SEON
Active competitorFraud + AML platform combining 900+ first-party signals. IP-only geolocation — not compliance grade. New IDV product launched Jan 2026, unproven.
Detection scorecard
How SEON handles every spoofing technique we test for. Click any cell for findings.
| Competitor | VPN | Proxy | Remote access | Fake GPS app | GPS spoofer | Emulator | Device farm | Jailbreak / Root | Resigned / tampered app | Sideload (PlayCover) | Browser extension | MITM / replay | Tor |
|---|
Strongest findings
Failed and partial test outcomes ranked for sales impact — what to lean on in a call.
No findings yet
Once tests land in updates/ with an outcome, they'll surface here.
All findings
Test results and intel tagged to SEON.
Battle card
Talking points for a live sales call.
SEON (Austin, TX; founded 2017 by Tamas Kadar + Bence Jendruszák in Budapest) is a fraud + AML compliance platform built API-first around 900+ first-party risk signals — digital footprint (email/phone/social), device intelligence, behavioural biometrics, IP geolocation, transaction monitoring, AML screening. The wedge is pricing + breadth of fraud signals + 14-day average integration. **Priority: P0** in the new-verticals competitor set. SEON's growth (80% APR growth in 2026, $80M Series C September 2025 led by Sixth Street Growth, $187M total raised) makes them a credible threat in fintech and iGaming evaluations where buyers are consolidating fraud + AML + IDV under one vendor. **The structural gap is geolocation.** SEON's location signal is IP-only — they themselves acknowledge that IP-based geolocation "should be taken with a grain of salt" (their own docs). For compliance-grade jurisdictional enforcement — particularly OFAC and state-licensed gaming — IP is insufficient. A user behind a residential VPN passes SEON's location check; GeoComply flags them.
Watch out for
- Unified platform: fraud + AML + IDV + transaction monitoring in a single API — strong consolidation argument for buyers tired of point solutions.
- Speed: 14-day average integration with a no-code rules engine. Fraud analysts can build rules in dashboards without engineering tickets.
- Signal breadth: 900+ first-party signals across email, phone, IP, device, and behavioural data.
- AI investment: 'AML Screening Agent' (cross-references customer info against multiple sources), explainable risk scoring, no-code rules engine.
- Premium customer base: Revolut, Plaid, NuBank, Afterpay, Spotify, Entain, Lottoland, Bilt, Rank Interactive.
- Strong commercial trajectory: 80% APR growth in 2026, $187M raised.
How we win
- IP-only geolocation — not compliance-grade. Their own documentation says IP-based geolocation 'should be taken with a grain of salt' (variance by ISP; mobile IPs especially unreliable).
- No GPS spoofing detection. No multi-signal (GPS / Wi-Fi / Bluetooth / Cell) location fusion.
- Phone API recall gap: at the high-precision threshold (0.85), recall is only 12% — 9 out of 10 fraudulent phone numbers pass undetected.
- Email API at high-precision threshold: recall drops to 32% (7 in 10 fraudsters pass).
- IDV (Identity Verification) is new + unproven — wide-scale launch January 2026, no published accuracy metrics.
- No-code rules engine places fraud-pattern maintenance burden on the customer's team — rules built by different analysts can create gaps or conflicts; can be silently outdated.
- Data privacy concerns: stores PII for up to 12 months; concentration of PII in a single API creates cyber-attack exposure. Their own privacy policy admits they 'cannot ensure or warrant the security' of submitted information.
- No published independent VPN/proxy detection benchmark (vs GeoGuard 99.1% VPN detection / 0% FPR — Kingsmead Security, Sept 2025).
- Cannot reliably confirm a user is NOT located in a sanctioned jurisdiction if they employ VPN, proxy, or residential proxy — direct OFAC compliance gap.
Capability claims
What they say they do, grouped by category. Cross-check against the detection scorecard above — claims and tests don't always match.
Geolocation
How accurately and reliably the product determines a user's real location.
- GPS / OS locationUses native device GPS or OS-level location services.○ Noverified
Mobile SDKs claim GPS data 'can be leveraged' but their core location is IP-derived. Subject to GPS spoofing.
- Wi-Fi triangulation○ Noverifiedstale
- IP geolocation● Yesverifiedstale
Core capability — IP API returns country, city, coordinates based on IP analysis.
- IP-change detectionContinuously monitors IP and re-runs geolocation on Wi-Fi ↔ cellular or VPN swap (GeoComply MyIP equivalent).◐ Partialinferredstale
Impossible-travel detection between login locations.
- Boundary / state-lineHandles users moving across regulated boundaries during an active session.○ Noverifiedstale
- Near-border accuracyMulti-point aggregation + buffer-zone handling near regulated borders; measured as pass rate at 250m.○ Noverifiedstale
- Pre-login pre-check◐ Partialverifiedstale
Returns numerical fraud score (0-100) + categorical risk level + signal-level explainability.
- Multi-jurisdictionSingle integration handling operators in multiple regulated states (GeoComply Multipass / Dynamic Boundaries equivalent).○ Noverifiedstale
Geofence API exists but no Multipass / Dynamic Boundaries equivalent.
- Desktop plugin (PLC-class)Native desktop client / plugin required by PA, NJ, MS and most US iGaming regulators.○ Noverifiedstale
- On-property BLE geofenceBluetooth Low Energy precision geofencing for tribal / on-property venues (PinPoint-class).○ Noverifiedstale
Anti-spoofing detection
Detection coverage for the spoof vectors tested by the Competitive Intelligence team. Cell values reflect SDK-level detection of the listed vector at the most recently tested operator.
- VPN exit nodesDetects commercial VPN exit nodes (NordVPN, ExpressVPN, Surfshark, etc.).◐ Partialverifiedstale
Identifies whether IP belongs to residential ISP, data centre, public network, or known TOR exit node. No published accuracy metric.
- Proxy / residentialDetects datacenter and residential proxies — the harder class of IP obfuscation.◐ Partialverifiedstale
Same residential/data-centre/TOR classification as VPN.
- Tor exits● Yesverifiedstale
TOR exit node detection.
- Remote desktop (RDP)Detects AnyDesk, TeamViewer, FaceTime, Assistant, HopToDesk, iPhone screen mirroring, RustDesk and similar remote-control sessions.● Yesverifiedstale
Remote Access Tool detection in Device Intelligence SDK (TeamViewer, etc).
- Fake-location appsDetects iAnyGo / Fake GPS / mock-location apps on iOS and Android.○ Noverifiedstale
No multi-signal location, so fake-location-app detection on mobile is limited.
- Hardware GPS spooferDetects HackRF / BladeRF and GPS-simulator-device signal injection.○ Noverifiedstale
- Emulator / VMDetects Xcode iOS Simulator, BlueStacks, Genymotion and similar virtual environments.● Yesverifiedstale
Emulator + rooted device detection in Device Intelligence SDK.
- Device farm / VMOSDetects VMOS / virtualized Android device-farm environments used for multi-accounting.◐ Partialinferredstale
Visitor Fingerprint system for multi-accounting / device-sharing detection.
- Jailbreak / rootDetects jailbroken iOS, rooted Android (incl. Magisk hidden root), and Frida / runtime-hook tampering.◐ Partialverifiedstale
Rooted device detection claimed; depth on hidden-root (Magisk) unknown.
- Resigned / tampered appDetects iOS apps that have been re-signed / Android apps that have been repackaged with injected code.· Unknownrumorstale
- Sideload (PlayCover)Detects ARM-macOS iOS sideloading via PlayCover and equivalent hardware-abstraction loaders.· Unknownrumorstale
- Browser extension spoofDetects Chrome / browser extensions that spoof location (Location Guard, Hola, etc.).◐ Partialinferredstale
WebRTC discrepancy detection — flags mismatches between local network and stated external IP.
- Session terminationTerminates session when location services are disabled mid-game or device leaves the jurisdiction.● Yesverifiedstale
Visitor Fingerprint persistent identifiers; ongoing login monitoring.
- MITM / replay attackResists network-level interception, request tampering, and replay attacks against the SDK ↔ backend channel.· Unknownrumorstale
Identity & KYC
Document verification, biometric liveness, sanctions screening.
- Document scan / OCR● Yesverifiedstale
Own AI-powered IDV product launched Jan 2026; 10,000+ document types across 200+ countries. No published accuracy metrics.
- Biometric liveness● Yesverifiedstale
Biometric liveness detection + face matching.
- Sanctions / PEP● Yesverifiedstale
AML Customer Screening: 197 countries, 24M risk profiles, 528 entities. Global sanctions, PEP, SDN, adverse media.
- AML / responsible gaming● Yesverifiedstale
Continuous Monitoring + Transaction Monitoring + Movement of Funds visualisation + AML Screening Agent.
- Reusable identity· Unknowninferredstale
Platform coverage
Which surfaces the SDK / product runs on.
- iOS native● Yesverifiedstale
Native iOS SDK.
- Android native● Yesverifiedstale
Native Android SDK.
- Web / browser● Yesverifiedstale
Web JavaScript SDK.
- React Native· Unknownrumorstale
- Flutter· Unknownrumorstale
- Unity· Unknowninferredstale
- .NET / desktop· Unknownrumorstale
- Server-side API● Yesverifiedstale
REST API.
Compliance & certification
Regulatory coverage and certifications.
- US state-licensed (iGaming/sportsbook)○ Noverifiedstale
Not a gaming-commission-certified geo-compliance vendor. Entain + Lottoland + Rank Interactive use SEON for fraud/AML, not geo-compliance.
- US tribal / on-property○ Noverifiedstale
- Canadian provincial○ Noinferredstale
- European (MGA/UKGC)◐ Partialverifiedstale
EU presence via Revolut, Lottoland, Entain.
- LatAm (Brazil SPA)· Unknowninferredstale
- SOC 2 Type II◐ Partialinferredstale
- ISO 27001· Unknowninferredstale
- GLI-certified· Unknowninferredstale
Fraud & device intelligence
Device fingerprinting, IP intelligence, behavioral signals, account-takeover detection.
- Device fingerprint● Yesverifiedstale
Visitor Fingerprint — persistent user identifiers across device, browser, network, behavioural signals.
- IP intelligence DBMaintained DB of VPN / TOR / proxy / hijacked-residential IPs with documented refresh cadence (GeoGuard equivalent).● Yesverifiedstale
IP API: VPN, proxy, data-centre, TOR classification.
- Behavioral signals● Yesverifiedstale
Typing rhythm, scrolling patterns, tap pressure, gyroscope, accelerometer.
- Velocity / impossible travel● Yesverifiedstale
Velocity + aggregation features across 50+ dimensions.
- Bot detection● Yesverifiedstale
- Account takeover● Yesverifiedstale
- Chargeback mgmt◐ Partialinferredstale
Ops & integration
How easy the product is to integrate, observe, and operate.
- Self-serve onboarding◐ Partialverifiedstale
14-day average integration; no-code rules engine in dashboard.
- Case management UI● Yesverifiedstale
- Webhook delivery● Yesverifiedstale
- Real-time API● Yesverifiedstale
Real-time risk scoring.
- Analytics dashboard● Yesverifiedstale
User-friendly dashboard, no-code rules engine.
- Audit log export◐ Partialinferredstale
Whitebox ML — signal-level explainability for every decision. Court-defensibility for OFAC unclear.
- Encrypted responseDetection flag names hidden from the end user (GeoComply uses encrypted XML; most challengers expose JSON flag names).· Unknownrumorstale
- SDK hardeningSDK is signed, obfuscated, and license-bound — not findable / patchable to inject coordinates client-side.· Unknownrumorstale
Commercial
Pricing model and go-to-market shape.
- Usage-based pricing● Yesverifiedstale
API-call pricing per Fraud API call.
- Flat license / enterprise◐ Partialinferredstale
- Free tier / trial· Unknowninferredstale
- Publicly listed pricing○ Noverifiedstale
- Bundled with platformGeo is bundled inside a broader platform deal (OpenBet, GeoLocs/Mkodo, Playtech).● Yesverifiedstale
Fraud + AML + IDV bundled under one platform — primary commercial pitch.
Resources
Briefings, source docs, and external links.
Website (1)
Other (2)
News (1)
- SEON Series C ($80M, Sept 2025)seon.io
Sixth Street Growth-led round; $187M total raised; 80% APR growth in 2026.
SEON is the highest-priority new-verticals competitor. The structural pitch — "fraud + AML + IDV + transaction monitoring in one API, integrated in 14 days" — is a real threat in fintech, crypto, and iGaming evaluations where buyers are consolidating vendors. The structural gap is the same one shared across this whole vertical set: IP-only geolocation, not compliance-grade.
Talking points for displacement / co-sell deals
- "SEON is fraud + AML; GeoComply is location compliance" — these are complementary, not substitutable. A SEON deployment leaves the location-spoofing surface (VPN, residential proxy, GPS simulator) detectable only at the IP layer; GeoComply closes that gap.
- The OFAC line is the strongest message. SEON's own docs say IP-based geolocation "should be taken with a grain of salt." For sanctioned-jurisdiction enforcement that's a regulatory non-starter — IP can be spoofed with $5 of residential proxy.
- IDV is new and unproven (wide-scale launch Jan 2026, no published accuracy metrics). For prospects evaluating SEON's "unified platform" pitch in 2026, the IDV component is the weakest link — frame the comparison against dedicated KYC vendors.
- Phone-API recall gap (12% at high-precision threshold) is a concrete weakness to surface against the "900+ signals" narrative — signal count doesn't equal signal quality.
- No-code rules engine is a double-edged sword. Customers love the autonomy at signing; their fraud teams discover the maintenance burden 6 months in. Reference this to procurement leads.
- Co-sell story: SEON for fraud + AML + IDV signal enrichment; GeoComply for compliance-grade location enforcement. Joint deployment in regulated iGaming / fintech / crypto closes both surfaces.
Where they overlap with GeoComply
- iGaming customers: Entain, Lottoland, Rank Interactive — SEON is the fraud/AML layer; GeoComply is or should be the geo-compliance layer.
- Crypto / fintech: shared evaluation funnel; SEON appears as the "consolidated platform" alternative to a best-of-breed stack.
- Compliance positioning: SEON markets AML + KYC as compliance. The risk is that buyers conflate "AML compliance" with "jurisdictional compliance" — these are different requirements.
Open testing scope
- Independent VPN/proxy detection benchmark — SEON has no published accuracy metric vs GeoGuard's 99.1% / 0% FPR.
- Residential proxy detection — claimed but unbenchmarked.
- IDV accuracy retest — once SEON publishes Jan-2026 launch metrics.