VPNs: To block or not to block, that is the question

VPNs (or virtual private networks) are everywhere these days.

In fact, according to a recent report from Statista, VPNs have surged in their popularity with around a whooping 22.9% of internet users worldwide utilizing them as of the second quarter of 2024 to protect their privacy and secure their connections whilst in some countries, VPN adoption is as high as 40% in corporate environments.

So, with so many people using them, how should you treat VPN traffic? Block it, allow it, or flag it for manual review?

Let’s dive in and explore the options! 👇

Not just for the bad guys

Fact: Not every VPN user is trying to hide their shady activities.

While fraudsters do use VPNs to mask their identity, countless legitimate users, from business travelers to remote workers, use them for privacy and security.

So how do you handle this? Should you block VPN traffic completely? Not necessarily.

You’ve got three choices when it comes to VPNs:

How VPNs work

Alright, let’s get into the nitty-gritty of how VPNs actually work.

When you’re connected to a VPN, your internet traffic is rerouted through a secure, encrypted server, making it look like you’re somewhere else entirely, thus protecting your original location (and the IP address your router assigns).

It’s a neat trick for privacy, but for fraud prevention, it creates somewhat of a headache.

Here’s how it plays out, whether the VPN is connected or not:

Without a VPN: A user’s IP address reveals their real-world location

With a VPN: The VPN routes traffic through a remote server, masking the original IP and encrypting the users data.

While VPNs boost privacy and security, they can also conceal suspicious activity. That’s why it’s crucial to determine the right action when VPN usage is detected, especially when you're working to prevent fraud.

How VPNs are detected

Even with a secure connection, VPN traffic does leave a trail of breadcrumbs. Here’s how you can spot them:

1. IP Address checks: Cross reference potentially harmful IPs against known VPN servers and providers to see if you’re at risk.
2. Port scanning: Examine network ports (communication channels used by devices) to detect those commonly associated with VPN traffic.
3. Device fingerprinting: Every device has a unique “fingerprint” based on attributes like browser type, operating system, and time zone. Even if a user tries to hide behind a VPN, their fingerprint stays the same, helping you detect suspicious behavior and take action.
4. DNS lookups: Check if a domain name translates (or "resolves") to an IP address associated with a VPN server.

By analyzing these signals, you can better identify unusual activity and make informed decisions about potential fraud.

The pros and cons of VPNs

VPNs can be a double-edged sword 🗡️

On one hand, they’re a lifesaver for privacy and security. On the other hand, they’re the ideal tool for fraudsters looking to cover their tracks.

Let’s break down the good, the bad, and the risky:

Pros

✅ Privacy: VPNs are a powerful tool for protecting sensitive data and ensuring anonymity online. Businesses that have teams out in the wild will likely opt for the highest level of privacy possible.

✅ Security: They encrypt internet connections, making it harder for cybercriminals to intercept data packets in transit (moving between the user requesting the data and where the data sits like a database). If you’re working with customer data or financial records, a VPN adds an extra layer of security.

‍✅ Access: VPNs let users bypass geographical restrictions, granting access to content from anywhere. Just cast your mind back to Netflix’s woes if you need a reminder!

Cons

⚠️Fraud risk: Fraudsters love VPNs because they can hide their true identity and location. If your product or service is only available in specific locations, VPNs make it possible to exploit this.

‍⚠️Performance: The encryption process can slow down internet speeds, so if you’re working on the go on public networks or subjected or dial up speeds, VPNs aren’t going to be your best friend.

‍⚠️Limited transparency: VPNs are designed to obscure user data, making it harder for businesses to verify identities, track locations, or enforce geo-based policies. This can complicate fraud prevention and compliance efforts.

The different types of VPN blocking available

Some businesses don’t care about VPNs, others want to detect them, and others want to stop them outright. Here are the main ways VPN traffic gets blocked:

1. IP blocking: VPN services use known IP ranges, so blocking these prevents users from connecting to your services through them. Google is great for finding publicly available lists of known VPN providers, like this one 👈
2. Deep Packet Inspection (DPI): Instead of just glancing at the envelope containing the data (your web traffic), DPI tears it open to examine the contents, analyzing the data to detect potential VPN traffic and other hidden patterns ✉️
3. Port blocking: Think of VPNs like secret tunnels, they use specific doors (ports) to stay hidden. By blocking those doors, you can shut down the tunnel and stop the VPN in its tracks ⛔

To block or not to block

When deciding how to treat VPN traffic, think of it like a balancing act.

On one side, you’ve got fraud prevention. On the other, you’ve got your users, who may genuinely need a VPN to access your platform securely. So, should you block, allow, or flag VPN traffic? 🤷

Luckily, there are third-party tools (like Hitprobe) out there that offer you the flexibility to customize your approach. Whether you decide to block all VPN traffic, allow it, or only flag VPN activity associated with suspicious behaviour, with the right tool, you get to choose the level of protection that works best for you.

The best part about third-party software that detects and blocks VPNs? It doesn’t just stop at the IP address. It digs deeper, pulling data about the device and user behind the VPN. This means you’re not only blocking the IP, but also the device fingerprint - talk about a double whammy in fraud protection 🙌

Commonly asked questions

In case we’ve missed anything, heres a few of the commonly asked questions when it comes to VPNs:

Can you be accurately tracked when using a VPN?

No, if a VPN is active, your real IP address and the sites you visit (your web traffic) can’t be traced back to you directly.

Can I detect VPN usage without paying for third-party software?

Yes, there are some manual processes you can carry out to detect VPN usage, such as checking IP addresses against known VPN services, but detection may not be enough - enter click fraud software.

Does click fraud software allow me to block some VPN users, but allow others?

Sadly not, ask VPN providers to allow users to cycle their locations in seconds. When it comes to blocking VPN traffic, it's either all, nothing, or manual reviews (think of the software giving you a heads up of what it detects, but allowing you to make a decision on what to do with the data).

Are VPNs legal?

Absolutely! They’re perfectly legal and serve legitimate purposes, like enhancing privacy and security. But it’s how some people use them that can cross the line into nefarious (or even illegal) territory.