Online identity verification service (eKYC) enhanced with additional proxy & VPN detection options!

Cases of abuse through VPNs and proxy servers
ARGOS Identity's avatar
ARGOS Identity
Oct 25, 2024
Online identity verification service (eKYC) enhanced with additional proxy & VPN detection options!
Contents
Similar yet different concepts of VPN & ProxyThe differences between VPN and PROXY are as follows:Abuse cases through VPN and proxy serversExperience enhanced eKYC with proxy & VPN detection options!How to enable VPN & Proxy optionsDashboard - Pre-Qualification ListDetailed Information Page

Hello. This is ARGOS Identity, an AI-based identity platform.

Recently, cases of abuse using bots and *automation macros based on AI technology are increasing. These incidents occur in a variety of ways across multiple industries, such as illegal acquisition within online games, automated spam comments, ticket purchases, website attacks, and online vote manipulation.

*Automation macro: An automation macro is a tool or script used to automate repetitive tasks. It presets specific commands and executes them all at once, allowing repetitive tasks to be processed quickly and efficiently.

Malicious bots and automated macros use VPNs and proxy servers to bypass security measures like IP address blocking on common websites. The abuse of VPNs and proxy servers enables the same bot or macro to create multiple accounts and engage in illegal activities by changing the IP address multiple times.

Today, we will explore the new features and concepts added by ARGOS to address this issue.

Similar yet different concepts of VPN & Proxy

First, let’s briefly look at the concepts of VPN and Proxy.

VPN (Virtual Private Network) is a technology that hides the user’s real IP address over the internet and exchanges data through an encrypted connection. A VPN allows users to mask their location or IP address while using a public network, making it appear as if they are connecting from a different location.

The advantages of using a VPN include protecting your data from external threats, accessing content or services restricted to specific regions, and safeguarding personal information on unsecured networks.

A Proxy is a technology that acts as an intermediary server, forwarding user requests to the destination server on the user’s behalf. Users access websites using the IP address of the proxy server, thus hiding their real IP address.

When using a proxy, the proxy server’s IP address may be exposed, and access to certain websites may be blocked or allowed based on that IP. Proxy servers also have the benefit of storing frequently visited website data in a cache, allowing users to access websites at faster speeds.

The differences between VPN and PROXY are as follows:

VPN

  • Security: High level of security by encrypting the connection itself.

  • Speed: Slower due to the encryption process.

  • Use:

    • Emphasis on privacy protection and security.

    • Maintains anonymity.

    • Changes IP address.

PROXY

  • Security: Low level of security as it only hides the IP address and does not encrypt the connection itself.

  • Speed: Fast as there is no encryption process.

  • Use:

    • Primarily for accessing region-restricted content or hiding the user’s IP address.

VPNs and proxy servers are similar in that they both hide your IP address to protect your Internet connection, but they differ in purpose and security level.

istock AI platform related images

Abuse cases through VPN and proxy servers

VPNs and proxy servers are used to protect Internet connections. But are there cases of misuse?

Regarding Oasis ticket sales in August of last year, an official from the software security company Asset said, “Bots imitate the activities of real users and sometimes use software like VPNs to manipulate location,” adding, “Bots are used to purchase large quantities of tickets at once.”

In the case above, users attempted illegal activities such as creating multiple accounts by disguising their IP addresses and accessing accounts while hiding their location. Companies may find it difficult to filter out fraudulent users.

These security threats occur frequently, and it is a critical task for companies to prevent them.

Experience enhanced eKYC with proxy & VPN detection options!

The optional proxy & VPN detection function enhances the reliability and security of data by immediately blocking the use of the service if a user bypasses the IP address and the system determines that the activity is dangerous.

How to enable VPN & Proxy options

  1. Go to SettingsMulti-Verification & Anti-Fraud page

  2. In the Proxy & VPN detection section: change ‘Do not apply’ to ‘Apply’ → Save

Once setup is complete, the user enters their email address in the live form and clicks the Start KYC button to automatically check the IP.

Dashboard - Pre-Qualification List

ARGOS VPN and proxy server options have been added.

Verification results can be checked in the User Management menu → Pre-Verification List. After a user completes identity verification using the live form, you can check the information such as request ID, IP address, connection type, and country along with the risk score in real-time.

A risk score is automatically assigned based on the user’s IP, with a number ranging from 0 to 100 indicating how likely the IP is to belong to a malicious user or be associated with malicious behavior. IP addresses with a risk score of 85 or higher indicate suspicious activity, while those with a risk score of 90 or higher indicate malicious activity.

Detailed Information Page

ARGOS VPN and proxy server options have been added.

The ARGOS VPN and proxy server option feature also includes a detailed information page for deeper analysis of a specific user’s IP.

Key information found on this page includes:

  • IP anonymization status: Determines if the user is using Proxy, VPN, or TOR network
    Each status is labeled as ‘Danger’ or ‘Safe’

  • IP abuse history: Assesses the trustworthiness of the IP by reviewing recent bot activity, rate of abuse, and frequency of abuse.

  • Subnet attempts: Analyzes forgery attempts originating from the same network band.
    Subnet attempt status is classified as ‘first occurrence,’ ‘rare,’ ‘frequent,’ or ‘very frequent.’

This detailed information page allows users to better understand and control the risks associated with each user’s IP.

For example, if the same host is frequently identified through the proxy & VPN detection option, customers can recognize this as an automated macro by viewing it as an indication of multiple attempts made in the same network environment. Additionally, by using the risk score and connection type (data center, residential, etc.), the customer’s security system can be further strengthened, and the user authentication process made more secure.

If a Submission ID is generated through the ID check process, this option allows easy access to the user’s IP-related information on the details page of the submission list.

Today, we discussed the concept of proxy & VPN and the newly added detection option feature. In fact, a client company that implemented this feature detected 11% of fraudulent users. ARGOS plans to continue enhancing its services to more quickly detect abuse and bypass attempts through VPNs and proxies.

If you have any questions about these new features, please feel free to contact us. This was ARGOS Identity. Thank you.

Share article
Subscribe to our newsletter.

ARGOS Identity

RSS·Powered by Inblog