VPN Detection Tests and Screening to Prevent Fraud

What Is a VPN Detection Test?

It’s a test that serves to identify whether a connection is using a virtual private network (VPN). While there are many categories of people who use VPNs, these are two well-known examples of such people:

• privacy enthusiasts who don’t want to share unnecessary information about their location
• fraudsters who want to hide their true location and identity

Organizations, on the other hand, will want to identify the use of VPNs in order to take this data point into account when calculating the risk of fraud and other cybersecurity concerns.

Fraud prevention software solutions conduct VPN detection tests to assess whether a VPN is being used, and combine the findings with hundreds of other data points to collate a complete profile of the user action, or the user themselves. This then informs a risk score of that user. This score then informs the next step, which, depending on the risk thresholds of the organization, will be to do one of the following:

• allow the user to continue unfettered
• block them outright
• pause the journey for a manual review from the fraud team

Note also that there is another type of test related to VPNs: a VPN leak test. Users of VPNs may want to run this test in order to check that their VPN is working as expected, and is not leaking the identifying information that is supposed to be hidden.

Can VPNs Be Detected?

Companies can often detect the presence of a VPN by using VPN detection tests that look at connection attributes like network volume, known IP addresses, and packet headers (namely pieces of data transmitted with the connection being made, not unlike an addressed envelope with a sending and return address).

Having a software stack in place that does this is generally a good idea for online businesses, as fraudsters often try to hide their connection details using VPNs and proxies.

A virtual private network (VPN) hides the user’s actual IP address, acting as an intermediary and rerouting and encrypting traffic. Proxy detection is an adjacent concern that companies at risk of fraud will also want to utilize.

How Popular Are VPNs?

Approximately 31% of internet users globally have used a VPN service. There are different legitimate reasons for using VPN services, such as to stay safe on hotel Wi-Fi while travelling, to access content in another country, or to assure privacy online.

Many also use VPNs to avoid the geo-restrictions on services and websites, though doing so may contravene some providers’ Terms and Conditions.

However, VPNs and Tor clients can also be used to hide fraudulent and other illegal behavior, which is why it is important for businesses to detect their use.

Can You Be Tracked Through a VPN?

If you use a VPN, your IP address and web traffic can’t be traced back to you directly, as any query will only find the VPN network, rather than your actual connection. However, there are tools available that enable businesses to detect whether you are using a VPN.

These VPN detection test tools can flag the use of VPNs, meaning that that organization can identify VPN usage – and take steps to block it, should they wish.

How to Check to See If an IP Address Is a VPN

Different tools take different approaches to checking whether an IP address is a VPN. Some of the ways a business can check to see if an IP address is a VPN include:

VPN detection services also add their own algorithms and other detection techniques into the mix. These include the use of crawlers and bots to keep up to speed with the latest information online about IP addresses known to be associated with VPNs.

Are VPN Connections Considered Bad?

Not all VPN connections are bad. In fact, VPNs have plenty of legitimate uses. Many companies use their own, in-house virtual private networks to enable remote employees to connect securely to the company network.

Business travelers also often use VPN services to keep their data secure, for example when using hotel or coffee shop Wi-Fi.

However, when it comes to VPN detection and IP fraud scoring, VPN detection tools do not take into account the reason someone is using a VPN: They simply flag it as being a greater risk than someone who is not using a VPN.

As such, whether the VPN connection is for legitimate or illegitimate purposes can only be assessed in combination with other fraud indicators, and it’s therefore not to be taken as evidence of wrongdoing in isolation. As well, different businesses with individual risk appetites may consider a VPN more or less risky, as some verticals may naturally have more users connecting via this kind of anonymizing service.

VPN Pros and Cons

Using a VPN to secure online journeys offers many advantages and potential inconveniences. Consider these pros and cons in terms of obfuscating your IP address:

How Does a VPN Detection Test Help Fight Fraud?

Fraudsters are likely to use spoofing tools such as VPNs to hide their true location, true identity and true intentions when attempting their schemes, so detecting the use of a VPN can give us valuable information in the fight against fraud.

While many VPN users are simply trying to get around regional restrictions on streaming services, avoid man-in-the-middle attacks on public Wi-Fi, or access content from countries where it is blocked, others have darker purposes in mind.

As such, businesses need to be on the lookout for customers using VPNs as part of their anti-fraud measures. VPN detection tests therefore have an important role to play in fighting fraud.

Looking out for VPN usage is part of a comprehensive IP lookup, which enables businesses to assign risk scores based on user connection info. This process checks for VPN use, emulator use, and a range of other factors. For example, it can check whether the IP address is included in catalogs of IP addresses associated with disreputable/blacklisted datacenters.

Beyond simple fraud-fighting due diligence, having these kinds of checks in place can help companies mitigate losses to theft, reputational damage, and potentially even KYC or AML noncompliance fines.

SEON’s VPN Detection Capabilities

SEON customers have two main avenues to testing connections for VPNs: through the standalone IP API and as part of the end-to-end fraud prevention solution.

In the latter case, custom fraud rules can be created to flag customers who connect to domains using a VPN, or even with a combination of specific data points that the company has observed as being more likely to be fraudulent.

An example of this custom rule scoring might be a rule on the SEON scoring engine that will only trigger if three conditions are met: IP type is DCH (VPN), location is in a Nordic country, and email score is less than 4. The screenshot below shows how straightforward this can be to implement within the UI.

SEON customers can activate or deactivate this rule; decide whether it leads to the APPROVE, DECLINE, or REVIEW status; or even create new custom rules that take similar parameters into account while adding new ones.

In addition to information on whether the customer’s IP address is a VPN or not, SEON also identifies:

• mobile proxies
• datacenter proxies
• web proxies
• the use of Tor and the Tor Browser
• suspicious connections

Of course, SEON’s fraud detection gathers data points using many more modules and technologies than just IP analysis, including device fingerprinting, unique digital footprint analysis, velocity checks, and behavioral monitoring.

These all serve to provide robust, explainable fraud scoring to help prevent fraud, identify suspicious customers, and reward good users with low-friction experiences – safeguarding your bottom line and enabling your organization’s growth.

Sources:

• DataProt: VPN Statistics for 2022 – Keeping Your Browsing Habits Private

Frequently Asked Questions