Article

What Is Device Fingerprinting and How Exactly Does It Work?

By looking at the intricate details of a user’s device setup, it’s possible to unlock information about its user – similar to an online passport that can be used effectively to identify an individual. Collecting various device attributes, called device fingerprinting, can root out related activities and signals that may indicate fraud and significantly enhance fraud detection capabilities.

What Is Device Fingerprinting?

Device fingerprinting involves creating distinct identifiers for each device by analyzing its unique attributes and configurations. These identifiers differentiate one device from another within a network or ecosystem, enabling precise identification and tracking. In action, it’s a way to take information related to software and hardware configurations to derive user intentions – separating the good from the malicious.

How Does Device Fingerprinting Work?

Device fingerprinting leverages specific hashes – unique IDs based on specific parameters –  to pinpoint bad actors with precision. There are three types of hashes:

  • Cookie Hash: A cookie hash, a hashed cookie, is a unique identifier generated for each browser session. These identifiers are created from small files called cookies, which websites store locally to remember specific details about users and their interactions.
    Cookies can contain various types of information, ranging from primary session data to more sensitive details like passwords and personal data. To protect this information, cookies are hashed, meaning their contents are obscured. In addition to aiding website functionality, cookie hashes play a crucial role in fraud prevention by providing insights into users’ past behaviors and helping to flag potential risks when necessary – like if multiple users share the same hash; it is clear that they are using the same browser and device.
  • Browser Hash: A browser hash functions as a unique identifier generated to organize data associated with a user’s browser. Essentially acting as the browser’s ID, it allows for the identification of both the browser and the user by the entity that originally created the hash. This capability extends to distinguishing if multiple users access a website from the same browser. The information contained within a browser hash may encompass details like the type and version of the web browser, its architecture, installed plugins or extensions, HTML5 canvas size and the audio processor being used, among other specifications.
  • Device Hash: A device hash, also known as a hardware hash, is a unique string of characters generated by a device’s software, capturing crucial information about the device and its user. Serving as a digital fingerprint for the device, this hash encompasses details such as local date and time, operating system specifics, hardware components like the GPU, screen properties and more. While each hardware configuration shares a unique identifier, individual devices do not. This feature aids in establishing connections between seemingly disparate users, enabling the detection and prevention of fraudulent activities and offering valuable insights into device (and networked device) usage.

Many fraud detection software may also utilize data collected via cookie fingerprinting, a different method of gathering information about user’s preferences when entering any website. This information is stored on the user’s device. It can be an accurate identifier (and a reliable signal to spot multi-accounting attempts and more), as it is highly unlikely that two different users would have the exact same cookie session. However, users can opt in or out of cookies or delete their cookie session at any point, making it very easy for users with malintent to cover their tracks.

Information collected via device fingerprinting on users’ hardware, software, and browser settings is stored on a server-side database, making it accessible to merchants and harder to modify or delete from the user side. While it is more likely that two separate users have matching hardware settings using the same device model and settings, this information, combined with further data points, can still highlight motivated fraudulent activities.

The Importance of Device Fingerprinting

Device fingerprinting is integral to fuel device intelligence. This advanced fraud prevention technology looks at thousands of real-time device signals, from geolocation and IP information to behavioral device data, such as typing speeds, battery life, phone orientation signals, and hardware and software configurations, to protect digital transactions and combat attacks.

Device fingerprinting aids in providing unique identifiers from devices based on their attributes and distinguishing devices from one another. In contrast, device intelligence analyzes user behaviors and other social signals to generate deeper insights into risk profiles. Working together, device intelligence leverages fingerprinting information to enhance anti-fraud strategies.

What Makes SEON’s Device Fingerprinting Unique?

Read how SEON’s solution is tailor-made for fraud prevention, learn how to use it to block bonus abuse or multi-accounting attempts and more.

Read More

Finding Suspicious Setups

Adept at recognizing suspicious tools, configurations and settings across desktop and mobile devices, device fingerprinting supports accuracy in fraud detection to ensure streamlined operations. Central to a risk assessment strategy is the meticulous evaluation of various device characteristics, each assigned varying risk scores according to a customized business’ risk threshold to pinpoint potential threats effectively.

From browsers engineered to circumvent traditional fraud solutions to privacy-focused platforms like Tor, Brave and DuckDuck Go, scrutinizing an array of factors, including browser spoofing, version age, the use of common anti-fingerprinting extensions, uncommon screen resolutions, popular bot and automation tools and virtual machine environments, are all signals that help refine risk assessments.

By examining a combination of suspicious browser profiles and assessing factors like the inherent risk level of the browser, device and cookie hashes, this form of fraud screening empowers companies to identify fraudsters and take appropriate action swiftly. Plus, with the flexibility of fine-tuning risk scoring to tailored requirements, device fingerprinting and device intelligence are integral to fortifying anti-fraud defenses against evolving threats and emerging technologies.

Why Do Companies Use Device Fingerprinting?

Without device fingerprinting, it would be significantly more challenging to identify and stop fraud related to multi-accounting, account takeovers, digital onboarding, payment fraud and bonus abuse, among other pain points.

Since fraudsters often buy or steal long lists of credit card numbers and login details, they often use them through trial and error to find out what information works. This repetitive process means it’s impossible to change device setups every time. To cover their tracks, they’ll often try clearing their cache, switching browsers, using private or incognito mode, and using virtual machines or device spoofing to evade detection. This is precisely where device fingerprinting can relay necessary signals of fraud to mitigate risk.

Key Features of SEON’s Device Fingerprinting

By combining real-time digital footprinting, device intelligence and a customizable AI-driven rules engine, SEON empowers businesses across industries to detect and prevent potential threats before they happen. With more in-depth data, SEON’s highly customizable device intelligence gives our customers the granular capability to configure tailored rules. Examples of SEON’s device intelligence include:

  • Remote Access Detection: Remote access, the ability for an authorized person to access a computer or network from a geographical distance through a network connection, enables individuals to access files or resources on devices or servers connected to a network. In fraud prevention, detecting if someone is accessing a customer’s device, such as through screen sharing on mobile and web apps, is essential. Additionally, it’s possible to identify apps that can interfere with or alter other apps on Android devices. Device intelligence can detect unauthorized access attempts on customers’ devices.
  • On-Call Detection: On-call detection involves understanding the call status to determine if a customer is on a call when making changes to their account. It is particularly vital for detecting phishing scams in the financial services industry. This functionality is currently relevant only for iOS and Android platforms. Furthermore, it’s possible to discern the type of carrier being used, whether AT&T, T-Mobile, Verizon or a VoIP service – the latter used by fraudsters and is called GSM (Global System for Mobiles).
  • Residential Proxy Detection: Residential proxy detection enables the identification of residential proxy IP addresses assigned by ISPs to individual homeowners but is often exploited to conceal true identities or locations. By distinguishing these proxies from genuine users, device fingerprinting systems bolster fraud detection capabilities, thwarting potential abuses like account takeovers or fraudulent activities.
  • Consolidate Hash Information: Consolidating hash information is crucial for efficiency, privacy protection, standardization, security and reduced storage requirements. Hashing allows for converting large sets of data into fixed-size strings, streamlining processing and safeguarding sensitive information. Standardizing data representation across different devices ensures consistency, simplifies comparisons, and improves fraud detection accuracy. Additionally, the cryptographic properties of hash functions enhance security by preventing unauthorized access to original data. Consolidating hash information optimizes system performance while maintaining privacy and security standards.

Stopping Fraud at the Earliest Point

By employing device intelligence, businesses can strengthen their defenses against evolving fraud schemes, safeguarding sensitive data and preserving the integrity of their platforms. With its ability to detect unauthorized access attempts and scrutinize suspicious device setups, device fingerprinting can empower companies to identify and mitigate fraudulent activities as soon as possible.

An Example of a Successful Device Fingerprinting

Read how SEON’s device fingerprinting solution helped Viabill in a 90% drop of fraudulent transactions

Read More

Frequently Asked Questions

Can device fingerprinting detect device spoofing?

For the most part, yes. For instance, a JavaScript injection can be identified using a simple string comparison and other errors and inconsistencies also point to fraudulent usage. 
The latest device fingerprinting tools should be able to find red flags – for instance, by creating graphical challenges, as seen with Google’s Picasso method. This asks the devices to replicate some graphics and measures any inconsistencies to confirm whether the device data actually matches that of a real browser and operating system. 

Is device fingerprinting legal?

Yes. Although it’s a contentious subject with privacy advocates, the US doesn’t have specific laws on data protection and the EU’s General Data Protection Regulations (GDPR) only requires companies to gain consent from users before tracking them with cookies. 

Is device fingerprinting GDPR compliant?

Yes. A business simply must state its intentions through a terms and conditions section. Recital 47 of the GDPR legislation, as well as the UK GDPR, details:
“The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” 
Therefore, businesses must ensure that they are transparent about the information they will be processing; otherwise, they will become liable to further consequences.

What is cross-device fingerprinting?

More commonly known as cross-device tracking, this describes any method of tracking users and their activity across different devices, despite the fact that they use different devices. To do so, one would have to find identifiers that do not change when the user switches to a new phone, computer or tablet, for instance. 
As a result, someone might be able to track an individual’s activity when that person changes from their mobile phone to a desktop computer, for example, even if this person is not logged into any online profiles. 

Is device fingerprinting enough to stop fraud?

Not exactly. While it is an incredibly useful tool, it also needs to be combined with other solutions such as data enrichment, custom rules, and IP analysis and tracking to really be effective.

You might also be interested in reading about

Learn more about:

Device Intelligence | Digital Footprinting | Fraud Scoring | Fraud Detection and Prevention

Sources