As I found out on Black Friday, using an IP address tied to a VPN provider could get your last-minute holiday shopping orders cancelled on some sites.
Virtual private networks disguise your location, making them a great way to protect yourself online. But if you're holiday shopping, some sites may hold or cancel your order if you use a VPN.
Netflix and some video streaming sites have been playing VPN whack-a-mole for years, but what about shopping sites? I ran into this issue firsthand when trying to buy a new PC case from Corsair's website on Black Friday. I decided to try using an email alias, which comes with my Proton Mail subscription, to see if it would work. I then realized I bought the wrong case size, so I bought a bigger one and used my real Proton Mail email address.
Something along the way sparked Corsair to send a text asking me to verify my orders. I reached out to their support team to get the first order cancelled, but not the second one, and I didn't respond to those texts. A few days later, my order was cancelled with no response from Corsair other than a generic message with three reasons why it cancels orders before shipping them.
One of the reasons listed: "Your credit card's billing address does not match the country in which the order was placed. If you are running any VPN connections, disable those and try placing the order again." My billing and shipping addresses are the same as the one on my credit card, and I didn't think I was using Proton VPN when I placed either order, though maybe I forgot to turn it off.
Corsair may be blocking VPNs because scammers use them when attempting credit card fraud. They might also cancel orders that don't get text confirmations from the buyer (though using text verification isn't all that secure because of SIM-swapping attacks). Corsair also said in its automated email that trying to send an order to a shipping company's address could get it cancelled, but I hadn't done that (and I reached out to Corsair for comment).
By the time the company cancelled my order, the sale was over. Though it's unclear what got the second order cancelled in my case (pun intended), I discovered that Corsair doesn't trust purchases made using a VPN.
Coinbase, a US-based cryptocurrency exchange, recently said it doesn't trust VPN activity, either. "Don't use a VPN to access Coinbase. Attackers always use VPN's [sic], so our risk models take that as a negative sign even if you're legitimately using your own account," Coinbase Product Director Scott Shapiro warned users earlier this month.
In fact, Coinbase doesn't even want you to use ad blockers or other browser extensions. Shapiro did say that using Brave, a browser with a built-in ad block system, should be fine, though. So if you're thinking about gifting a friend or family member some Bitcoin, you might run into issues if doing it on Coinbase with a VPN enabled.
What other sites might block your orders or flag your account for using a VPN this holiday season? There are reports that Amazon, eBay, Abercrombie, Gap, and Vinted block VPNs. I also reached out to MSI, Razer, Dell, Apple, HP, and Lenovo to see if the brands that make the best desktop PCs on the market are blocking purchases made with VPNs. Plus, I contacted Logitech and retail sites like Best Buy and Newegg and will provide updates if I hear back.
Acer tells me that it's OK to use a VPN while shopping on its site. "Acer Store doesn't block access to an online purchase via a VPN, unless it's detected as fraudulent," a spokesperson said.
ExpressVPN Privacy Advocate Lauren Hendry Parsons tells me that it's not the VPN itself being blocked in these cases, but the IP addresses tied to VPNs that are being tracked and blocked. Websites can see that the IP address you're using belongs to a VPN company.
"Consumer shopping and tech sites blocking VPN use is a rare issue, but it is something we've observed more in 2024, Parsons said. "It is still completely advisable to use a VPN wherever possible. The issue actually comes from 'dirty' IP addresses being used by cybercriminals. There are a finite number of IP addresses in the world, and these IPs are rarely tied to one entity for life. If an IP address is linked to malicious activity, it can be challenging to get it 'clean' again."
Parsons compares the issue to getting spam texts when you get a new phone number. That number has been recycled, just like how VPN IP addresses are reused.
If you still want to keep your VPN on while shopping, you can use a "Dedicated IP," which is an IP address that isn't being reused and won't be recycled. It doesn't have any history and should cut down on the number of CAPTCHAs and other anti-bot measures you may be forced to complete while surfing the web with a VPN.
You can also use a VPN IP address located in your country, or shop from a company that's openly said it's OK with VPN use. Otherwise, if you're open to turning your VPN off while shopping, you could do that and then turn it back on again after you're done.
Ultimately, it wasn't the end of the world that my (wanted) PC case order was cancelled. I managed to upgrade my motherboard, CPU, and RAM and squish the cables into my existing, smaller PC case. Lesson learned!
Have you found any other sites that blocked your VPN? Let us know in the comments.