Device Fingerprinting

How is Device Fingerprinting Integrated?

The first step is to integrate SEON’s code into your platform. This is done either via Javascript, iOS SDK, or Android SDK. This code lets us collect parameters about the user, and reveals them through the SEON interface.

SEON uses device fingerprinting to collect information on user devices and make more informed decisions. Learn more about how you can use device fingerprinting in fraud prevention here
 

Javascript Snippet and SDK

The Device Fingerprint tool collects the information using a lightweight JavaScript snippet or SDK embedded on the web platform or mobile application of our client. 

SEON’s lightweight JavaScript snippet can be easily embedded on your web application to uniquely identify devices.

SEON’s Scoring Engine can use any collected and generated data fields for the scoring algorithm. Custom rules can be created based on them, or they can be added to black/white lists. Machine learning and heuristic rule creation module is also taking into algorithm these data fields.
 

List of collectible parameters

  • Cookie Hash
    Generated ID of the browser cookie session. If 2 users share this, it’s certain they are using the same browser and device. If the browser’s cookie and cache is being cleared, a new cookie hash will be associated with the device.
  • Browser Hash 
    Generated ID of the browser environment using all the collected data from browser, operation system, device, and network. If 2 users share this, it’s almost certain they are using the same browser and device. In the case of some mobile devices, it might be possible that 2 different users have the same browser hash, because of the same browser, operation system, and hardware environment. If the browser’s cookie and cache is being cleared, the browser hash stays the same.
  • Device Hash 
    Generated ID of the device hardware environment through canvas and html5 based fingerprinting. This is usually not unique amongst users devices. For example, if 2 users are both using iPhone 7, it will be the same. This is useful to detect virtual machines, RDPs, or emulators (e.g. AntiDetect, FraudFox, Multiloginapp) as they also have the same device hash. If a fraudster uses a browser extension to spoof html5 canvas, it will be unique (no other users will have the same), therefore it will be higher risk.

 

JavaScript Snippet

iOS SDK

Android SDK

Collected Parameters
from Browsers

Collected Parameters
from iOS Devices

Collected Parameters
from Android Devices

  • Cookie hash
  • Browser hash
  • Unique device hash / identifier
  • Timezone of browser and IP
  • Operating system detection
  • Useragent information
  • Private browsing detection
  • Operating system, browser languages
  • Screen size of device, browser, windows
  • Installed fonts and generated hash
  • Installed plugins and generated hash
  • Battery level
  • GPU information
  • Browser features: flash, java etc.
  • Canvas device fingerprint
  • Audio fingerprint
  • WebRTC IPs
  • DNS: Geo + ISP

 

 

 

 

 

 

 

 

 

  • Unique device hash / identifier
  • Accessories information
  • Audio information
  • Battery information
  • CPU information
  • Advertising Identifier (ADID)
  • Device name
  • Device orientation
  • Unique Device Identifier (UDID)
  • iCloud ubiquity token
  • iOS version data
  • Jailbreak status
  • Emulator detection
  • Kernel information
  • Boot information
  • Network configuration
  • Pasteboard data
  • Memory information
  • Proximity sensor data
  • Local language
  • Local timezone
  • Screen brightness
  • Screen resolution
  • System uptime
  • Storage information
  • MAC address
  • Wifi SSID
  • TCP/IP Fingerprint
  • Passive SSL/TLS handshake analysis
  • Unique device hash / identifier
  • Android ID
  • Android version data
  • Audio information
  • Battery information
  • Build information
  • Carrier information
  • CPU information
  • Device name
  • Storage information
  • Emulator detection
  • Root status
  • Kernel information
  • Boot information
  • Network configuration
  • Pasteboard data
  • Memory information
  • Proximity sensor data
  • Local language
  • Local timezone
  • Screen brightness
  • Screen resolution
  • System uptime
  • MAC address
  • Wifi SSID
  • TCP/IP Fingerprint
  • Passive SSL/TLS handshake analysis
     

 

 

 

What else does SEON's device fingerprinting track?

Our scoring algorithm recognizes suspicious tools, setups and settings on desktop and mobile devices. We base this on specific characteristics our data science team discovered with fraud and bot attempts. This gives you more accuracy in detecting fraud.

Some of the device characteristics we assign varying levels of risk score include:

  • Browsers specifically designed to get around many existing fraud solutions such as Indigo, Sphere, Linken Sphere, GoLogin, Accovod, Ghost Browser, Kameleo, Cydec, MultiLogin, AntBrowser, ClonBrowser, XLogin, VM Login, Ads Power, Incogniton, Undetectable, HydraProxy, Che Browser, Octobrowser, and Dolphin{anty}:
Browsers commonly used by fraudsters SEON can detect.
  • Privacy browsers such as Tor, Brave, and DuckDuckGo
  • Browser spoofing
  • Browser version age
  • Rare browser environments
  • Browser anti-fingerprinting extensions such as AdBlock Plus, AdBlocker Ultimate, AudioContext Fingerprint Defender, Canvas Blocker, Canvas Fingerprint Defender, CyDec Platform Anti-Fingerprinting, Disconnect, DuckDuckGo Privacy Essentials, Fingerprint Spoofing, Ghostery, Font Fingerprint Defender, Privacy Badger, Script Safe, WebGL Fingerprint Defender, DOM blockers:
     
Anti-fingerprinting and privacy plugins SEON can detect.
  • Unpopular screen resolutions
  • Common combinations of bots, automation, or testing tools such as Selenium, Headless Chrome, Headless Firefox, PhantomJS
  • VM environments such as VMware and VirtualBox
VM environments
  • Combination of suspicious browser profiles:
    • The riskiness of the browser
    • Device, font, WebGL, or canvas hashes
    • Number of audio inputs and outputs plus video inputs in the browser

Associating specific and higher scoring levels for unusual setups allows you to detect fraudsters and unnoticeable large-scale attempts by bots. You also have the flexibility and control to fine-tune this risk scoring.