Device Fingerprinting- What is It And How Can it Reduce Fraud?

device-fingerprinting

As SEON launches its innovative Chrome extension for data enrichment, we highlight a few of our most efficient fraud-fighting tools. We already covered email profiling. Today, it’s all about device fingerprinting.

What is Device Fingerprinting?

When users access your platform, they must do so with two things: a device with a web browser or mobile application, and an Internet connection which retrieves an IP address. This means two data sources are always present, whether it’s at signup, login, checkout, or even when browsing a page. With the right tools, we can extract a lot of useful information about these two.

Combining numerous data points from the browser and device is what we call fingerprinting: a clear picture of how the user is connecting to you service. It lets us understand user behavior, and more importantly, flag potential fraudsters.

Why is it Efficient?

Fraudsters often buy or steal long lists of card numbers and login details. To use them, they must employ a trial and error method. The repetitive nature of this process means it’s near impossible for fraudsters to change device every time. They are left with a few options:

  • Clearing the browser cache
  • Switching browsers
  • Using private or incognito mode
  • Using virtual machines that make it look like new devices
  • Using advanced tools such as FraudFox, AntiDetect, Kameleo, Linken sphere or MultiLogin
  • Using emulators to spoof mobile devices

This is precisely where Device Fingerprinting can help. If, say, we see a user is constantly clearing their browser cache before multiple login attempts with different IDs, but the same IP address  – this points to clear account takeover attempts.

Likewise, a user whose device generates a hash pointing to an emulator should also be considered high risk (more on that below).

However, while device fingerprinting is a great anti-fraud tool, it is not always powerful enough on its own. For instance, analyzing IP and device at payment is a good start, but the payment information is a lot more likely to yield red flags. Device fingerprinting is therefore a more efficient technique when combined with other data analysis methods.

How Does Device Fingerprinting Work?

The first step is to integrate SEON’s code into your platform. This is done either via Javascript, iOS SDK or Android SDK. This code collects lets us collect parameters about the user, and reveals them through the SEON interface, including:

  • Screen information
  • Device build
  • Operating system version
  • Installed plugins
  • Browser time zone
  • Device number
  • Battery information
  • And much, much more….

See below for some of the 500 different parameters SEON can extract.

Note that different integration methods enable different parameters. For instance, the device and browser screen size isn’t relevant for connections via smartphones and tablets. Similarly, it’s important that the Android SDK extracts info about the device manufacturer, since they are so many of them. With iOS, it’s always Apple.

What Are Hashes And How Do They Help?

device-fingerprinting-02

One of the most important features of our device fingerprinting tool is the generation of specific hashes. You can think of them as unique IDs, created based on specific parameters:

  • Cookie Hash: Creates an ID for each browser session. Clearing the browser cookies and cash will generate a new hash. But if multiple users share the same hash, it means they are clearly using the same browser and device.
  • Browser Hash: Generates an ID by combining data from the browser, operating system, device and network. This hash remains unchanged, even if the user clears their browser cookies and cache, or browses privately. However, a device with multiple browsers installed, or even browser versions, will generate different hashes.
  • Device Hash: Offers an ID based on the device hardware (e.g HTML5 canvas, audio fingerprinting, GPU, screen data and so on). While many users can share the same device hash (for instance two iPhone 7 Safari users), this allows us to detect Remote Desktop Connections, virtual machines or emulators. For instance, fraudster favorites such as AntiDetect, FraudFox, or Multilogin all generate the same device hash. Moreover, fraudsters using browser extensions that spoof HTML5 canvas will have very unique IDs – and should therefore be flagged as high risk.

As you can see, they each have their pros and cons. However, all these hashes becomes a near flawless screening tool when they are leveraged together. Fraud analysts can easily create customer profiles that are precise, reliable, or even implement rules that isolate suspicious hashes automatically.

Some Of The Collectable Parameters:

With SEON’s JavaScript snippet:

  • Cookie hash
  • Browser hash
  • Unique device hash / identifier
  • Timezone of browser and IP
  • Operating system detection
  • Useragent information
  • Private browsing detection
  • Operating system, browser languages
  • Screen size of device, browser, windows
  • Installed fonts and generated hash
  • Installed plugins and generated hash
  • Battery level
  • GPU information
  • Cursor, scrolling behaviour
  • Browser features: flash, java etc.
  • Canvas device fingerprint
  • Audio fingerprint
  • WebRTC IPs
  • DNS : Geo + ISP
  • TCP/IP Fingerprint
  • Passive SSL/TLS handshake analysis

With the iOS SDK:

  • Unique device hash / identifier
  • Accessories information
  • Audio information
  • Battery information
  • CPU information
  • Advertising Identifier (ADID)
  • Device name
  • Device orientation
  • Unique Device Identifier (UDID)
  • iCloud ubiquity token
  • iOS version data
  • Jailbreak status
  • Emulator detection
  • Kernel information
  • Boot information
  • Network configuration
  • Pasteboard data
  • Memory information
  • Proximity sensor data
  • Local language
  • Local timezone
  • Screen brightness
  • Screen resolution
  • System uptime
  • Storage information
  • MAC address
  • Wifi SSID
  • TCP/IP Fingerprint
  • Passive SSL/TLS handshake analysis

With the Android SDK:

  • Unique device hash / identifier
  • Android ID
  • Android version data
  • Audio information
  • Battery information
  • Build information
  • Carrier information
  • CPU information
  • Device name
  • Storage information
  • Emulator detection
  • Root status
  • Kernel information
  • Boot information
  • Network configuration
  • Pasteboard data
  • Memory information
  • Proximity sensor data
  • Local language
  • Local timezone
  • Screen brightness
  • Screen resolution
  • System uptime
  • MAC address
  • Wifi SSID
  • TCP/IP Fingerprint
  • Passive SSL/TLS handshake analysis

Conclusion

Gleaning such a precise picture of your users’ devices is an incredible tool to improve your fraud detection rate. However, all this data is only useful if you know how to leverage it. Device fingerprinting is powerful, bu it’s nothing without the right insights.

As always, we believe fraud detection should employ a combination of data enrichment, machine learning, and human intelligence. The first two are something SEON can help you leverage today. For human intelligence, we sure believe our tools are the first step towards giving fraud manager more control, efficiency, and peace of mind.

Learn more about our products!

Products

Sign up to our newsletter