What is device profiling fraud?

It is an attempt to impersonate another customer by forging a synthetic identity from real and fake hardware and software identifiers.

Who uses browser fingerprinting?

Device fingerprinting is a reliable tool in the arsenal of marketers, data analysts and risk managers, enabling in-depth tracking of customer activity.

Is browser fingerprinting legal?

Yes, it is totally legal as it is not prohibited by any law in the US, Europe, UK or worldwide. However, a detailed regulatory legislation for device fingerprinting is yet to come.

How to use browser fingerprinting for fraud prevention?

By forming device snapshots during every login, you can identify devices over time. This way, should something change within a fingerprint (which can indicate a fraudulent activity like account takeover) — you are alerted immediately and can take action.

How do I bypass browser fingerprinting?

You can disable sending device identifiers in crash reports, if such an option is available in your browser, but then websites you visit will not know your OS, browser version, screen resolution and other things, which might make displaying content impossible or incorrect.

How does the browser detect fingerprinting?

It is enabled by default due to the crash handling logic, as it is a perfectly legal tool.

Future of Digital Fingerprinting

Since the pandemic struck, the fraud wave is on the rise, following the shift to digital commerce. The Identity Theft Research Center (ITRC) reports there were 17% more data breaches in the US in 2021 as compared to 2020. Add this to the fact that on average more than 96% of reported fraud cases go unsolved, and you will see why finding innovative ways of detecting and fighting fraud is crucial. Digital fingerprinting is one such method, and while it has been around for quite some time, but is rapidly gaining popularity now.

As end-to-end risk mitigation and anti-fraud solution, Covery uses fingerprinting technology to identify customer devices and prevent fraudsters from damaging online merchants. We are quite well acquainted with web fingerprint applications and would like to share our insights regarding the future of digital fingerprinting in 2022.

For starters, let’s discuss what digital fingerprinting is, how it is used, why it is so powerful and why some consider it a stepping stone towards Big Brother.

What is digital fingerprinting technology?

It is a process of capturing publicly available hardware and software IDs every device transmits during every connection to any other device, website, or service. In order to correctly process a request and form a response, a server should know a ton of details about the user – from OS and browser version to screen resolution and language preferences, color schema, and add-ons/plugins running.

All this data is transmitted during every session with every device. So, if any error occurs, developers can analyze crash reports and reproduce exactly the environment that led to a bug. They will not be able to fix it otherwise.

Covery uses a JS string our customers embed into their website landing pages, checkout pages and any other places where they want to track their clients’ activity. This script collects all the data publicly transmitted by every device and sends it to Trustchain — a global reputational records knowledgebase that contains more than 500 million such records as of January 2022. Series of such snapshots form a web fingerprint and allow to identify any device on the web.

Why is digital fingerprinting good? Because it allows to track customer activity and is invaluable for analytics, marketing, and fraud prevention purposes.

Why is it bad? Because, unlike cookies, obtaining a browser fingerprint requires no express consent for processing under any law as of January 2022, which allows some critics to call digital fingerprinting technology a step towards total surveillance and Big Brother.

But here at Covery, we think that not using the tools at your disposal (especially given how good they are at combating fraud) is not wise. Thus said, device fingerprinting is one of the cornerstones of our comprehensive risk mitigation and fraud prevention strategy.

How does a broswer fingerprint actually work?

By compiling records from every session performed at your website from a particular device, you are able to form its web fingerprint. Naturally, these web fingerprints are not static as they can change with time. Users update their OS versions, browser versions, or even change their phones completely, which alters all the hardware and half of the software IDs.

This is where the devil hides. It’s very hard for an online merchant to define whether their users simply updated their phones — or if an account takeover took place. Alternatively, scammers might use identifiers like email address, phone number, email domain name and others that were a part of a discovered fraudulent scheme in the past. Such details are marked the very first time a browser fingerprint is formed for such a device, making it easier to track risky customers.

Let’s say you have a customer who usually logs in once or twice a week from the same location, device, under the same account and at approximately the same time, and buys some goods in small quantities. But one day they log in from another location and IP address, and try to withdraw all the money from their account with you, or instantly proceed to request a password reset, or try to transfer money to another account. Device fingerprinting helps get your attention to such cases instantly and will help prevent fraudsters from damaging your customers and your reputation.

But what if it is a legitimate customer who simply bought a new phone, went on a family trip, flew to some tropical islands overnight and is now trying to order an anniversary gift for his spouse? Once again, browser fingerprinting helps define that while some identifiers — location and IP address, hardware IDs, login time, etc. — changed, there was no account takeover and the customer can proceed with their purchases as usual.

Conclusions

As you can see, using web fingerprints is a valuable tool for ensuring fraud prevention for online merchants. As an anti-fraud system, Covery is sure device fingerprinting will be used ever more, especially once regulators in the USA, Europe, and the UK come up with the necessary legislation — just like they did with GDPR and PATRIOT Act for cookies.

We expect a bright future for device fingerprinting technology, as it clearly is an efficient tool every fraud fighter should have in their arsenal. It is not enough on its own, however, which means using browser fingerprints should be merely a part of a comprehensive risk mitigation strategy,

This is exactly what Covery does, as device fingerprinting is just one of many features our fraud prevention platform provides. Contact us for a free demo and find out about all the value Covery can deliver for your business!