Learn Film

Device Fingerprinting Is a Great Tool, But It’s Not Foolproof

Device fingerprinting is a method used to track devices as they navigate across different web environments. Similar to human fingerprints, device fingerprinting identifies devices by consolidating characteristics that are unique to each one, such as the operating system version, screen resolution, language, and other settings.

Unlike traditional cookies, device fingerprinting does not collect data on the customer’s computer. Instead, when a customer visits your website, a small piece of JavaScript code queries APIs to collect data about the device. This information is then compared to the fingerprint on file, which can determine the level of risk associated with the login or transaction.

In the world of fraud prevention, it is critical to have as many tools at your disposal as possible. Device fingerprinting can help you to recognize patterns of fraudulent behavior, such as IP address spoofing and a lack of screen resolution consistency. These can be indicators of a potential breach or a fraudster trying to steal a customer’s credentials.

However, while device fingerprint has its place in your fraud prevention toolkit, it is not a foolproof solution. Fraudsters can circumvent device fingerprinting in a variety of ways, including using different hardware and software configurations to avoid detection. Additionally, every time a user installs a new plugin or makes a change to their device settings, this can alter the device’s fingerprint to some extent.

As such, it’s important to use device fingerprinting alongside, or in place of, traditional web cookies, and leverage the technology as a part of your overall verification and fraud protection strategy. The good news is that fingerprinting can be paired with other technologies, such as IDFV (iOS) or App Set ID (Android), to provide a layered approach to protection.

The EU’s think tank on privacy, the Article 29 Data Protection Working Party, recently published an opinion that states that third parties who process device fingerprints must obtain consent from users in order to do so. The reason for this is that the process of obtaining a fingerprint requires access to the device’s browser and operating system, which isn’t something that can be blocked by an anti-virus or other security software.

Fingerprinting Is A Great Tool, But It’s Not Foolproof

Fraudsters are smart, and they will work to circumvent your fraud prevention tools if they can. For example, a common tactic is to use a VPN to mask their identity. However, fingerprinting can still detect when a customer’s screen resolution or language changes, which is an indication of a potential breach.

While device fingerprinting is an effective tool in the battle against fraud, it’s not a standalone solution. Wise merchants know that it’s essential to use multiple tools, including predictive analytics and behavioral monitoring, in order to protect against the full range of scams out there. To find out more about the ways you can use device fingerprinting to improve your fraud protection strategies, contact us today. We’ll be happy to answer any questions you may have!