How Forex Trading Companies Can Spot High-Risk Customers

by Tamas Kadar
Device fingerprinting can be used to stop fraudsters from attempting to hack, break into, or spam websites as well as offer detailed insights into any customer that’s coming onto your website.
Read on to learn more about this fraud prevention technique and how it’s used to protect businesses globally.
It is a way to identify someone’s device using information related to its software and hardware, allowing you to reach conclusions about their intentions, as well as track their activity.
Device fingerprinting collects information about a user’s device, such as which browser they use and on which hardware, as they connect to a website, app or other server. It is done by websites and apps in order to be able to track the user’s actions and visits, and assess whether their intentions are fraudulent or otherwise harmful.
Note that there are different sub-types of device fingerprinting, such as mobile device fingerprinting and cross-device fingerprinting.
Device fingerprinting analyzes users’ configurations of software and hardware. It creates a unique ID for each configuration, in order to recognize connections between users and to highlight suspicious devices. This is called a device hash.
It’s worth noting that web cookie fingerprinting is entirely different, as those are stored on the client side of the browser whereas the findings of device fingerprinting are stored in a server-side database, making it accessible for merchants.
Read how Mokka, a leading BNPL provider, projected to have lowered fraud rates by 50% and saved costs on automated checks by 6% thanks to SEON software.
Read More
When users access your platform, they do it with two tools: a device with a web or mobile application and an internet connection that retrieves an IP address. This creates two data sources. They are present at signup, login, checkout, or even when browsing a page. With the right solutions, we can extract useful info from these data points.
Combining knowledge about a browser and device is what we call device fingerprinting. Based on the device of the user, this might be mobile device fingerprinting, desktop device fingerprinting, etc. It gives a clear picture of how the user is connecting to your service. It helps us understand user behavior, and more importantly, flag potential fraudsters.
For example, here are just a few of the attributes that the SEON engine collects about a user’s device as part of device fingerprinting:
More commonly known as cross-device tracking, this describes any method of tracking users and their activity across different devices, despite the fact that they use different devices. To do so, one would have to find identifiers that do not change when the user switches to a new phone, computer or tablet, for instance.
As a result, someone might be able to track an individual’s activity when that person changes from their mobile phone to a desktop computer, for example, even if this person is not logged into any online profiles.
At the time of writing, technologies such as ultrasonic audio beacons, supercookies and web beacons have been used to this end. A related solution is cross-browser fingerprinting, a method devised by researchers in 2011 that seeks to track users across different browsers.
Possible applications include advertising, surveillance, law enforcement and espionage.
While device fingerprinting is legal and anonymous, many have made clear their concerns about the privacy implications of cross-device fingerprinting as well as its effects on society and politics – including government agencies and researchers.
As a method, device fingerprinting has the capacity to be incredibly accurate, with the rate of accuracy increasing with the number of attributes being collected and analyzed. There are different ways in which we could answer this question:
For the most part, yes. For instance, a JavaScript injection can be identified using a simple string comparison and other errors and inconsistencies also point to fraudulent usage.
The latest device fingerprinting tools should be able to find red flags – for instance, by creating graphical challenges, as seen with Google’s Picasso method. This asks the devices to replicate some graphics and measures any inconsistencies to confirm whether the device data actually matches that of a real browser and operating system.
Fraudsters who want to bypass device fingerprinting and tracking methods will use a variety of tools. Purpose-built device spoofing browsers, like the Mimic browser, include a canvas poisoning feature that is designed to confuse data readings. By adding noise to certain values, it is intended to help fraudsters slip under the radar.
Sometimes, the most sophisticated attacks will use a complete recreation of the software and hardware stack. The criminals create a completely virtual environment that changes randomly every time it is switched on to avoid tracking. While some of these tools are free, many are relatively expensive, which shows they are marketed at organized criminals.
By using sophisticated device fingerprinting solutions, as well as combining them with other methods, such as digital footprint analysis, you can detect fraudsters who try to spoof their devices. Part of this will also involve looking at inconsistencies in the data points you have gathered.
Companies use device fingerpinting to stop fraudsters and other bad actors, as well as for cybersecurity and marketing purposes. Without device fingerprinting, it would be significantly more difficult to identify and stop fraud related to multi-accounting, account takeovers, digital onboarding, payment fraud and bonus abuse, among other pain points.
Fraudsters often buy or steal long lists of card numbers and login details. To use them, they must employ a trial and error method. The repetitive nature of this process means it’s near impossible to change device every time, so instead they will do some of the following to hide their tracks:
This is precisely where device fingerprinting can help. For example, someone, a user found to use an emulator should be considered high risk – they don’t want you to identify them, and they may be browser spoofing.
Not exactly. While it is an incredibly useful tool, it also needs to be combined with other solutions such as data enrichment, custom rules, and IP analysis and tracking to really be effective.
The reason is that fraudsters are aware of how basic device fingerprinting works. In recent years, we’ve seen a surge in anti-device-fingerprinting solutions such as web browsers designed specifically to hide the operating system configurations.
This is called device spoofing, and we’ve seen an arms race between fraudsters and risk management experts regarding the technology.
For instance, analyzing someone’s IP and device at checkout is a good start. But payment information is a lot more likely to yield red flags. Device fingerprinting is therefore more efficient when combined with other fraud prevention methods.
While the most widely known use case for device fingerprinting are analytics and ad tracking, the technique can be used effectively to mitigate fraud. Let’s look at this in more detail.
For merchants, device fingerprinting can do more than just help with ads, as the uniqueness of a person’s fingerprint can show irregularities when attempting an order or other transaction.
This can stop payment fraud, chargebacks, loyalty program abuse and more.
Within the banking industry, you can utilize device fingerprinting to flag potentially suspicious activity such as when a user logs into a bank account via a different device, location or obscure IP address.
Pain points in banking that device fingerprinting can help with include account takeovers and money laundering, where spoofing is used to conceal the fraudster’s identity.
Advertisers and adtech companies use device fingerprinting to identify and track users’ internet history to understand more about the visitor and to show them more personalized ads.
While device fingerprinting tracks users for these purposes, it can also help stop ad-related fraud – for example, affiliate fraud, referral fraud and multi-accounting to achieve these.
SEON can extract 500+ different parameters from a user’s device, examples of which you can see below as well as, in more detail, in our API Reference.
SEON’s device fingerprinting solutions can be deployed by API or as part of an end-to-end fraud prevention platform. The first step would be to insert the necessary code into your platform. This is done via Javascript, iOS SDK or Android SDK. This code lets us collect parameters about the user, and identify them through the SEON interface.
Note that different integration methods enable different parameters.
For instance, the device and browser screen size isn’t relevant for connections via smartphones and tablets. Similarly, it’s important that the Android SDK extracts info about the device manufacturer, since they are so many of them that it is an identifying feature. Conversely, with iOS, it’s always Apple.
Here are some of the hundreds of data points collected by the SEON engine for device fingerprinting. This list is constantly added to and enriched.
Let’s say you are trying to block transaction fraud at your company. Your chargeback rates are too high and your risk team is losing too much time and effort trying to manually review every transaction.
You could integrate a device fingerprinting module as part of your end-to-end fraud detection system, which will also work in combination with other modules.
At this stage, you can act accordingly. You could, for instance, automatically block the transaction, always based on your risk preferences. You can also trigger heavier verification checks, such as asking for proof of address. Finally, you could send the transaction for manual review to your fraud analysts, who will use their judgment to accept or reject it.
SEON allows you to do this, with the added benefit of complete customization of risk rules, fraud scoring and even actions to follow.
Beyond device fingerprinting, the solution’s unique data enrichment functionality gathers real-time data from 50+ online sources to add dozens of points to inform your decision making.
Importantly, SEON’s solutions are industry agnostic, which explains why we have been able to help organizations far and wide – from BNPL company Viabill, which saw a 90% drop in fraudulent registrations, to crowdfunding platform Patreon, which experienced a drop in customer churn.
One of the most important features of a device fingerprinting tool is the generation of specific hashes to catch fraudsters with more accuracy. You can think of them as unique IDs created based on specific parameters.
As you can see, they each have their pros and cons.
However, all these hashes become a near-flawless screening tool when they are leveraged together. Fraud analysts can easily create customer profiles that are precise and reliable, or even implement rules that isolate suspicious hashes automatically.
SEON offers a fully modular fraud solution and the support of a team that are experts in online fraud. See it for yourself in a bespoke demo tailored to your needs.
Book a Demo
Gleaning such a precise picture of your users’ devices is an incredible tool to improve your fraud detection rate.
However, all this data is only useful if you know how to leverage it. Device fingerprinting is powerful, but it’s nothing without the right insights.
We believe fraud detection should employ a combination of data enrichment, machine learning, and human intelligence.
The first two are something SEON can help you leverage today. As for human intelligence, we sure believe our tools are the first step towards giving fraud managers more control, efficiency, and peace of mind.
Choosing a browser that offers anti-fingerprinting availability without any mods or plugins can minimize the data shared. Disabling Javascript and Flash as well as using a VPN are three other methods to make your fingerprint more obscure and less revealing.
Cookies are stored on a visitor’s device and contain data such as the user’s previous shopping cart information, which can then be used for retargeting ads. Device fingerprinting is stored on the merchant’s/server side and reveals more about the user’s configuration.
Yes. Although it’s a contentious subject with privacy advocates, the US doesn’t have specific laws on data protection and the EU’s General Data Protection Regulations (GDPR) only requires companies to gain consent from users before tracking them with cookies.
Yes. A business simply must state its intentions through a terms and conditions section. Recital 47 of the GDPR legislation, as well as the UK GDPR, details:
“The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”
Therefore, businesses must ensure that they are transparent about the information they will be processing; otherwise, they will become liable to further consequences.
You might also be interested in reading about
Learn more about:
Data Enrichment | Fraud Detection API | Fraud Detection with Machine Learning & AISources
Showing all with `` tag
Click here
Tamás Kádár is the Chief Executive Officer and co-founder of SEON. His mission to create a fraud-free world began after he founded the CEE’s first crypto exchange in 2017 and found it under constant attack. The solution he built now reduces fraud for 5,000+ companies worldwide, including global leaders such as KLM, Avis, and Patreon. In his spare time, he’s devouring data visualizations and injuring himself while doing basic DIY around his London pad.
The top stories of the month delivered straight to your inbox