The VPN Problem
VPNs hide user identity and location. This enables:
- Fraud: Hiding real location from detection
- Geo-bypass: Accessing lower-priced regions
- Promotional abuse: Appearing as multiple users
- Policy evasion: Circumventing bans
Common VPN-Related Issues
Fraud Correlation
VPN traffic has significantly higher fraud rates:
- Stolen cards used through VPNs
- Real location hidden from fraud detection
- Chargebacks difficult to trace
- No accountability
Geographic Pricing Bypass
If you price differently by region:
- VPN users access cheaper prices
- Margin erosion from arbitrage
- Unfair to customers paying full price
Promotional Abuse
VPNs enable abuse at scale:
- Appearing as new customer repeatedly
- Geographic promotions accessed globally
- Referral programs gamed
- Discount code abuse
Compliance Issues
For restricted products:
- VPN users bypass geographic restrictions
- Age verification circumvented
- Regulatory violations possible
Should You Block VPNs?
Reasons to Block
- High VPN-related fraud rate
- Geographic pricing being exploited
- Promotional abuse is significant
- Compliance requires knowing location
Reasons to Allow
- Privacy-focused customer base
- Markets where VPNs are common for safety
- Low fraud rate from VPN traffic
- VPN users convert well
The Middle Ground
- Warn but allow
- Flag for manual review
- Block only on sensitive pages
VPN Detection with SecurEcommerce
How It Works
We use ProxyCheck.io to identify:
- Commercial VPN services
- Data center IPs
- Proxy connections
- TOR exit nodes
Detection Options
Block
- VPN users see block message
- Can’t access your store
- Strongest protection
Warn
- Message displayed
- User can continue
- Aware you detect VPNs
Flag
- Orders marked for review
- No visitor impact
- Manual verification step
Setting Up VPN Blocking
Step 1: Understand Your Risk
Review your data:
- What % of traffic uses VPNs?
- What’s the fraud rate from VPN traffic?
- Do legitimate customers use VPNs?
Step 2: Choose Your Policy
Options in SecurEcommerce:
- Block all VPN traffic
- Warn but allow
- Flag for review
- Different rules for different pages
Step 3: Configure Detection
In SecurEcommerce:
- Go to VPN/Proxy Blocking
- Enable detection
- Choose your action
- Set custom message
- Save settings
Step 4: Monitor Impact
After enabling:
- Track blocked/flagged traffic
- Monitor customer complaints
- Adjust policy as needed
Custom Block Messages
Write helpful messages:
Good:
“For security reasons, we can’t process orders through VPN connections. Please disable your VPN to continue shopping, or contact support if you have questions.”
Bad:
“Access denied. VPN detected.”
Be professional, not accusatory.
Edge Cases to Consider
Corporate VPNs
Some B2B customers browse from corporate networks that appear as VPNs:
- Consider your customer base
- Allowlist specific corporate IPs if needed
- Use flag mode instead of blocking
Travelers
Legitimate customers traveling may use VPNs:
- Especially in countries with restricted internet
- Consider geographic context
Privacy-Focused Customers
Some legitimate customers prioritize privacy:
- Decide if this is your target market
- Weigh fraud reduction vs. access
Combining with Other Blocking
VPN blocking works best with:
Country Blocking
- Block high-fraud countries
- VPN blocking catches bypass attempts
TOR Blocking
- TOR is higher risk than VPNs
- Block separately for more control
IP Blocking
- Block specific bad actors
- Supplement VPN detection
Measuring Success
Track these metrics:
- Fraud rate before/after
- Blocked traffic volume
- Customer complaints
- Conversion rate impact
Adjust your policy based on data, not assumptions.
The Decision Framework
| Situation | Recommendation |
|---|---|
| High VPN fraud, don’t serve VPN markets | Block |
| Moderate VPN issues, want data first | Flag |
| Uncertain about impact | Warn |
| Legitimate VPN user base | Allow |
Start conservative and adjust based on results.