Welcome back for another entry in our series: The top 10 phrases used in the fraud industry (and an explanation of what they really mean!) Today we are talking about device fingerprinting, a method in which anti-fraud companies such as Signifyd tag specific devices (laptops, desktops, phones and tablets) used by fraudsters to disallow those devices from completing a purchase online.
#4 Device Fingerprinting
Earlier in our series we discussed reverse IP address checks to verify the internet protocol and double-check if any fraud was associate with that address. Because many fraudsters often will fake their actual location through servers called proxy servers, device fingerprinting is a way to ensure that even if a cyber-criminal is utilizing proxy servers, the tagged device will still pull up a warning flag to decline the order because of the device fingerprint.
How does it work?
Device fingerprinting is considered to be a very important anti-fraud technology. It basically works like this: every device when logged on to a website has unique characteristics. It can be screen size, the browser used, the time logged in, model of the device or even as mundane as the font preference set by the use. All this information is passed between the device to the server each time a device looks up a specific website. Over time their online behavior can be formed into a recognizable pattern. When this pattern turns malicious in the form of fraudulent activity, the digital footprint left on the devices used is identified, tagged, and blocked from making any transactions across your website.
This is an advanced version of a digital fingerprint called The Matrix
Can device fingerprinting be blocked?
It goes without saying that, naturally, a criminal could change devices, but obtaining those new devices is not only time consuming but also expensive. Also, as mentioned in our cross merchant linking article, internet retailers benefit from the shared data so a tagged fingerprint left on one device will bring up a warning for other merchants who are be worried about criminals who just change stores after their order is declined.
In conclusion, device fingerprinting itself is not a capable stand alone fraud prevention tool. Criminals will still be using stolen credit cards and other financial information in their attempts to defraud merchants online. But the ability to recognize specific devices halts their attempt from using stolen card, after stolen card, to steal en masse on the web. While we are sure criminals are attempting to out think device fingerprinting at this very moment, currently there is no escaping a device fingerprint which makes it a powerful tool in any fraud prevention arsenal. As always please reach out to us with any questions or comments at firstname.lastname@example.org or at email@example.com and follow us on Twitter at @Signifyd. Thanks for reading!