Yes. A number of systems now use a number of criteria to assess the posture of a potential login or a transaction. They will typically use data that they can reasonably collect or know and aggregate the intelligence and posture across all users that use their systems globally. For example (there are other metrics)

• Who the user is
• What their usual transactions look like
• Where they say they usually located
• IP addresses and locations that they have used in the past
• The reputation of those IP addresses
• Whether the device being used has been seen previously and whether the locale and user agent of the device matches previous transactions
• Etc

if something looks out of the ordinary, the service if it can might ask for a 2nd factor authentication when a transaction seems unusual from the list of above typical metrics (or any others it has access to). For example from a new device, or in this instance suddenly from a different country or an IP address of poor reputation, especially when the last previous login was in a different geographical region and it would be impossible for the person to have flown in that time. Conversely using a WiFi connection at a transport hub or as you travel can actually help systems profile you as travelling somewhere and be less paranoid about new connections in a new location.

Systems will where possible learn the networks that a user typically uses... Work, Home ISP, Mobile ISP, WiFi in their local hospitality venues. If they pop up in a new coffee bar in the same country then this will usually be seen as low risk. But pop up on an IP with poor reputation in another country suddenly, this would hopefully be seen high risk and further checks instigated to protect.

If the user has a regular pattern of using public VPNs then there will be a pattern of jumping about between IP addresses in various places typically with a poor reputation. The login systems can of course profile this as part of this user's typical behaviour, but with a certain amount of blindness, but they won't be able to get a richness of quality data about those connections compared to using network connections directly.

How do I know this - experience of how globally mobile users are profiled by global systems for $dayjob and how public VPNs make a mess of the intelligence that can protect them.

Banks in particular are now using this kind of data to comply with PSD2 (Payment Services Directive) to protect financial transactions. Take a user who makes most of their purchases in Country A, but does most of their online purchases from random IPs in Countries B, C and D. What does the bank do when it sees a new online transaction for Country E, is it high risk?

Public VPNs eliminate a layer of data intelligence and lump your connectivity in with a bunch of other ne'er-do-wells. And the encryption the VPNs typically offer isn't offering anything significant over the native encryption these sites deploy.