When carding, which means using stolen credit cards to buy things online, people usually use two layers of security: a VPN, then a SOCKS5 proxy. The latter is usually geographically located in the country/city your card is from to circumvent CC provider checks. Both components are commonly bought from traders who again use stolen CCs to buy/rent them.
The most basic anti-fraud check is comparing card issuing country against the IP location. If there's a mismatch, it's a first red flag. If you see someone popping up from a VPN or a Tor exit, it's largely the same thing.
This is true but irrelevant to the situation at hand. This isn't about blocking transactions done over VPNs, but rather blocking purchases of VPN services.
