How is Device Fingerprinting Integrated?
SEON’s Scoring Engine can use any collected and generated data fields for the scoring algorithm. Custom rules can be created based on them, or they can be added to black/white lists. Machine learning and heuristic rule creation module is also taking into algorithm these data fields.
List of collectible parameters
- Cookie Hash
Generated ID of the browser cookie session. If 2 users share this, it’s certain they are using the same browser and device. If the browser’s cookie and cache is being cleared, a new cookie hash will be associated with the device.
- Browser Hash
Generated ID of the browser environment using all the collected data from browser, operation system, device, and network. If 2 users share this, it’s almost certain they are using the same browser and device. In the case of some mobile devices, it might be possible that 2 different users have the same browser hash, because of the same browser, operation system, and hardware environment. If the browser’s cookie and cache is being cleared, the browser hash stays the same.
- Device Hash
Generated ID of the device hardware environment through canvas and html5 based fingerprinting. This is usually not unique amongst users devices. For example, if 2 users are both using iPhone 7, it will be the same. This is useful to detect virtual machines, RDPs, or emulators (e.g. AntiDetect, FraudFox, Multiloginapp) as they also have the same device hash. If a fraudster uses a browser extension to spoof html5 canvas, it will be unique (no other users will have the same), therefore it will be higher risk.
What else does SEON's device fingerprinting track?
Our scoring algorithm recognizes suspicious tools, setups and settings on desktop and mobile devices. We base this on specific characteristics our data science team discovered with fraud and bot attempts. This gives you more accuracy in detecting fraud.
Some of the device characteristics we assign varying levels of risk score include:
- Browsers specifically designed to get around many existing fraud solutions such as Indigo, Sphere, Linken Sphere, GoLogin, Accovod, Ghost Browser, Kameleo, Cydec, MultiLogin, AntBrowser, ClonBrowser, XLogin, VM Login, Ads Power, Incognition, Undetectable, HydraProxy, Che Browser, and Octobrowser:
- Privacy browsers such as Tor and Brave:
- Browser spoofing
- Browser version age
- Rare browser environments
- Browser anti-fingerprinting extensions such as AdBlock Plus, AdBlocker Ultimate, AudioContext Fingerprint Defender, Canvas Blocker, Canvas Fingerprint Defender, CyDec Platform Anti-Fingerprinting, Disconnect, DuckDuckGo Privacy Essentials, Fingerprint Spoofing, Ghostery, Font Fingerprint Defender, Privacy Badger, Script Safe, WebGL Fingerprint Defender, DOM blockers:
- Unpopular screen resolutions
- Common combinations of bots, automation, or testing tools such as Selenium, Headless Chrome, Headless Firefox, PhantomJS
- VM environments such as VMware and VirtualBox
- Combination of suspicious browser profiles:
- The riskiness of the browser
- Device, font, WebGL, or canvas hashes
- Number of audio inputs and outputs plus video inputs in the browser
Associating specific and higher scoring levels for unusual setups allows you to detect fraudsters and unnoticeable large-scale attempts by bots. You also have the flexibility and control to fine-tune this risk scoring.