High-Value Customers: How to Find Them to Boost Revenue

by Tamas Kadar
You might not be aware of it, but the web browser with which you’re accessing this page is a treasure trove of data.
Tracking and understanding that data is often referred to as browser fingerprinting. As we’ll see in this post, this is a fantastic tool to reduce fraud rates at your company.
In real life, your fingerprints are unique and point to you as an individual. In the online world, it’s browser configurations that may point to individuals. While many people use the same browsers, their configurations of software and hardware are so varied that they can effectively act as user IDs.
Browser fingerprinting allows you to get granular information about each parameter of this configuration. For instance, you may be able to learn which default language the user has set for the browser, see which fonts are installed, and more. You can read a more complete list of these data points below.
The key is to get as much information as possible about who your website visitor is based on their browser configuration. This is particularly useful in the context of fraud prevention and cybersecurity, where certain parameters may instantly point to suspicious configurations. For instance, browser fingerprinting may be able to detect when users rely on emulators or spoofing tools, which should increase your suspicions about their intentions on your website.
Because these “fingerprints” tend to be unique, they can also act as user IDs. This allows marketers and advertisers to track users across the web, and to deliver targeted content based on someone’s online activities.
The last point to note is that browser fingerprinting is a somewhat contentious practice, which is why a number of privacy-advocacy groups have developed anti-tracking and anti-fingerprinting techniques and tools.
Browser fingerprinting tools gather user data relating to users’ software and hardware configurations, including:
The above shows just how many parameters are taken into account to create a browser fingerprint.
Browser fingerprinting usually works by adding a JavaScript snippet code to your website or web app code. This allows your company or a third-party vendor to extract the browser data and store it.
At SEON, we rely on three distinct methods, which have their pros and cons.
Browser hash generates an ID by looking at all browser fingerprint data points such as the user agent, operating system, windows, screen, font settings and more.
A new ID is created with each browser session.
The ID is created based on hardware data such as the HTML5 canvas, GPU, audio fingerprinting, whether it allows touch support, and more.
As you can see, it’s always better to combine all three hashes in order to get a better picture of who your users are. Legacy fraud detection methods only looked at the cookie hash or user agent, but fraudsters are now too savvy to be caught that way.
SEON is a powerful end-to-end solution that gives you complete control over the rules that affect your users’ fraud scores.
Book a Demo
Yes, browser fingerprinting is legal as all the information collected is considered public and does not include any personal data. However, one should note that the fraud solution that collects the data should be compliant with all applicable legislation. For instance, SEON is fully GDPR compliant and ISO-27001 certified.
While the standard browser fingerprinting is dependent on which browser the person uses, a method called cross-browser fingerprinting has allowed researchers to ID people based on hardware alone.
This development could have drastic consequences both for privacy-focused users and fraud prevention companies. Bear in mind, however, that several of the methods and innovations introduced by researchers in cross-browser fingerprinting have already been integrated into fingerprinting solutions. This includes some of SEON’s fingerprinting data points, which we continue to update.
As a technology, browser fingerprinting can offer numerous benefits to businesses.
Every user’s configuration of software and hardware is likely to be unique. This means you can essentially turn that configuration into a user ID.
Once you have identified the user, you can track their movements across your site. It’s also helpful to know when they are returning visitors.
One of the key benefits of having a de facto user ID is that you can offer your users specific content. This could be geolocalized web pages, or redirecting them towards appropriate resources.
The same applies to targeted marketing. Once you know you are dealing with a loyal customer, you can send them unique offers such as bonuses, loyalty points, or special discounts.
ATO attacks happen when someone logs into an account that isn’t theirs. But if you’ve managed to create an ID for the original account holder, it becomes much easier to spot suspicious logins.
For instance, a new login from a previously unseen device and IP geolocation could increase your suspicions.
It’s worth noting that an efficient anti-fraud tool will not block all new device logins because sometimes, it will simply be someone logging from a new mobile device or computer. The key is that you should know when to ask for extra authentication, based on a combination of data points and what each means.
When the configurations for multiple users are similar, you can make an educated guess that you are dealing with the same person attempting a multi-accounting attack.
In the context of fraud prevention, this will allow you to prevent problems such as bonus abuse. iGaming companies and online casinos have an extra incentive to block collusive play between groups of players (or one person pretending to be multiple players).
Finally, a key use of this fingerprinting is to help reveal suspicious user configurations. That includes any kind of setup that points to:
Once again, these kinds of data points won’t always point to fraud. But you should be extra vigilant with these users.
While browser fingerprinting is a fantastic way to get an idea of who your web visitors are, it’s no magic bullet. Here are some reasons why:
This is an area we recommend fraud managers pay specific attention to. A lot of fraud companies pride themselves on their ability to track hundreds or thousands of online data points for browser fingerprinting.
But the ability to track more personal data isn’t always better, if it is stale. What is a much better and smarter approach is to find and enrich the fresh points with other fraud prevention modules in order to create a multi-layered fraud prevention solution to protect your business and users.
The very fact that specific software is designed to spoof devices, browsers and operating systems clearly shows that fraudsters have experience with online fingerprinting. They will try their best to manipulate the data to hide their real-world identity.
Of course, for the good guys, the fight is all about identifying these spoofing methods and setting up good tracking techniques. One example of this from recent years was when it was understood that a browser fingerprint of the size of the canvas can help to indicate fraud – because bad agents tend to resize their browsers to work on multiple platforms at once.
The rise of privacy-centered browsers such as Brave or Firefox shows that users don’t enjoy being tracked. These browsers and others, such as the latest version of Microsoft Edge, build privacy features into their code – for example, by disabling JavaScript, blocking tracking pixels and tracking cookies by default, or only allowing HTTPS.
There is also no shortage of anti-tracking options for general users, such as the Tor browser, NoScript (which blocks JavaScript everywhere), Ghostery (which lets you block and audit your browser fingerprint), or the dozens of ad-blocking tools that regularly top the list of the most downloaded extensions on any app store.
And while the general public isn’t necessarily tech-savvy enough to deploy the right tools, there is a general sense that data privacy is important and that tracking poses a threat. As reported by the Pew Research Center, 81% of US citizens believe they do not have enough power over how their data is tracked by companies. The same amount believes that the risks outweigh the benefits, which could see a rise in consumer tech designed to address these concerns.
There are data collection and privacy issues that should be raised with browser fingerprint and canvas fingerprinting tools.
This is why you have to make sure that your browser fingerprint solution is compliant with local laws and regulations. While it is a legal practice, you may need to acknowledge every digital fingerprint in your terms and conditions, as some visitors may wish to opt out (like with a cookie policy).
It’s worth noting that every time risk managers deploy new browser fingerprinting features, organized fraudsters create tools designed to confuse them.
This is particularly evident with the rise of anti-fingerprinting browsers, or browser spoofing tools, which are deployed to emulate other configurations. Privacy advocates also recommend them to those who want to avoid targeted marketing or simply to reduce personal data collection.
Browser fingerprinting is a process, which means that several different tools can offer similar results. Let’s take a look at the standard features and see how they work.
All the data returned from online fingerprinting is processed through a hash function. This is a long string of letters and numbers which processes data of arbitrary sizes into fixed-sized values. This makes it easier to log the information, encrypt, analyze and compare it.
For instance, SEON works with hundreds of parameters, but only three kinds of hashes: cookie hash, browser hash, and device hash.
Websites written in HTML5 contain a code element called the canvas. This element is used to draw graphics on a web page. It also generates data such as the font size or active background color setting, which come into play when creating a unique user ID for tracking. It is the most powerful feature of browser fingerprinting.
The HTML5 fingerprint is used as a fraud prevention technique based on the fact that the same canvas image may be rendered differently on different computers.
Like the canvas element, WebGL is a JavaScript API that renders on-screen images and graphics. An image is rendered with a fixed size and, because different GPUs use different algorithms to display it, you can estimate the kind of graphics card your user has installed.
A user agent, or UA, is part of the software designed to identify a browser with the website. It is a string which, when detected by a site, can display tailored content for specific browsers.
There are a few caveats to user agent detection, all related to how this data point is used in the real world. Firstly, web developers often rely on user-agent switching tools to visualize how a site will look on a variety of devices. Fraudsters use the same type of tool to spoof a browser. Default Android web browsers use the same user agents as Safari to make compatibility easier. Google is also depreciating user agents in its Chrome browser.
Still, user agent detection is an integral part of browser fingerprinting and remains useful when considered in tandem with other elements.
Producing sound from a mobile browser and device audio stack is surprisingly complex. In audio fingerprinting, a website uses the AudioContext API to send a low-frequency sound through the browser to the device, and measures how the device processes that data. This helps inform how to process audio – but no audio is recorded, collected, or played, so you don’t need microphone and speaker access. And yet, this technique can inform fingerprinting with multiple parameters and values.
Companies who create mobile apps specifically for smartphone OS can use a specific SDK (software development kit) to get extra information about devices, whether they are built by Apple, Samsung or other vendors.
By default, Tor makes each user have the exact same fingerprint. This ensures companies lack Tor fingerprinting information, ultimately providing fraudsters anonymity from basic anti-fraud solutions.
However, Tor detection works by running a test to see if the user’s IP matches a known Tor exit node, thus determining whether a user is running Tor. While a Tor user might not have any malicious intent, Tor users should be flagged as high risk by default due to the statistically higher likelihood of fraudulent activity.
Selenium is an open-source tool that automates browsers, which was originally intended to help with web application testing. Selenium is very easy to set up and allows users to run scripted actions in a distributed manner.
Though it is a useful tool for developers, it’s also the tool of choice for malicious actors who would want to scrape your website – e.g. ticket scalpers. Unfortunately, these people are incentivized to hide what they’re doing, and you need to be proactive in catching them.
While Selenium itself is difficult to detect, you can use JavaScript to check for evidence of WebDriver, the technology behind it. In fact, our upcoming rule update will automatically flag browsers that are automated as risky, allowing you to block bot traffic and service abuse.
At SEON, we were very lucky to develop our browser fingerprint module with Gábor Gulyás, a pioneer of device fingerprinting. His expertise helped us create browser fingerprinting based on hundreds of parameters. However, we also recommend combining our module with other fraud detection features, such as:
All the browser fingerprinting modules are accessible as part of the SEON platform, designed by anti-fraud experts for businesses in any vertical. To see how we help reduce the costs and resources lost to fraud by 70–80% without sacrificing user experience, try a free demo with SEON.
Combine advanced browser fingerprinting, real-time social media profiling, customizable risk scoring and machine learning insights.
Book a Demo
Frequently Asked Questions
A range of industries across ad tech, fintech, and fraud prevention rely on browser fingerprinting to understand more about their customers.
Browser fingerprinting analyzes any given user’s software and hardware configuration, which in turn creates unique IDs that can be used to highlight suspicious behavior. It can help spot a range of potentially fraudulent activities including synthetic IDs, identity theft, CNP fraud, phishing, spoofing, account takeover, and affiliate fraud.
You might also be interested in reading about…
Learn more about:
Data Enrichment | Fraud Detection API | Fraud Detection with Machine Learning & AI
External Sources
Showing all post with `` tag
Click here
Tamas is the founder and CEO of SEON and an expert in all the technological aspects of fraud prevention.
Join over 6000 companies in getting the latest fraud-fighting tips