Id like also like to know how they can see if user is using a vpn connection or not, and i wonder why it matters if the user only has one account?
And if we go in abit deeper into the technical stuf then it would be ok to set up a ipsec tunnel but its not ok to use vpn.
/Slotaholic
I had a look on Google about this, and it seems VPN use is quite widespread, especially in the USA. It's always billed as an essential security measure for safe browsing, and some people are just as worried about browsing "naked" (without their VPN) as they might be about not having any kind of anti virus or firewall.
Of course, it's also the tool of choice for the fraudster, who has less than honest reasons for wanting "safe browsing".
VPN services advertise by claiming customers need the service to remain secure on the internet. Another major marketing angle is VPN allows users outside of the USA to use much cheaper streaming services in order to fight back at the movie industry for deliberately pricing the services less favourably for the rest of the world, as well as making some content completely unavailable outside the US.
As for detection, it seems it's nothing more than a central blacklist of IP addresses "known to be used by VPN service providers". This could well be how errors are made in wrongly accusing people of using a VPN when they are not, a simple matter of the data on the blacklist being wrong or out of date. Conversely, some VPN use goes undetected because the service has not yet had it's IP addresses detected and added to a blocklist.
My ISP is plagued by having ALL outbound emails wrongly blocked due to erroneous blacklisting of it's email gateways by Spamcop and other such services. The effect is felt when users attempt to send emails to recipients who use these same blacklists for spam blocking. It's a constant "whack a mole" problem as no sooner has the ISP dealt with one problem, another one arises. It's impossible to get a permanent whitelist entry for valid email gateways such that this does not keep happening.
It's a fundamental problem with blocklist detection. It does not detect ACTUAL use of a VPN, or an actual piece of spam email, it simply blocks EVERYTHING based on an entry of an IP address in a database.
I also wonder whether the way some ISPs use proxies and caches between a subscriber and the internet (like mine does) can also cause false positive detections of deliberate "fraudulent" VPN or proxy use.
I also found a forum post by a "professional gamer" who wanted to find a way to use a VPN to play online poker because his country was banned, and he was prepared to spend "what it takes" to set up an advanced enough solution to outsmart the poker operator. He was somewhat disappointed though, as he was advised that there was no way to guarantee to avoid detection, and one suggested he simply move house to an allowed country.
It seems that VPN has become mainstream, and it is no longer the case that the ONLY reason someone would use one is to commit some kind of fraud.
The VPN industry seems to be mostly to blame as it is wrongly marketing the service as a "necessary security measure" to protect people from the dangers of being hacked and their data stolen. They have a commercial interest in perpetuating the myth as their small monthly subscription adds up to more than the annual cost of the best anti-virus and firewall products.
There are ways to tunnel back through someone's VPN and interrogate their machines to determine the truth about their OS, location, connection, running software, etc. This is why "professional gamer" was told even $10K wasn't enough to 100% guarantee success. There is a legal question as to whether this kind of detection can be used due to privacy laws, which might be why many companies use the blocklists instead. It could get expensive if someone caught them tunnelling back through their VPN to interrogate their machine, and then took out and won a lawsuit against them for it.