Block multi-accounting with Device Fingerprinting

Device Fingerprinting is one of the most effective tools to counter multi-accounting. SEON's device fingerprinting solutions help you detect fraudsters as early as possible. Keep bad actors off your platform – full stop. Rather than waste resources fighting them when they're already inside.

Multi-accounting is not automatically evil. Simply put, it's nothing more than the same person having several profiles on an online platform or service. However, for some services, like online gambling and casinos, it's a hugely problematic fraud vector.

Say you join an online poker tournament. You join a virtual table, and the game begins. Your success depends entirely on your skill, that of your opponents, and some luck.

Now imagine you have two profiles at the same table or three. Your chances of winning have skyrocketed compared to your opponents'. You pocket the winnings repeatedly – but ruin the fun for everybody else and damage the platform's reputation and bottom line.

Device fingerprinting generates a unique identifier for each device by analyzing numerous attributes, making it one of the most effective methods for detecting fraudulent activity. This process involves:

1. Hardware and Software Analysis
   • Capturing device attributes such as CPU type, GPU details, available memory, and screen resolution to build a unique device profile.
   • Identifying discrepancies when users attempt to spoof their device by modifying software settings or using virtual machines.
2. Browser and Network Configuration
   • Monitoring browser parameters like user-agent strings, installed plugins, timezone, language settings, and Do Not Track (DNT) status.
   • Detecting mismatches between declared user settings and actual device configurations, which often indicate fraud attempts.
3. IP and Geolocation Tracking
   • Verifying the consistency of IP addresses, geolocation data, and VPN or proxy usage to detect anonymization attempts.
   • Cross-referencing geolocation data with expected user behavior to flag suspicious access patterns.

By leveraging these techniques, businesses can:

• Identify Multiple Accounts from a Single Device: Detect when multiple accounts originate from the same device, signaling potential fraud.
• Monitor Suspicious Behavior: Track device usage patterns to identify anomalies like rapid account creation or simultaneous logins.
• Enhance User Verification: Strengthen authentication processes by combining device fingerprinting with other verification methods.

Cryptocurrency Exchanges

Fraudsters exploit anonymity in crypto platforms to create multiple accounts, leading to bonus abuse and market manipulation. Device fingerprinting helps by:

• Detecting multiple accounts tied to the same device.
• Blocking users who frequently change IP addresses to evade detection.
• Preventing wash trading and other market manipulation tactics.

Digital Banking

Fraudulent activities such as synthetic identity fraud and referral abuse are common in digital banking. SEON’s technology supports:

• KYC and AML Compliance: Ensuring each account corresponds to a unique device, strengthening fraud prevention.
• Referral Program Integrity: Identifying users attempting to exploit sign-up bonuses by linking multiple accounts to the same device.

iGaming and Gambling

Multi-accounting in iGaming leads to unfair advantages and bonus abuse. SEON’s device fingerprinting helps in:

• Detecting Multiple Accounts: Identifying players using multiple accounts to cheat.
• Blocking Bonus Abuse: Preventing users from repeatedly claiming promotional rewards.

Ensuring Fair Play

: Monitoring player behavior to maintain platform integrity.

SEON’s device fingerprinting solutions integrate seamlessly into fraud prevention frameworks, offering real-time analysis and detection.

1. Setting Custom Rules to Flag Suspicious Multi-Accounting Patterns

• Detect Multiple Accounts from the Same Device
  • A digital bank notices excessive registrations from one device. A rule flags devices with more than two new accounts in 24 hours, prompting further investigation.
• Identify Device Spoofing and Emulators
  • A crypto exchange detects an emulated device, indicating an attempt to bypass security measures.
• Match Devices Across Accounts Using Browser and OS Hashes
  • An iGaming site finds identical device identifier hashes across multiple accounts, automatically flagging them for review.

2. Utilizing Velocity Rules to Detect Rapid and Unusual Activity

• Prevent Mass Account Registrations
  • An e-commerce site running a referral program detects multiple sign-ups from a single device identifier within minutes. A velocity rule triggers alerts when more than five registrations occur in an hour.
• Identify Synchronized Account Logins
  • A sportsbook notices multiple accounts logging in and placing identical bets from the same device, signaling arbitrage betting schemes.
• Block Bonus Abusers Using Payment Data
  • A fintech platform flags multiple accounts linked to the same payment method, preventing fraudulent cashback and sign-up bonus exploitation.

SEON's device fingerprinting tools are designed to catch fraudsters like multi-accounters and bonus abusers. Here's a quick list of some of the best rules you can set up to counter fraud efficiently.

Device Fingerprinting in rules

Using SEON's Scoring Engine, you can add any device fingerprinting data point to rules. Feel free to experiment with all rule parameter types: data match, compare, and velocity rules. Let's take a look at a few examples:

Compare rule: Jailbroken device is equal to true

• Jailbreaking a device allows users to install apps and tools that would otherwise not be permitted on the platform. These can include fraud tools and spoofing technology.

Data match rule: Device IP country is equal to User country

• This simple rule checks whether the device being used to access your site is actually in the country the user has specified when creating their account. Simple discrepancies like these often point to fraud.

Velocity rule: Cookie hash is equal Number of transactions in the last 1 week in current and previous transactions where Cookie hash is equal to current value and Action type is equal to account_register is greater than 5.

• Cookie hashes are highly unique, and if two distinct users share a cookie hash, you can be sure the same user created them. This rule checks whether the same cookie hash has appeared in several account registration attempts over the past week.

Did you know: You can duplicate a Default Rule and tweak its original settings as a Custom Rule to adjust SEON's default setup to your fraud prevention needs.

While you'll catch opportunistic fraudsters easily with compare and data match rules, you'll get the most bang for your buck with velocity rules.
Velocity rules range from simple to highly detailed and can be used effectively to hone in on fraud rings trying to exploit your business. Let's dive into a few more examples:

Example 1: Number of transactions in the last 2 hours in current and previous transactions where Browser hash is equal to current value AND Password hash is equal to current value is greater than 1.

• Similar devices and user profiles can share browser hashes. However, fraudsters often use the same password for all their fraudulent accounts. As a result, you can quickly block fraud rings trying to set up multiple accounts from similar devices by checking the password hash alongside device data.

Example 2: Number of transactions in the last 1 hour in current and previous transactions where Action type is equal to account_register AND Card hash is equal to current value AND Browser hash is equal to current value is greater than 5.

• Another one to catch less sophisticated fraudsters. If you collect card details during account creation, you can connect different accounts based on the card used, even when customers try to mask other account details.

By implementing SEON’s advanced device intelligence technology, businesses can proactively detect and prevent multi-accounting, ensuring a secure and fair environment for all users. Whether for cryptocurrency, digital banking, iGaming, or e-commerce, customizable rules, velocity monitoring, and multi-layered fraud detection provide actionable insights to block fraudsters before they impact your business.

How Multi-accounting affects your business is highly industry and use-case dependent. While you might only want to block every 5th account in iGaming, the same can't be said for loan applications. For example, when running a bonus campaign, you might not want to block all multi-accounting users as it's expected behavior rather than fraud. To a degree, at least...

Learn more: Brush up on what SEON's different hashes can offer, then add all your multi-accounting rules to a rule category and unlock powerful tools. Read up on rule categories here.