Understanding hashes
Updated on 09.10.24
6 minutes to read
Copy link
Overview
Gather information about the devices customers are using to access your service with SEON's Device fingerprinting. This information includes hardware and software settings which can help you track down fraudsters and detect suspicious configurations.
Rely on SEON's three hashes to save you trouble, time and money, instead of manually reviewing dozens of configurations to see if seemingly independent events are connected (take multi-accounting attempts, for example).
What is a hash?
Simply put, a hash is a string of numbers and letters containing information about the desktop or mobile device someone uses to access your service. It is an accumulation of the device data we gather.
They're based on several data points our device fingerprinting team carefully selected to ensure you're always catching the bad guys. While these seemingly random combinations of characters might not tell you much, they help immensely when connecting different transactions or users.
You don’t want to jump to conclusions though: one match in itself might not be concrete proof, but combined with other data points, you can make sure you only block transactions that need to be blocked. With SEON, you get three different hashes through device fingerprinting, making transaction monitoring process faster and more accurate.
Device hash
The device hash is a specific identifier based on the hardware of the device. It is generated based on multiple data points hand-picked by our Device Fingerprinting team.
JavaScript SDK (desktop + mobile devices)
Two identical devices with the same hardware will share a hash. However, customers who share device hashes are not necessarily related. They may simply own the same type of device.
While a device hash in itself might not be enough to connect two transactions or users, we recommend using it for blacklists if there are bad actors who share a hash or as an extra parameter for rules, if needed. It’s also worth mentioning that this hash is the hardest to change, as it is unlikely that a fraudster will switch to a different device with each transaction.
iOS and Android SDK (mobile devices)
When using the iOS/Android SDK, this is the only hash you can work with. Luckily, for Android and iOS devices, this is a highly unique identifier, including specifications that allow you to make informed and confident decisions: if a user shares the same mobile device hash with someone else, they are most likely using the same device.
Browser hash
The browser hash is a unique identifier based on the complete browser profile, built on hardware, network, and browser characteristics.
You can use browser hashes to make connections between shared devices. This may occur if they have precisely the same hardware, software, and settings profile.
If the user clears the browser’s cookie and storage cache, the browser hash will not change. Likewise, if someone is browsing using Incognito or Private tabs, then the same ID will be returned.
Additional hashes
In addition to the primary hashes, SEON provides additional useful hashes to enhance your fraud detection capabilities:
Math Hash (JS SDK)
The math hash is based on calculating different math function outputs from the device. By evaluating the results of various mathematical operations, this hash creates a unique identifier that helps distinguish between devices, adding an extra layer of security.
Mime Type Hash (JS SDK)
The mime type hash is based on the supported media types and formats in the browser. This hash helps identify specific configurations related to media handling and document processing. Different browsers support different MIME types, making this a useful identifier for distinguishing between browser types.
System Colors Hash (JS SDK)
The system colors hash is generated based on different built-in base font colors and sizes. By evaluating the default system color settings, this hash provides a unique identifier that can be used to differentiate between devices with distinct visual configurations.
Using hashes to fight fraud
In addition to all the individual device fingerprinting data points, having three separate hashes means that you have more information to easily utilize and base automated decisions on. By using device, browser, and cookie hashes together with other parameters, you can easily flag a user as high risk when they have made repetitive, suspicious requests, blocking their attempts at fraud.
SEON comes out of the box with a set of default rules that use hashes to filter out typical fraudulent behavior. Of course, setting up your own custom rules allows you to build a fraud-fighting powerhouse finetuned to your industry and business; using hashes in custom rules is the best way to get started.