Get started with Device Fingerprinting Rules

Updated on 24.04.23
6 minutes to read
Copy link


You only truly unlock the full fraud-fighting potential of SEON's device fingerprinting solutions when you start using the data they collect in rules. Several of SEON's default rules already apply this data to block fraud. Get started customizing your account with custom rules for common use cases with our quick guide.


When Device Fingerprinting takes the stage

Device fingerprinting is an effective counter to several common types of fraud, especially when the same fraudster tries to pose as several distinct people.

  • Bonus abuse happens when the same customer takes advantage of the same discount code, signup bonus, or similar incentive several times for financial gain.
  • Account takeover attempts see nefarious actors gain control of real accounts. They are the gateway to fraudulent product orders, money transfers, and the unauthorized withdrawal of funds.
  • Fake reviews & feedback are used to trick customers into trusting fraudsters and scammers. Blocking spammy reviews from similar devices can thwart a fraud ring.
  • Affiliate fraud is when marketing affiliates place several fake orders through their links for financial gain. These schemes also conceal the actual efficiency of your affiliate marketing and sales network.
  • Avoiding bans can be a problem, as users are usually only blocked from a platform for good reasons. Closing the door to have blocked users climb in through the window isn't very effective.


Put a stop to bonus abuse

Device fingerprinting rules can range from simple checks to comprehensive behavior analysis using SEON's velocity rules. Let's take a look at a few examples.

Example 1: Number of transactions in the last 2 hours in current and previous transactions where Browser hash is equal to current value AND Bonus campaign ID is equal to current value is greater than 5.

  • This relatively simple velocity rule uses SEON's device hash to track the devices used to complete transactions using a promo code rather than connecting these orders to user IDs only.

Example 2: Suspicious browser profile contains spoofing & Number of transactions in the last 30 minutes in previous and current transactions where password hash is equal to current value is greater or equal to 2.

  • This custom rule takes inspiration from SEON's HC125 default rule and couples it with a password hash check. Fraudsters often try to spoof device fingerprinting (that is, hide the actual characteristics of their device) and use the same password for all of their fraudulent accounts. As a result, this rule may connect fraudsters even when their device details are hidden.


Catch account takeover attempts

Blocking account takeovers (ATOs) benefits you and your customers. Your customers will grow to trust you as a platform that takes their security seriously, while you can protect your bottom line from chargebacks and refunds caused by fraudulent activity.

Catching ATOs focuses on highlighting if a user has user the same device before to calculate the risks associated with their actions. SEON has a collection of default rules to help you block ATOs from day one, with minimal setup required.

Example: Number of unique Device hash in the last 1 day in current and previous transactions where User ID is equal to current value is greater than 2 - Modify score + 2 & Number of unique IP address in the last 1 day in current and previous transactions where User ID is equal to current value is greater than 2

  • SEON's Default Rule UC112 flags if a customer is using a new device from a previously unseen IP address. You can enable it on the Default Rules tab of the Scoring Engine. (Head to the Login Rules rule category.)


Stopping multi-accounting

Multi-accounting happens when the same user creates several accounts on the same platform for financial gain. While often also tied to bonus abuse, multi-accounting is the gateway to more specific fraud types, such as: affiliate fraud, arbitrage, online load fraud, and more.