Platform Operations · 2026-04-12
How Amazon Detects Linked Accounts: The 5-Layer Fingerprint Model Explained
Amazon does not rely on a single signal to detect linked seller accounts. It runs a layered fingerprint model that cross-references registration data, network environment, device hardware, behavioral patterns, and financial instruments. Understanding each layer is the first step to building infrastructure that does not trigger false positives.
The Detection System Nobody Fully Explains
Every Amazon seller community talks about "account association." Forums are filled with stories of suspended accounts, frozen funds, and appeals that go nowhere. But most discussions focus on symptoms — what happened after detection — rather than the detection system itself.
Amazon's seller verification infrastructure is not a single check. It is a layered fingerprint model that continuously evaluates signals across five distinct dimensions. When signals from multiple layers correlate across two or more seller accounts, the system flags a potential link. If enough layers match, enforcement is automatic.
Understanding this model matters because most sellers inadvertently create correlations in layers they did not even know existed. And the common "solutions" — VPNs, anti-detect browsers, residential proxies — only address one or two layers while leaving the others exposed.
This article maps the complete detection model as it operates in 2026, explains what each layer checks, and describes what genuine infrastructure isolation looks like at every level.
Layer 1: Registration Information
This is the most obvious layer, and the one most sellers already know about.
Amazon cross-references the following registration data points across all seller accounts in its system:
Legal entity name and EIN. If two seller accounts share the same LLC name or EIN, they are instantly linked. This is a hard match — there is no gray zone.
Beneficial owner identity. Amazon collects the name, date of birth, and government ID of the person behind each seller account. If the same individual appears as the beneficial owner or authorized representative on multiple accounts, those accounts are linked.
Business address. Amazon checks the physical address registered to each account. If two accounts share the same address — including the same suite number — they are flagged. This is where CMRA addresses create massive problems: hundreds of businesses registered at the same address all share the same street address in Amazon's database.
Phone number and email domain. Shared phone numbers are an instant link. Shared email domains (especially custom domains) raise flags for manual review.
What this means for infrastructure: Each seller account needs its own legal entity (separate LLC), its own EIN, its own physical address with a unique suite number, and its own contact information. This is table stakes — necessary but not sufficient.
Layer 2: Network Environment
This is where most sellers get caught — and where most "anti-detection" solutions fail.
Amazon evaluates network signals on every session, not just at registration. The key signals:
IP address. If two seller accounts ever log in from the same IP address — even once — they are linked in Amazon's graph. That link is permanent. It does not expire. It does not get removed when you switch to a different IP.
ASN classification. Every IP address belongs to an Autonomous System Number (ASN), which identifies the network operator. Amazon's system classifies ASNs into categories: residential, commercial/business, datacenter/hosting, and mobile. Datacenter ASNs — which include all major VPN providers, cloud hosting services, and most proxy networks — are treated as high-risk signals. A seller account accessed from a datacenter ASN triggers elevated scrutiny.
IP geolocation vs. registration address. Amazon compares where your IP says you are to where your business registration says you are. If your LLC is in Wyoming but your IP geolocates to Shenzhen, that inconsistency is a signal. It does not cause instant suspension, but it raises the risk score and increases the probability of secondary review.
DNS resolver location. When your browser resolves a domain name, the DNS request goes to a resolver. The resolver's location is visible to Amazon. If your IP says Wyoming but your DNS resolver is in Asia, the inconsistency is logged.
What most sellers do wrong: They use VPNs or residential proxies that route through datacenter ASNs, share IP pools with thousands of other users, or create IP-geolocation mismatches that are trivially detectable. Anti-detect browsers change what the browser reports, but they cannot change the underlying network path.
What genuine isolation looks like: Each seller account operates through a dedicated ISP connection — a separate physical network line from a different internet service provider. The ASN is classified as residential or commercial (not datacenter). The IP geolocation matches the registered business address. No two accounts share any network infrastructure.
Layer 3: Device Fingerprint
This is the layer that anti-detect browsers target — and increasingly fail at.
Amazon collects hardware and software identifiers from every device that accesses Seller Central:
Browser fingerprint. This includes Canvas rendering output, WebGL renderer string, installed fonts, screen resolution, color depth, timezone, language settings, and dozens of other parameters. Taken together, these create a fingerprint that is nearly unique to each device.
Hardware identifiers. On desktop systems, Amazon can collect information about the CPU, GPU, available memory, and storage. On mobile devices, the device model and OS version are collected. These hardware signals are much harder to spoof than software parameters.
Cookie and local storage persistence. Amazon plants tracking cookies and uses local storage to maintain device identity across sessions. Clearing cookies does not fully reset this — Amazon uses multiple persistence mechanisms including ETags, HSTS pinning, and cached redirects.
The anti-detect browser problem: Tools like Multilogin, GoLogin, and AdsPower work by injecting noise into browser fingerprint parameters — they randomize Canvas output, spoof WebGL strings, and fake font lists. In 2024, this was somewhat effective. In 2026, Amazon's detection has evolved to identify the fingerprint manipulation itself.
Here is how: legitimate browsers produce fingerprint parameters that are internally consistent. A real machine with an Intel GPU produces a specific WebGL renderer string that correlates with specific Canvas output patterns. When an anti-detect browser reports an NVIDIA GPU but produces Canvas rendering characteristic of Intel integrated graphics, the inconsistency identifies it as a spoofed environment.
Amazon has also begun detecting the JavaScript injection patterns used by popular anti-detect browsers. The method signatures of Canvas noise injection, the timing patterns of WebGL calls intercepted by proxy objects, and the presence of automation-related browser APIs all create detectable fingerprints — not of the fake device being simulated, but of the anti-detect tool itself.
What genuine isolation looks like: Each seller account operates from a dedicated physical hardware node — a real computer with a real GPU, real CPU, and real operating system. There is nothing to spoof because nothing is fake. The device fingerprint is unique because the device is physically unique.
Layer 4: Behavioral Patterns
This is the subtlest layer and the hardest to address with technical solutions alone.
Amazon's machine learning models build behavioral profiles for each seller account over time:
Login patterns. What time do you typically log in? How long are your sessions? How frequently do you access the account? If two accounts have nearly identical login cadences — same times, same session lengths, same day-of-week patterns — that correlation is logged.
Operational patterns. How do you create listings? What is your typical workflow in Seller Central? How quickly do you navigate between pages? Even mouse movement patterns and click sequences can contribute to a behavioral profile.
Product and category overlap. If two accounts sell identical products, in identical categories, with similar pricing strategies, the correlation is evaluated in the context of other signals. Product overlap alone does not trigger suspension, but combined with other layer matches, it strengthens the association signal.
Customer service patterns. Response time, message templates, writing style, and resolution patterns all contribute to the behavioral fingerprint.
What this means: Behavioral isolation requires operational discipline. Different accounts should have genuinely different business operations — different product lines, different operational schedules, different management styles. This is not an infrastructure problem. It is a business design problem.
Layer 5: Financial Instruments
The final layer cross-references payment and banking information:
Bank account details. If two seller accounts deposit to the same bank account, they are instantly linked. This is a hard match with no tolerance.
Credit card BIN and issuer. Amazon records the BIN (Bank Identification Number) of credit cards used for seller fees. Cards from the same issuer, especially with sequential card numbers, raise flags.
Payment processor fingerprints. If you use the same Stripe or PayPal account to process payments for inventory across multiple Amazon accounts, the cross-reference is detectable through transaction metadata.
Tax information. If two accounts file tax documents with overlapping beneficial owner information, the link is established through IRS data matching.
What genuine isolation looks like: Each seller account uses a separate bank account, under a separate legal entity, with a separate EIN. Credit cards are issued by different banks. Payment processors are separate accounts.
How the Layers Interact
Amazon's system does not require all five layers to match before taking action. The detection model works on correlation strength:
Single-layer match: Logged but typically not actioned. Two accounts sharing a browser fingerprint parameter might be a coincidence. Two accounts in the same ZIP code is normal.
Two-layer match: Triggers manual review. Same IP address plus similar login times raises a flag that a human reviewer will examine.
Three-layer match: High confidence association. Same address plus same IP plus same device fingerprint is treated as a confirmed link. Enforcement is likely automatic.
Four or five-layer match: The system treats the accounts as definitively linked. Suspension of one or both accounts is the typical outcome, often with fund holds.
The critical insight is that each additional layer of genuine isolation dramatically reduces the probability of false correlation. If every layer is genuinely independent — different entity, different address, different network, different hardware, different bank — there is nothing for the system to correlate.
Why "Anti-Detection" Is the Wrong Framework
The fundamental problem with VPNs, anti-detect browsers, and residential proxies is that they are deception tools. They attempt to make one environment look like many environments. This is an arms race that sellers are losing.
Amazon invests billions in fraud detection. They hire the same machine learning researchers who build the detection systems at Google and Meta. The tools available to a seller — a $100/month browser plugin — are structurally outmatched by the detection infrastructure on the other side.
More importantly, deception-based approaches create a specific risk that genuine infrastructure does not: the risk of being caught deceiving. If Amazon detects that you are using an anti-detect browser, the inference is immediate — you are actively trying to hide something. That inference alone can trigger enforcement regardless of whether you are actually operating multiple accounts.
The alternative approach is not anti-detection. It is genuine isolation. When each seller account operates from infrastructure that is physically and legally independent, there is no deception to detect. The accounts are not linked because the infrastructure is not shared. Not because you made shared infrastructure look separate — but because it is separate.
What Genuine Infrastructure Isolation Looks Like
For each seller account, the full isolation stack includes:
Layer 1 — Registration: Separate LLC, separate EIN, separate physical address with unique suite number, separate phone number, separate email.
Layer 2 — Network: Dedicated ISP connection from a commercial internet service provider. Not a VPN. Not a proxy. A real ISP line with a residential or commercial ASN classification. IP geolocation matches the registered business address.
Layer 3 — Device: A dedicated physical hardware node at the registered address. Real hardware, real operating system, no virtualization layer, no fingerprint spoofing. Accessed remotely via standard RDP or remote desktop — not through an anti-detect browser.
Layer 4 — Behavior: Operational discipline — different business operations, different schedules, different product strategies for each account.
Layer 5 — Financial: Separate bank account under the separate LLC, separate credit card from a different issuer, separate payment processor accounts.
When all five layers are genuinely independent, the association risk approaches zero — not because you defeated a detection system, but because there is nothing to detect.
The Bottom Line
Platform approval decisions are made solely by the respective institution. No infrastructure provider can guarantee outcomes. But the logic of detection systems is clear: they look for correlations across layers. Genuine isolation eliminates correlations. Deception-based tools attempt to hide correlations — and when that hiding fails, the consequences are worse than having no protection at all.
The question for sellers is not "how do I avoid detection." The question is "does my infrastructure create correlations that do not need to exist?"
If the answer is yes, the solution is not better hiding. It is better infrastructure.
*Related reading:*
[Why Shared Exit IPs Are Killing Your Stripe Account — and How Dedicated 5G Uplinks Fix It](/blog/dedicated-5g-uplinks-shared-ip-stripe)
[Physical Address for Amazon FBA Sellers: What Actually Works in 2026](/blog/physical-address-amazon-fba-seller-2026)
[Chinese Amazon Sellers: US Business Address & Store Setup Guide 2026](/blog/chinese-amazon-seller-us-address-store-setup-2026)
[Why VPM and PostScan Mail Fail Amazon Video Verification](/blog/vpm-postscan-fail-amazon-video-verification)
[Building a Bulletproof Seller Infrastructure: Real Address, Real Network, Real Presence](/blog/bulletproof-seller-infrastructure-real-address-network)