Device Fingerprinting

Decrease account takeovers and multiple account signups by tracking user devices. Create a unique ID based on thousands of device data points, and cross-reference them to understand how users behave online - even after they reinstall or update their browser. You can learn more from our resources to understand how device fingerprinting helps in fraud prevention.

 

What is Device Fingerprinting?

When users access your platform, they must do so with two things: a device with a web browser or mobile application, and an Internet connection which retrieves an IP address. This means two data sources are always present, whether it’s at signup, login, checkout, or even when browsing a page. With the right tools, we can extract a lot of useful information about these two.

Combining numerous data points from the browser and device is what we call fingerprinting: a clear picture of how the user is connecting to your service. It lets us understand user behaviour, and more importantly, flag potential fraudsters.

 

 

Why is it Efficient?

Fraudsters often buy or steal long lists of card numbers and login details. To use them, they must employ a trial and error method. The repetitive nature of this process means it’s near impossible for fraudsters to change devices every time. They are left with a few options:

  • Clearing the browser cache 
  • Switching browsers
  • Using private or incognito mode
  • Using virtual machines that make it look like new devices
  • Using advanced tools such as FraudFox, AntiDetect, Kameleo, Linken sphere or MultiLogin
  • Using emulators to spoof mobile devices

This is precisely where Device Fingerprinting can help. If, say, we see a user is constantly clearing their browser cache before multiple login attempts with different IDs, but the same IP address – this points to clear account takeover attempts.

Likewise, a user whose device generates a hash pointing to an emulator should also be considered high risk. 

However, while device fingerprinting is a great anti-fraud tool, it is not always powerful enough on its own. For instance, analyzing IP and device data at payment is a good start, but the payment information is a lot more likely to yield red flags. Device fingerprinting is therefore a more efficient technique when combined with other data analysis methods.

 

How Does Device Fingerprinting Work?

The first step is to integrate SEON’s code into your platform. This is done either via Javascript, iOS SDK, or Android SDK. This code lets us collect parameters about the user, and reveals them through the SEON interface.
 

Javascript Snippet and SDK

The Device Fingerprint tool collects the information using a lightweight JavaScript snippet or SDK embedded on the web platform or mobile application of our client. 

SEON’s lightweight JavaScript snippet can be easily embedded on your web application to uniquely identify devices.

SEON’s Scoring Engine can use any collected and generated data fields for the scoring algorithm. Custom rules can be created based on them, or they can be added to black/white lists. Machine learning and heuristic rule creation module is also taking into algorithm these data fields.
 

What are Hashes and How Do They Help?

One of the most important features of our device fingerprinting tool is the generation of specific hashes. You can think of them as unique IDs, created based on specific parameters.


Generated Hashes 

Based on Collected Parameters

  • Cookie Hash
    Generated ID of the browser cookie session. If 2 users share this, it’s certain they are using the same browser and device. If the browser’s cookie and cache is being cleared, a new cookie hash will be associated with the device.
  • Browser Hash 
    Generated ID of the browser environment using all the collected data from browser, operation system, device, and network. If 2 users share this, it’s almost certain they are using the same browser and device. In the case of some mobile devices, it might be possible that 2 different users have the same browser hash, because of the same browser, operation system, and hardware environment. If the browser’s cookie and cache is being cleared, the browser hash stays the same.
  • Device Hash 
    Generated ID of the device hardware environment through canvas and html5 based fingerprinting. This is usually not unique amongst users devices. For example, if 2 users are both using iPhone 7, it will be the same. This is useful to detect virtual machines, RDPs, or emulators (e.g. AntiDetect, FraudFox, Multiloginapp) as they also have the same device hash. If a fraudster uses a browser extension to spoof html5 canvas, it will be unique (no other users will have the same), therefore it will be higher risk.

 

JavaScript Snippet

iOS SDK

Android SDK

Collected Parameters
from Browsers

Collected Parameters
from iOS Devices

Collected Parameters
from Android Devices

  • Cookie hash
  • Browser hash
  • Unique device hash / identifier
  • Timezone of browser and IP
  • Operating system detection
  • Useragent information
  • Private browsing detection
  • Operating system, browser languages
  • Screen size of device, browser, windows
  • Installed fonts and generated hash
  • Installed plugins and generated hash
  • Battery level
  • GPU information
  • Cursor, scrolling behaviour
  • Browser features: flash, java etc.
  • Canvas device fingerprint
  • Audio fingerprint
  • WebRTC IPs
  • DNS: Geo + ISP
  • TCP/IP Fingerprint
  • Passive SSL/TLS handshake analysis

 

 

 

 

 

  • Unique device hash / identifier
  • Accessories information
  • Audio information
  • Battery information
  • CPU information
  • Advertising Identifier (ADID)
  • Device name
  • Device orientation
  • Unique Device Identifier (UDID)
  • iCloud ubiquity token
  • iOS version data
  • Jailbreak status
  • Emulator detection
  • Kernel information
  • Boot information
  • Network configuration
  • Pasteboard data
  • Memory information
  • Proximity sensor data
  • Local language
  • Local timezone
  • Screen brightness
  • Screen resolution
  • System uptime
  • Storage information
  • MAC address
  • Wifi SSID
  • TCP/IP Fingerprint
  • Passive SSL/TLS handshake analysis
  • Unique device hash / identifier
  • Android ID
  • Android version data
  • Audio information
  • Battery information
  • Build information
  • Carrier information
  • CPU information
  • Device name
  • Storage information
  • Emulator detection
  • Root status
  • Kernel information
  • Boot information
  • Network configuration
  • Pasteboard data
  • Memory information
  • Proximity sensor data
  • Local language
  • Local timezone
  • Screen brightness
  • Screen resolution
  • System uptime
  • MAC address
  • Wifi SSID
  • TCP/IP Fingerprint
  • Passive SSL/TLS handshake analysis
     

 

 

 

?Got a question

Talk to sales