A method for authenticating the identity of a user who is attempting to access a website or conduct a transaction is described. The method involves receiving two geographical locations, and associated time stamps, of a mobile phone associated with the user, one of the locations being the location of the transaction or access attempt. The method determines whether the speed required to travel between the two geographical locations in the elapsed time is within acceptable limits. A confidence score, derived in part from this calculation, is taken into account when deciding whether to allow or deny the access or the transaction.