Nethone has announced that it can now detect all VPNs and proxies to help reduce fraud. The move comes as research by the company shows that more than 80% of fraudsters use a VPN or proxy to hide their location when committing crime.
Maciej Pitucha, Chief Data Officer, comments: “Skilled fraudsters avoid well-known VPN services, opting for those popular among their community on the darkweb.
“But we manage to stay one step ahead of them and detect all VPNs, therefore blocking fraudsters from causing damage while offering genuine users a frictionless experience.”
Use of VPNs and proxy services on the rise
VPNs have long been a standard business tool for road warriors and cybercriminals, including fraudsters. However, over the last three years, their use has exploded. That is partly due to increasing numbers of people working from home and partly due to increased crime.
For merchants and financial institutions, tracking the use of VPNs is a key criterion to identify and prevent fraud. For example, a frequent traveller wants to access a TV subscription in his home country. The content provider will look at the IP address they are using and block access to their content if they see an address associated with a VPN. Other organisations, such as the UK National Lottery, use that same approach, which blocks you from playing the game when outside the UK.
Retailers also monitor VPNs and proxies to stop people from ordering goods when travelling and paying a lower price than they would in their home country. Another concern for retailers is bots used to bid for items. The problems with game consoles and graphics cards over the last few years are examples of scalper bots hiding their IP address using VPNs and proxies to mask their identity.
For financial institutions, retailers and enterprise IT security teams, account takeover is another concern. Just because a user connects from an IP address in the country you think they are in does not mean anything today.
How is Nethone improving detection?
Spotting IP addresses used by large commercial VPNs and proxy services is not too hard. There are lists around giving the address ranges they use, which are regularly updated. The problem is the surge of smaller VPNs and proxy services over the last few years. Many of these do not appear in the usual intelligence lists that those organisations use.
There has also been a rise in the number of underground services used by fraudsters and other cybercriminals. Those services are hard to detect and keep track of and, in most cases, outside the intelligence capability of many security teams.
What Nethone is doing with this release is collating all that information from its active teams on the Dark Net. It is also using its AI-powered systems to monitor the dark net and to do behavioural detection on the connections through those services. It monitors connections through the different services to see what that connection is doing. That information is then used to detect known bad behaviours and spot potential fraud or other cybercrimes.
Enterprise Times: What does this mean?
Detecting cybercrime, including fraud, is a complex job. Cybercriminals and fraudsters have access to a vast underground of tools and capabilities that are constantly adapting. Those charged with defending systems can often be disadvantaged when detecting attacks.
For most organisations, the only workable solution is to invest in a wide range of overlapping tools to help. That brings its own problems, not least complexity and the risk of undetected attacks.
While Nethone is positioning this as a new capability, it is not a new standalone product. Looking at the website, it will integrate with current products, which will appeal to existing customers. It will also appeal to new customers, especially if Nethone can provide evidence of how this new capability closes the gap on previously undetected VPNs and proxy services.