1 When is GeoComply called?
| User Action | Check Type | What it verifies |
|---|---|---|
| Registration (initial step) | Precheck | Location only — browser geolocation API, fast and cheap |
| Login | Precheck | Location only |
| Game launch (GC games) | Precheck | Location only |
| Registration complete (welcome offer) | Corecheck | Location + device integrity (VMs, simulators, rooted devices) + RiskGuard fraud check |
| Pay-in | Corecheck | Location + device integrity + RiskGuard fraud check |
| Pay-out | Corecheck | Location + device integrity + RiskGuard fraud check |
| Game launch (SC games / real money) | Corecheck | Location + device integrity + RiskGuard fraud check |
| IP address change (detected automatically) | Corecheck | Location reconfirmation + RiskGuard fraud check |
| Session geo-expiry (mobile, time-based) | Corecheck | Location reconfirmation + RiskGuard fraud check |
2 Corecheck Flow (with RiskGuard)
sequenceDiagram
participant FE as Frontend (Browser/App)
participant BE as Backend API
participant GC as GeoComply
participant RG as RiskGuard
participant DB as Database / Session
Note over FE,DB: Triggered by: registration complete, pay-in, pay-out, SC game launch, IP change
FE->>BE: POST /geolocation/geocomply/license
BE-->>FE: License (fetched from GeoComply, cached in Redis)
FE->>GC: Run GeoComply SDK (device + location)
GC-->>FE: Encrypted geoData
FE->>BE: POST /geolocation/geocomply/evaluate
BE->>BE: Decrypt & validate geoData
BE->>RG: Get fraud data (userId + reason)
RG-->>BE: Fraud tags (device sharing, suspicious user, etc.)
alt Fraud detected & auto-ban enabled
BE->>DB: Check fraud-detection whitelist
alt User NOT whitelisted
BE->>DB: Ban user (reason: fraudDetection) + apply fraud tags
BE->>DB: Delete all user sessions
else User whitelisted
BE->>DB: Apply fraud tags only (no ban)
end
else No fraud / RiskGuard disabled
Note over BE,DB: No action needed
end
BE->>BE: Evaluate geo result (location / device check)
alt Geo check negative
BE->>DB: Destroy session (logout user)
BE-->>FE: Geo check failed
else Geo check positive
BE->>DB: Update session (geo confirmed, expiry, state/province code)
BE-->>FE: Success
end
3 RiskGuard Fraud Tags
When RiskGuard flags a user, tags are stored on the account and visible to Customer Support in back office.
| Tag | Meaning |
|---|---|
DEVICE_SHARING |
Multiple accounts using the same device |
SUSPICIOUS_USER |
Behavioural pattern flagged as suspicious |
SUSPICIOUS_DEVICE |
Device itself is flagged |
ACCOUNT_TAKEOVER |
Possible account takeover attempt |
HIGH_RISK_LOCATION |
Access from a known high-risk location |
4 Auto-ban Decision
flowchart TD
A["RiskGuard returns fraud_detected = true\n+ recommendation = DENY"] --> B{fraudAutoBanEnabled\nin platform
config?}
B -->|No| E[Apply fraud tags to user\nNo ban]
B -->|Yes| C{User on\nfraud-detection whitelist?}
C -->|Yes| E
C -->|No| D[Ban user\nreason: fraudDetection\n+ delete all sessions]
5 Key Config Flags
| Flag | Effect when false / disabled |
|---|---|
riskGuardEnabled |
RiskGuard API not called — tags and auto-ban disabled entirely |
fraudAutoBanEnabled |
RiskGuard still runs, tags applied, but no auto-ban |
isDryRun |
GeoComply checks run but session is never updated and users are not logged out |
enabledGeochecks.{trigger}.corecheck |
Toggle corecheck per trigger (registration, login, payin, payout, scBet, gcBet) |
enabledGeochecks.{trigger}.precheck |
Toggle precheck per trigger |
6 Per-Brand Configuration (current state)
Every check type is independently toggled per trigger via enabledGeochecks in global config.
Originals and external games share the same config key (scBet / gcBet).
| Trigger (config key) | MoonspinUS | SidepotUS |
|---|---|---|
Login login |
Precheck | Precheck + Corecheck |
Registration — welcome modal registration |
Precheck + Corecheck | Precheck + Corecheck |
Pay-in payin |
Corecheck | Corecheck |
Pay-out payout |
Corecheck | Corecheck |
SC games — originals bet + external launch scBet |
Corecheck | Precheck only |
GC games — originals bet + external launch gcBet |
Precheck | Precheck |