Mobile devices are increasingly used in security-sensitive contexts such as physical access control and authorization of payment transactions. In this paper we contribute a mechanism to verify whether a mobile device currently resides within a geographical area at a given time, thus enabling the use of the location as an additional authentication factor. Trustworthiness, privacy, and practicability are central to our mechanism. In particular, to provide trustworthy location information, our mechanism uses the location of the phone as detected by the Mobile Network Operator instead of relying on the location detected by the phone itself, which can be manipulated. We have followed a privacy-by-design approach to ensure that sensitive information, e.g., location and subscriber data, are only revealed to parties with a need to know. Privacy safeguards are realized using anonymous credentials, an established privacy-enhancing technology. Finally, our mechanism is practical and has little requirements on the mobile phone beyond the ability to run computations on anonymous credentials, as well as Internet and mobile network connectivity. These requirements are fulfilled by most smartphones in the market.