Understanding hashes

Updated on 28.07.23
6 minutes to read
Copy link


Gather information about the devices customers are using to access your service with SEON's Device fingerprinting. This information includes hardware and software settings which can help you track down fraudsters and detect suspicious configurations. 

Rely on SEON's three hashes to save you trouble, time and money, instead of manually reviewing dozens of configurations to see if seemingly independent events are connected (take multi-accounting attempts, for example).


What the hash?

So what exactly is a hash? Simply put, a hash is a string of numbers and letters containing information about the desktop or mobile device someone uses to access your service. It is an accumulation of the device data we gather.

They're based on several data points our device fingerprinting team carefully selected to ensure you're always catching the bad guys. While these seemingly random combinations of characters might not tell you much, they help immensely when connecting different transactions or users.

You don’t want to jump to conclusions though: one match in itself might not be concrete proof, but combined with other data points, you can make sure you only block transactions that need to be blocked. With SEON, you get three different hashes through device fingerprinting, making transaction monitoring process faster and more accurate. 


Device hash

The device hash is a specific identifier based on the hardware of the device. It is generated based on multiple data points hand picked by our Device Fingerprinting team.

JavaScript Agent (desktop + mobile devices)

Two identical devices with the same hardware will share a hash. However, customers who share device hashes are not necessarily related. They may simply own the same type of device.

While a device hash in itself might not be enough to connect two transactions or users, we recommend using it for blacklists if there are bad actors who share a hash or as an extra parameter for rules, if needed. It’s also worth mentioning that this hash is the hardest to change, as it is unlikely that a fraudster will switch to a different device with each transaction.

iOS and Android SDK (mobile devices)

When using the iOS/Android SDK, this is the only hash you can work with. Luckily, for Android and iOS devices, this is a highly unique identifier, including specifications that allow you to make informed and confident decisions: if a user shares the same mobile device hash with someone else, they are most likely using the same device.


Browser hash

The browser hash is a unique identifier based on the complete browser profile, built on hardware, network, and browser characteristics.

You can use browser hashes to make connections between shared devices. This may occur if they have precisely the same hardware, software, and settings profile.

If the user clears the browser’s cookie and storage cache, the browser hash will not change. Likewise, if someone is browsing using Incognito or Private tabs, then the same ID will be returned. 


Using hashes to fight fraud

In addition to all the individual device fingerprinting data points, having three separate hashes means that you have more information to easily utilize and base automated decisions on. By using device, browser, and cookie hashes together with other parameters, you can easily flag a user as high risk when they have made repetitive, suspicious requests, blocking their attempts at fraud.

SEON comes out of the box with a set of default rules that use  hashes to filter out typical fraudulent behavior. Of course, setting up your own custom rules allows you to build a fraud-fighting powerhouse finetuned to your industry and business; using hashes in custom rules is the best way to get started.


Learn more