Does easyAML check whether the client is using a VPN?

The platform's Online Fraud Indicators can detect VPN use, iCloud Private Relay, Tor exits, and other anonymisation technologies during the VOI flow. A VPN flag doesn't automatically fail the verification, but it is recorded in the KYC.

Why VPN detection matters for AML/CTF. AUSTRAC's risk-based approach asks reporting entities to consider the delivery channel as one of the ML/TF risk inputs alongside customer type, geography and product. A customer obscuring their location via VPN is using a higher-risk delivery channel - it doesn't prove malicious intent, but it's a documented risk indicator worth recording.

What the platform does when a VPN is detected:

• Flags Indicator. The Online Fraud Indicator contributes to the customer's overall KYC review output.
• Audit log records it. The detection method, time and any associated geolocation data are stored alongside the verification record.
• Compliance Officer can review. A high-risk verification with VPN use flagged is presented to the CO with the context attached. Decisions on whether to proceed, request additional evidence, or escalate are at the CO's discretion.

What it doesn't do:

• Detect all VPNs. New VPN IP are created constantly and cannot always be identified as VPN IPs.
• Block the VOI automatically. Plenty of legitimate users have VPNs running for privacy, corporate access or geographic reasons. Auto-blocking would create unnecessary friction.
• Identify the customer's "real" location. VPN detection confirms the user is behind one, not where they actually are.

Other Online Fraud Indicators that contribute to the same risk score: device fingerprint anomalies, unusual browser configurations, mismatched timezone / locale data, recent device tampering signals. The full Indicator set is reviewed continuously by the data team.

See AUSTRAC's Overview of initial customer due diligence page for the delivery-channel risk framework.

Related articles

• What does the KYC unit price include?