Device Fingerprinting- What is It And How Can it Reduce Fraud?

As SEON launches its innovative Chrome extension for data enrichment, we highlight a few of our most efficient fraud-fighting tools. We already covered email profiling. Today, it’s all about device fingerprinting.

What is Device Fingerprinting?

When users access your platform, they do it with two tools: a device with a web browser or mobile application, and an Internet connection which retrieves an IP address. This creates two data sources. They are present at signup, login, checkout, or even when browsing a page. With the right solutions, we can extract useful information from these data points.

Combining information about a browser and device is what we call fingerprinting. It gives a clear picture of how the user is connecting to your service. It lets us understand user behaviour, and more importantly, flag potential fraudsters.

Why is it Efficient?

Fraudsters often buy or steal long lists of card numbers and login details. To use them, they must employ a trial and error method. The repetitive nature of this process means it’s near impossible to change device every time. They are left with a few options:

• Clear the browser cache.
• Switch browsers.
• Use private or incognito mode.
• Use virtual machines that make it look like new devices.
• Use advanced tools and technology such as FraudFox, AntiDetect, Kameleo, Linken sphere or MultiLogin.
• Use emulators to spoof mobile devices.

This is precisely where Device Fingerprinting can help. A user constantly clearing their browser cache before multiple login attempts points to clear account takeover attempts – if they use different IDs but the same IP address. They want to blur the track to access your website.

Likewise, a user whose device generates an emulator hash should also be considered high risk – they don’t want you to identify them and their data fingerprints.

However, while device fingerprinting is a great anti-fraud tool, it is not always powerful enough. For instance, analyzing IP and device at payment is a good start. But payment information is a lot more likely to yield red flags. Device fingerprinting is therefore a more efficient technique when combined with other methods.

How Does Device Fingerprinting Work?

The first step is to integrate SEON’s code into your platform. This is done either via Javascript, iOS SDK or Android SDK. This code lets us collect parameters about the user, and identify them through the SEON interface, including:

• Screen information
• Device build
• Operating system version
• Installed plugins
• Browser time zone
• Device number
• Battery information
• And much, much more….

See below for some of the 500 different parameters SEON can extract.

Note that different integration methods enable different parameters. For instance, the device and browser screen size isn’t relevant for connections via smartphones and tablets. Similarly, it’s important that the Android SDK extracts info about the device manufacturer since they are so many of them. With iOS, it’s always Apple.

What Are Hashes And How Do They Help?

One of the most important features of our device fingerprinting tool is the generation of specific hashes. You can think of them as unique IDs, created based on specific parameters:

• Cookie Hash: Creates an ID for each browser session. Clearing the browser cookies and cache will generate a new hash. But if multiple users share the same hash, it means they are clearly using the same browser and device.
• Browser Hash: Generates an ID by combining data from the browser, operating system, device and network. This hash remains unchanged, even if the user clears their browser cookies and cache, or browses privately. However, a device with multiple browsers installed, or even browser versions, will generate different hashes.
• Device Hash: Offers an ID based on the device hardware (e.g HTML5 canvas, audio fingerprinting, GPU, screen data and so on). While many users can share the same device hash (for instance two iPhone 7 Safari users), this allows us to detect Remote Desktop Connections, virtual machines or emulators. For instance, fraudster favourites such as AntiDetect, FraudFox, or Multilogin all generate the same device hash. Moreover, fraudsters using browser extensions that spoof HTML5 canvas will have very unique IDs – and should, therefore, be flagged as high risk.

As you can see, they each have their pros and cons. However, all these hashes become a near-flawless screening tool when they are leveraged together. Fraud analysts can easily create customer profiles that are precise, reliable or even implement rules that isolate suspicious hashes automatically.

Some Of The Collectable Parameters:

With SEON’s JavaScript snippet:

• Cookie hash
• Browser hash
• Unique device hash / identifier
• Timezone of browser and IP
• Operating system detection
• Useragent information
• Private browsing detection
• Operating system, browser languages
• Screen size of device, browser, windows
• Installed fonts and generated hash
• Installed plugins and generated hash
• Battery level
• GPU information
• Cursor, scrolling behaviour
• Browser features: flash, java etc.
• Canvas device fingerprint
• Audio fingerprint
• WebRTC IPs
• DNS: Geo + ISP
• TCP/IP Fingerprint
• Passive SSL/TLS handshake analysis

With the iOS SDK:

• Unique device hash / identifier
• Accessories information
• Audio information
• Battery information
• CPU information
• Advertising Identifier (ADID)
• Device name
• Device orientation
• Unique Device Identifier (UDID)
• iCloud ubiquity token
• iOS version data
• Jailbreak status
• Emulator detection
• Kernel information
• Boot information
• Network configuration
• Pasteboard data
• Memory information
• Proximity sensor data
• Local language
• Local timezone
• Screen brightness
• Screen resolution
• System uptime
• Storage information
• MAC address
• Wifi SSID
• TCP/IP Fingerprint
• Passive SSL/TLS handshake analysis

With the Android SDK:

• Unique device hash / identifier
• Android ID
• Android version data
• Audio information
• Battery information
• Build information
• Carrier information
• CPU information
• Device name
• Storage information
• Emulator detection
• Root status
• Kernel information
• Boot information
• Network configuration
• Pasteboard data
• Memory information
• Proximity sensor data
• Local language
• Local timezone
• Screen brightness
• Screen resolution
• System uptime
• MAC address
• Wifi SSID
• TCP/IP Fingerprint
• Passive SSL/TLS handshake analysis

Conclusion

Gleaning such a precise picture of your users’ devices is an incredible tool to improve your fraud detection rate. However, all this data is only useful if you know how to leverage it. Device fingerprinting is powerful, but it’s nothing without the right insights.

As always, we believe fraud detection should employ a combination of data enrichment, machine learning, and human intelligence. The first two are something SEON can help you leverage today. For human intelligence, we sure believe our tools are the first step towards giving fraud manager more control, efficiency, and peace of mind.