Skip to content

Device fingerprinting



Join our mailing list

Signifyd regularly publishes free reports packed with business insights, commerce trends and data from our massive Commerce Network. We’ll only email when we have something meaningful to share, no more than once per week. And of course you can unsubscribe any time.

Welcome back for another entry in our series: The top 10 phrases used in the fraud industry (and an explanation of what they really mean!) Today we are talking about device fingerprinting, a method in which anti-fraud companies such as Signifyd tag specific devices (laptops, desktops, phones and tablets) used by fraudsters to disallow those devices from completing a purchase online.

#4 Device Fingerprinting

Earlier in our series we discussed reverse IP address checks to verify the internet protocol and double-check if any fraud was associate with that address. Because many fraudsters often will fake their actual location through servers called proxy servers, device fingerprinting is a way to ensure that even if a cyber-criminal is utilizing proxy servers, the tagged device will still pull up a warning flag to decline the order because of the device fingerprint.

How does device fingerprinting work?

Device fingerprinting is considered to be a very important anti-fraud technology. It basically works like this: every device when logged on to a website has unique characteristics. It can be screen size, the browser used, the time logged in, model of the device or even as mundane as the font preference set by the use. All this information is passed between the device to the server each time a device looks up a specific website. Over time their online behavior can be formed into a recognizable pattern. When this pattern turns malicious in the form of fraudulent activity, the digital footprint left on the devices used is identified, tagged, and blocked from making any transactions across your website.

Image

This is an advanced version of a digital fingerprint called The Matrix

Can device fingerprinting be blocked?

A natural question at this point might be, “what if someone is browsing the web in incognito mode and/or with cookies disabled?” The answer to that is, it doesn’t matter. Device fingerprinting operates on information between a user’s computer and a company’s server; passing information between each other and does not leave behind tracking tools such as a cookie. As explained in this Wall Street Journal article, a user would have to disable JavaScript on their browser to halt most of the passing of the information. Disabling the JavaScript in a browser would severely hamper the ability for a consumer to properly read a webpage and consequently would only make a user more identifiable. As further mentioned in this Forbes article, device fingerprinting works the best against those who most vigorously try to fight it. Individuals who clear their browser, disable plugins or update their software only prove to be more unique to device fingerprinting software and thus are easier to track.

It goes without saying that, naturally, a criminal could change devices, but obtaining those new devices is not only time consuming but also expensive. Also, as mentioned in our cross merchant linking article, internet retailers benefit from the shared data so a tagged fingerprint left on one device will bring up a warning for other merchants who are be worried about criminals who just change stores after their order is declined.

Final thoughts

In conclusion, a device fingerprinting solution itself is not a capable stand alone fraud prevention tool. Criminals will still be using stolen credit cards and other financial information in their attempts to defraud merchants online. But the ability to recognize specific devices halts their attempt from using stolen card, after stolen card, to steal en masse on the web. While we are sure criminals are attempting to out think device fingerprinting at this very moment, currently there is no escaping a device fingerprint which makes it a powerful tool in any fraud prevention arsenal.  As always please reach out to us with any questions or comments at [email protected] or at [email protected] and follow us on Twitter at @Signifyd. Thanks for reading!

 

Signifyd

Signifyd

Signifyd provides an end-to-end Commerce Protection Platform that leverages its Commerce Network to maximize conversion, automate customer experience and eliminate fraud and customer abuse for retailers.