Decrease account takeovers and multiple account signups by tracking user devices. Create a unique ID based on thousands of device data points, and cross-reference them to understand how users behave online - even after they reinstall or update their browser. You can learn more from our resources to understand how device fingerprinting helps in fraud prevention.
What is Device Fingerprinting?
When users access your platform, they must do so with two things: a device with a web browser or mobile application, and an Internet connection which retrieves an IP address. This means two data sources are always present, whether it’s at signup, login, checkout, or even when browsing a page. With the right tools, we can extract a lot of useful information about these two.
Combining numerous data points from the browser and device is what we call fingerprinting: a clear picture of how the user is connecting to your service. It lets us understand user behaviour, and more importantly, flag potential fraudsters.
Why is it Efficient?
Fraudsters often buy or steal long lists of card numbers and login details. To use them, they must employ a trial and error method. The repetitive nature of this process means it’s near impossible for fraudsters to change devices every time. They are left with a few options:
- Clearing the browser cache
- Switching browsers
- Using private or incognito mode
- Using virtual machines that make it look like new devices
- Using advanced tools such as FraudFox, AntiDetect, Kameleo, Linken sphere or MultiLogin
- Using emulators to spoof mobile devices
This is precisely where Device Fingerprinting can help. If, say, we see a user is constantly clearing their browser cache before multiple login attempts with different IDs, but the same IP address – this points to clear account takeover attempts.
Likewise, a user whose device generates a hash pointing to an emulator should also be considered high risk.
However, while device fingerprinting is a great anti-fraud tool, it is not always powerful enough on its own. For instance, analyzing IP and device data at payment is a good start, but the payment information is a lot more likely to yield red flags. Device fingerprinting is therefore a more efficient technique when combined with other data analysis methods.
How Does Device Fingerprinting Work?
SEON’s Scoring Engine can use any collected and generated data fields for the scoring algorithm. Custom rules can be created based on them, or they can be added to black/white lists. Machine learning and heuristic rule creation module is also taking into algorithm these data fields.
What are Hashes and How Do They Help?
One of the most important features of our device fingerprinting tool is the generation of specific hashes. You can think of them as unique IDs, created based on specific parameters.
Based on Collected Parameters
- Cookie Hash
Generated ID of the browser cookie session. If 2 users share this, it’s certain they are using the same browser and device. If the browser’s cookie and cache is being cleared, a new cookie hash will be associated with the device.
- Browser Hash
Generated ID of the browser environment using all the collected data from browser, operation system, device, and network. If 2 users share this, it’s almost certain they are using the same browser and device. In the case of some mobile devices, it might be possible that 2 different users have the same browser hash, because of the same browser, operation system, and hardware environment. If the browser’s cookie and cache is being cleared, the browser hash stays the same.
- Device Hash
Generated ID of the device hardware environment through canvas and html5 based fingerprinting. This is usually not unique amongst users devices. For example, if 2 users are both using iPhone 7, it will be the same. This is useful to detect virtual machines, RDPs, or emulators (e.g. AntiDetect, FraudFox, Multiloginapp) as they also have the same device hash. If a fraudster uses a browser extension to spoof html5 canvas, it will be unique (no other users will have the same), therefore it will be higher risk.