Cell (SDK-side).
  • Location behavioural biometrics: historical location pattern vs current location — richer signal than simple jurisdictional check.
  • Incognia ID (April 2025): persistent cross-device identity resilient against factory resets + device changes.
  • Customer base spans iLottery, food delivery (Grubhub, Delivery Hero), ride-hailing, fintech, crypto.
  • Active GPS spoofing detection + VM/emulator detection.
  • Cross-device clustering for device-farm detection.

How we win

  • iOS + Android SDK only — **no web browser coverage** (critical gap). iLottery products often have both mobile + web; web is unprotected.
  • Limited public information on iLottery robustness — no published gaming-commission certifications or regulatory audit documentation.
  • Compliance output is probabilistic risk score (0-1) + reason codes — not deterministic verified coordinate. Compliance assertion requires custom implementation.
  • Compliance audit log limited — not publicly documented as court-defensible.
  • Behavioural-location profile requires history — cold-start users have lower-confidence signals until enough data accumulates.

Capability claims

What they say they do, grouped by category. Cross-check against the detection scorecard above — claims and tests don't always match.

Geolocation

How accurately and reliably the product determines a user's real location.

  • GPS / OS locationUses native device GPS or OS-level location services.
    Yesverifiedstale

    GPS via iOS / Android SDK.

  • Wi-Fi triangulation
    Yesverifiedstale
  • IP geolocation
    Yesverifiedstale
  • IP-change detectionContinuously monitors IP and re-runs geolocation on Wi-Fi ↔ cellular or VPN swap (GeoComply MyIP equivalent).
    Yesverifiedstale
  • Boundary / state-lineHandles users moving across regulated boundaries during an active session.
    Partialverifiedstale

    Geofence-based; SDK-only — no web.

  • Near-border accuracyMulti-point aggregation + buffer-zone handling near regulated borders; measured as pass rate at 250m.
    Partialinferredstale

    Not benchmarked vs GeoComply's pass-rate metrics.

  • Pre-login pre-check
    Partialverifiedstale

    Risk score (0-1) + reason codes; compliance assertion is custom-implemented.

  • Multi-jurisdictionSingle integration handling operators in multiple regulated states (GeoComply Multipass / Dynamic Boundaries equivalent).
    Partialverifiedstale

    Geofence-based; no Multipass equivalent documented.

  • Desktop plugin (PLC-class)Native desktop client / plugin required by PA, NJ, MS and most US iGaming regulators.
    Noverifiedstale

    No web / desktop coverage — SDK-only.

  • On-property BLE geofenceBluetooth Low Energy precision geofencing for tribal / on-property venues (PinPoint-class).
    Yesverifiedstale

    BLE signals collected via SDK.

Anti-spoofing detection

Detection coverage for the spoof vectors tested by the Competitive Intelligence team. Cell values reflect SDK-level detection of the listed vector at the most recently tested operator.

  • VPN exit nodesDetects commercial VPN exit nodes (NordVPN, ExpressVPN, Surfshark, etc.).
    Yesverifiedstale
  • Proxy / residentialDetects datacenter and residential proxies — the harder class of IP obfuscation.
    Yesverifiedstale
  • Tor exits
    Partialinferredstale
  • Remote desktop (RDP)Detects AnyDesk, TeamViewer, FaceTime, Assistant, HopToDesk, iPhone screen mirroring, RustDesk and similar remote-control sessions.
    Partialinferredstale
  • Fake-location appsDetects iAnyGo / Fake GPS / mock-location apps on iOS and Android.
    Yesverifiedstale

    Active GPS spoofing / fake-location detection.

  • Hardware GPS spooferDetects HackRF / BladeRF and GPS-simulator-device signal injection.
    Partialinferredstale
  • Emulator / VMDetects Xcode iOS Simulator, BlueStacks, Genymotion and similar virtual environments.
    Yesverifiedstale

    VM + emulator detection.

  • Device farm / VMOSDetects VMOS / virtualized Android device-farm environments used for multi-accounting.
    Yesverifiedstale

    Cross-device clustering — strong against device-cycling fraud.

  • Jailbreak / rootDetects jailbroken iOS, rooted Android (incl. Magisk hidden root), and Frida / runtime-hook tampering.
    Yesverifiedstale

    Tamper detection.

  • Resigned / tampered appDetects iOS apps that have been re-signed / Android apps that have been repackaged with injected code.
    Partialinferredstale
  • Sideload (PlayCover)Detects ARM-macOS iOS sideloading via PlayCover and equivalent hardware-abstraction loaders.
    Partialinferredstale
  • Browser extension spoofDetects Chrome / browser extensions that spoof location (Location Guard, Hola, etc.).
    Noverifiedstale

    No web coverage.

  • Session terminationTerminates session when location services are disabled mid-game or device leaves the jurisdiction.
    Yesverifiedstale

    Persistent identity across factory resets + device changes.

  • MITM / replay attackResists network-level interception, request tampering, and replay attacks against the SDK ↔ backend channel.
    · Unknownrumorstale

Identity & KYC

Document verification, biometric liveness, sanctions screening.

  • Document scan / OCR
    Noverifiedstale
  • Biometric liveness
    Noverifiedstale
  • Sanctions / PEP
    Noverifiedstale
  • AML / responsible gaming
    Noverifiedstale
  • Reusable identity
    · Unknowninferredstale

Platform coverage

Which surfaces the SDK / product runs on.

  • iOS native
    Yesverifiedstale
  • Android native
    Yesverifiedstale
  • Web / browser
    Noverifiedstale

    Critical gap — SDK only.

  • React Native
    · Unknowninferredstale
  • Flutter
    · Unknowninferredstale
  • Unity
    · Unknowninferredstale
  • .NET / desktop
    · Unknowninferredstale
  • Server-side API
    Yesverifiedstale

    REST API for risk score delivery.

Compliance & certification

Regulatory coverage and certifications.

  • US state-licensed (iGaming/sportsbook)
    Partialverifiedstale

    Markets to iLottery but no publicly documented gaming-commission certification.

  • US tribal / on-property
    · Unknowninferredstale
  • Canadian provincial
    · Unknowninferredstale
  • European (MGA/UKGC)
    Yesverifiedstale
  • LatAm (Brazil SPA)
    Yesverifiedstale
  • SOC 2 Type II
    · Unknowninferredstale
  • ISO 27001
    · Unknowninferredstale
  • GLI-certified
    · Unknowninferredstale

Fraud & device intelligence

Device fingerprinting, IP intelligence, behavioral signals, account-takeover detection.

  • Device fingerprint
    Yesverifiedstale
  • IP intelligence DBMaintained DB of VPN / TOR / proxy / hijacked-residential IPs with documented refresh cadence (GeoGuard equivalent).
    Partialverifiedstale
  • Behavioral signals
    Yesverifiedstale

    Location behavioural biometrics — core differentiator.

  • Velocity / impossible travel
    Yesverifiedstale
  • Bot detection
    · Unknowninferredstale
  • Account takeover
    Yesverifiedstale
  • Chargeback mgmt
    · Unknowninferredstale

Ops & integration

How easy the product is to integrate, observe, and operate.

  • Self-serve onboarding
    · Unknowninferredstale
  • Case management UI
    · Unknowninferredstale
  • Webhook delivery
    · Unknowninferredstale
  • Real-time API
    Yesverifiedstale
  • Analytics dashboard
    Yesverifiedstale
  • Audit log export
    Partialverifiedstale

    Limited; not publicly documented as court-defensible.

  • Encrypted responseDetection flag names hidden from the end user (GeoComply uses encrypted XML; most challengers expose JSON flag names).
    · Unknowninferredstale
  • SDK hardeningSDK is signed, obfuscated, and license-bound — not findable / patchable to inject coordinates client-side.
    Partialinferredstale

Commercial

Pricing model and go-to-market shape.

  • Usage-based pricing
    Yesinferredstale
  • Flat license / enterprise
    · Unknowninferredstale
  • Free tier / trial
    · Unknowninferredstale
  • Publicly listed pricing
    Noverifiedstale
  • Bundled with platformGeo is bundled inside a broader platform deal (OpenBet, GeoLocs/Mkodo, Playtech).
    · Unknowninferredstale
Direct GeoComply overlap in iLottery

Incognia is the most technically comparable competitor in this set — and they actively target iLottery, GeoComply's home vertical. Two structural gaps are decisive: no web coverage and no publicly documented gaming-commission certification. Lead with both in iLottery RFPs.

Talking points

  1. Web coverage is the most exploitable technical gap. iLottery products have both mobile + web. An Incognia-only deployment leaves the web surface unprotected — a fraudster simply accesses the lottery through a browser to bypass the Incognia mobile SDK.
  2. No publicly documented gaming-commission certification. In state-licensed iLottery RFPs, GeoComply's regulatory audit logs + multi-state gaming-commission relationships are a decisive differentiator Incognia cannot match.
  3. Probabilistic vs deterministic output. Incognia returns a risk score (0-1) requiring custom compliance implementation; GeoComply returns a deterministic verified coordinate with a court-defensible audit log.
  4. Scaling threat. $31M Series B (Jan 2024) — competitive pressure in iGaming / iLottery will increase over the next 12-24 months. Don't dismiss; build the response now.

Where they overlap with GeoComply

  • iLottery — direct competition; closest case for displacement.
  • Fintech / crypto / marketplace — secondary, but Incognia's behavioural-location signal is genuinely interesting in these verticals.