Transmit Security
Active competitorIdentity security platform fusing CIAM + passwordless + IDV + fraud (Mosaic). Tier-1 banking client base (Citi, Goldman, Aflac, KeyBank). GeoComply lost SoFi POC to Transmit.
Detection scorecard
How Transmit Security handles every spoofing technique we test for. Click any cell for findings.
| Competitor | VPN | Proxy | Remote access | Fake GPS app | GPS spoofer | Emulator | Device farm | Jailbreak / Root | Resigned / tampered app | Sideload (PlayCover) | Browser extension | MITM / replay | Tor |
|---|
Strongest findings
Failed and partial test outcomes ranked for sales impact — what to lean on in a call.
No findings yet
Once tests land in updates/ with an outcome, they'll surface here.
All findings
Test results and intel tagged to Transmit Security.
Battle card
Talking points for a live sales call.
Transmit Security is an identity-security platform fusing identity management, fraud prevention, and identity verification into a single platform (Mosaic by Transmit Security). Premium financial-services client base: Citi, Goldman Sachs, Aflac, KeyBank. **GeoComply lost the SoFi POC to Transmit Security** — a credible threat in fintech evaluations where identity-centric buyers prioritise consolidation over best-of-breed point solutions. Understanding this loss is important: SoFi spans banking, investing, lending, and crypto — a broad platform that likely weighted the identity-consolidation story over standalone location compliance. Recommendation: consider whether a Transmit co-sell is more viable than direct competition in enterprise fintech. Their financial-services client base is a warm introduction path GeoComply cannot reach directly.
Watch out for
- Tier-1 banking client base: Citi, Goldman, Aflac, KeyBank — credible enterprise reference set.
- Mosaic unified stack: CIAM + passwordless auth + fraud detection (DRS) + IDV — single-vendor pitch.
- Adaptive authentication — risk signals drive step-up to MFA when login appears anomalous.
- SAML/OIDC for enterprise identity federation; pre-built Salesforce + ServiceNow connectors.
How we win
- IP-derived location only — one contextual risk signal, not verified physical position.
- No GPS, Wi-Fi, or Bluetooth sensor fusion.
- No jurisdiction enforcement — risk score only, not binary geo-fence enforcement.
- No compliance audit log.
- No AML transaction monitoring — gap alongside the absence of compliance-grade location.
Capability claims
What they say they do, grouped by category. Cross-check against the detection scorecard above — claims and tests don't always match.
Geolocation
How accurately and reliably the product determines a user's real location.
- GPS / OS locationUses native device GPS or OS-level location services.○ Noverifiedstale
- Wi-Fi triangulation○ Noverifiedstale
- IP geolocation● Yesverifiedstale
IP-derived; one contextual risk signal.
- IP-change detectionContinuously monitors IP and re-runs geolocation on Wi-Fi ↔ cellular or VPN swap (GeoComply MyIP equivalent).● Yesverifiedstale
- Boundary / state-lineHandles users moving across regulated boundaries during an active session.○ Noverifiedstale
- Near-border accuracyMulti-point aggregation + buffer-zone handling near regulated borders; measured as pass rate at 250m.○ Noverifiedstale
- Pre-login pre-check◐ Partialverifiedstale
Risk score drives adaptive auth, not pass/fail compliance.
- Multi-jurisdictionSingle integration handling operators in multiple regulated states (GeoComply Multipass / Dynamic Boundaries equivalent).○ Noverifiedstale
- Desktop plugin (PLC-class)Native desktop client / plugin required by PA, NJ, MS and most US iGaming regulators.○ Noverifiedstale
- On-property BLE geofenceBluetooth Low Energy precision geofencing for tribal / on-property venues (PinPoint-class).· Unknowninferredstale
Anti-spoofing detection
Detection coverage for the spoof vectors tested by the Competitive Intelligence team. Cell values reflect SDK-level detection of the listed vector at the most recently tested operator.
- VPN exit nodesDetects commercial VPN exit nodes (NordVPN, ExpressVPN, Surfshark, etc.).◐ Partialverifiedstale
- Proxy / residentialDetects datacenter and residential proxies — the harder class of IP obfuscation.◐ Partialverifiedstale
- Tor exits· Unknownrumorstale
- Remote desktop (RDP)Detects AnyDesk, TeamViewer, FaceTime, Assistant, HopToDesk, iPhone screen mirroring, RustDesk and similar remote-control sessions.◐ Partialverifiedstale
- Fake-location appsDetects iAnyGo / Fake GPS / mock-location apps on iOS and Android.○ Noverifiedstale
- Hardware GPS spooferDetects HackRF / BladeRF and GPS-simulator-device signal injection.○ Noverifiedstale
- Emulator / VMDetects Xcode iOS Simulator, BlueStacks, Genymotion and similar virtual environments.● Yesverifiedstale
- Device farm / VMOSDetects VMOS / virtualized Android device-farm environments used for multi-accounting.◐ Partialinferredstale
- Jailbreak / rootDetects jailbroken iOS, rooted Android (incl. Magisk hidden root), and Frida / runtime-hook tampering.◐ Partialverifiedstale
- Resigned / tampered appDetects iOS apps that have been re-signed / Android apps that have been repackaged with injected code.· Unknownrumorstale
- Sideload (PlayCover)Detects ARM-macOS iOS sideloading via PlayCover and equivalent hardware-abstraction loaders.· Unknownrumorstale
- Browser extension spoofDetects Chrome / browser extensions that spoof location (Location Guard, Hola, etc.).· Unknownrumorstale
- Session terminationTerminates session when location services are disabled mid-game or device leaves the jurisdiction.● Yesverifiedstale
- MITM / replay attackResists network-level interception, request tampering, and replay attacks against the SDK ↔ backend channel.· Unknownrumorstale
Identity & KYC
Document verification, biometric liveness, sanctions screening.
- Document scan / OCR● Yesverifiedstale
- Biometric liveness● Yesverifiedstale
- Sanctions / PEP○ Noverifiedstale
- AML / responsible gaming○ Noverifiedstale
- Reusable identity· Unknowninferredstale
Platform coverage
Which surfaces the SDK / product runs on.
- iOS native● Yesverifiedstale
- Android native● Yesverifiedstale
- Web / browser● Yesverifiedstale
- React Native· Unknowninferredstale
- Flutter· Unknowninferredstale
- Unity· Unknowninferredstale
- .NET / desktop· Unknowninferredstale
- Server-side API● Yesverifiedstale
REST API + SAML/OIDC.
Compliance & certification
Regulatory coverage and certifications.
- US state-licensed (iGaming/sportsbook)○ Noverifiedstale
- US tribal / on-property· Unknowninferredstale
- Canadian provincial· Unknowninferredstale
- European (MGA/UKGC)· Unknowninferredstale
- LatAm (Brazil SPA)· Unknowninferredstale
- SOC 2 Type II● Yesinferredstale
- ISO 27001· Unknowninferredstale
- GLI-certified· Unknowninferredstale
Fraud & device intelligence
Device fingerprinting, IP intelligence, behavioral signals, account-takeover detection.
- Device fingerprint● Yesverifiedstale
- IP intelligence DBMaintained DB of VPN / TOR / proxy / hijacked-residential IPs with documented refresh cadence (GeoGuard equivalent).◐ Partialinferredstale
- Behavioral signals● Yesverifiedstale
Behavioural biometrics within auth flows.
- Velocity / impossible travel● Yesverifiedstale
- Bot detection● Yesverifiedstale
- Account takeover● Yesverifiedstale
- Chargeback mgmt· Unknowninferredstale
Ops & integration
How easy the product is to integrate, observe, and operate.
- Self-serve onboarding· Unknowninferredstale
- Case management UI● Yesverifiedstale
- Webhook delivery● Yesverifiedstale
- Real-time API● Yesverifiedstale
- Analytics dashboard● Yesverifiedstale
- Audit log export· Unknowninferredstale
- Encrypted responseDetection flag names hidden from the end user (GeoComply uses encrypted XML; most challengers expose JSON flag names).· Unknowninferredstale
- SDK hardeningSDK is signed, obfuscated, and license-bound — not findable / patchable to inject coordinates client-side.· Unknowninferredstale
Commercial
Pricing model and go-to-market shape.
- Usage-based pricing● Yesinferredstale
- Flat license / enterprise· Unknowninferredstale
- Free tier / trial· Unknowninferredstale
- Publicly listed pricing○ Noverifiedstale
- Bundled with platformGeo is bundled inside a broader platform deal (OpenBet, GeoLocs/Mkodo, Playtech).● Yesverifiedstale
CIAM + auth + fraud + IDV bundled.
Resources
Briefings, source docs, and external links.
This is the most concrete competitive loss in the new-verticals set. Decision criteria appear to have favoured identity consolidation over best-of-breed location compliance. Recommendation: consider co-sell over direct competition in enterprise fintech.
Talking points
- Co-sell, not displacement, in enterprise fintech. Transmit's CIAM + IDV stack is a warm introduction path into Citi / Goldman / Aflac / KeyBank — institutions GeoComply cannot reach directly.
- Highlight the AML + compliance-grade-location gap. Both are becoming table stakes in crypto/fintech compliance stacks — Transmit has neither.
- The SoFi loss informs the playbook. In multi-product fintech RFPs (banking + investing + lending + crypto), buyers will weight consolidation over best-of-breed. Position GeoComply as the location layer that completes Transmit's stack, not the alternative to it.
Where they overlap with GeoComply
- Tier-1 / Tier-2 banking + fintech: Transmit is incumbent. GeoComply rarely meets them in head-to-head SKU comparison; the conversation should be "how we complement."