Behavioral detection of all proxies and VPNs to prevent fraud released

Nethone, the Know Your Users AI-powered fraud prevention company, has developed the ability to detect all proxies, including residential proxy, and VPN connections - even those offered by obscure services used extensively by skilled fraudsters.

Nethone’s own darknet research has identified that more than 80% of fraudster tactics involve the use of a VPN or proxy service to commit a successful online fraud attempt - without them, fraudsters leave themselves vulnerable to identification and unwittingly reveal their intentions. To avoid this problem, fraudsters need to mask their IP addresses, true geographic location, repeated attempts, and browser automations.

Precise detection of proxies and VPNs has the following benefits for merchants and financial institutions:

• stave off sophisticated attackers trying to commit payment fraud at a large scale
• prevent browser automation - web scraping, automated creation of accounts farmed for malicious purposes, price or inventory manipulation (e.g. detect “sneaker bots” that bid on rare items)
• prevent compliance breaches in regulated environments like gambling or crypto by making sure customers are not hiding their true location

Solution providers often rely on lists of VPN and proxy servers that quickly become outdated as new devices join the network. What sets Nethone apart from other anti-fraud solutions is that it detects VPN and proxy by the behavior of the Internet connection. That allows to recognize in real time a compromised device even if it was added to the proxy network very recently and stop fraud, and only fraud, automatically.

All fraud prevention companies can detect proxy and VPN connections from well-know services, such as NordVpn and ExpressVpn, owing mainly to easily detectable data traces or inexpensive third-party providers. For this reason, skilled fraudsters avoid these services, opting to use specialized services that are popular among cybercriminals to mask their true IP addresses. Residential proxies,which are particularly popular in this context, refer to compromised devices owned by 'clean' users who are unaware their device is used for malicious activities. Fraudsters mask their identities and true locations behind the victim’s device - and it’s all available thanks to professional services like 922proxy.com (the alleged successor of the infamous 911.re) or FACELESS.CC that offer 200M+ proxies for sale.

Maciej Pitucha, Chief Data Officer at Nethone, commented: “We are proud to be able to provide a safer online experience for businesses by effectively detecting all proxy and VPN connections, incl. residential proxies - both good and bad based on the behaviors of every single user - therefore blocking fraudsters from causing damage while offering genuine users a frictionless experience.”

VPN and proxy detection is part of a large suite of risks detected by Nethone Guard - the company’s flagship fraud prevention product. Nethone offers a free trial for developers and fraud managers interested in seeing the product in action - a no-pressure way to see how it works and explore its benefits.