You could require 2FA to login, and then the folks sharing accounts would need to be in the same location. Solves the problem for new users going forward but wouldn't necessarily solve it for our users that are already logged in.
More importantly, is this really that big of an issue? In other words, is this even a problem worth solving because you're missing out on so much additional revenue, or is this a once in a blue moon type of problem?