There are a couple of ways this feature might serve.

1) Stopping hackers

2) Stopping sharing of access to paid sites

For case '1', we'd probably want to allow the user themselves to unlock the new access.

For case '2', it is more of a case of the user being given the option to dispute the block, and the staff an ability to grant a login extension.

If you last had session activity within a few minutes before, we can detect if the IP address geolocation is more than 50 miles away of that, and then block it.