How to Enable Preventing Fraud and Chargebacks with Device Fingerprinting

Covery Blog / Antifraud, Chargeback prevention, Covery, Fraud prevention, Tips / How to Enable Preventing Fraud and Chargebacks with Device Fingerprinting

How to Enable Preventing Fraud and Chargebacks with Device Fingerprinting

When running an online business, online fraud and chargebacks are your permanent pain points to overcome. Dealing with them can become tedious but is necessary to ensure your business stays afloat and succeeds, instead of succumbing to an online fraud wave. Device fingerprinting is an exquisite anti-fraud tool that can automate your efforts in preventing fraud and managing chargebacks. 

However, device fingerprinting is quite a controversial technology. Hacktivists and mass media try to persuade us that device fingerprinting is a way for big corporations to track every customer through technology — in other words, Big Brother is watching you…

As an enterprise-grade antifraud system gaining popularity in the EU and Switzerland, UA, and Australia, Covery is on the cutting edge of technology. Our team is actively using device fingerprinting to help our customers overcome fraud and minimize chargebacks. We can assure you, that the Big Brother reference cannot be further from the truth. Read on to find out how device fingerprinting can help you secure your revenues and minimize losses to fraud and chargebacks.

What is mobile device fingerprinting?

In order to understand how device fingerprinting helps prevent fraud and minimize chargebacks, we must first describe how online fraud happens.

You are a merchant who accepts payments for your products/services. A customer comes, makes an order, and issues a payment. You accept it and provide the items/services ordered. Later, a chargeback alert comes, stating that the payment was unauthorized, as the card details were stolen. You lose the cost of products, lose the money earned, and have to pay chargeback dispute processing fees.

The key here is that you don’t see a customer face-to-face, nor can you validate their ownership of the card in question. It is your sole responsibility to perform initial and ongoing KYC checks to ensure you don’t deal with a PEP or sanctioned person. You must also evaluate the potential risk score of every transaction: are these payment details well-known to you? Do they come from a reputed country, do they have a good credit history and did they cause you any trouble in the past?

A merchant has to answer lots of such questions, and the more customers you have, the harder it is to perform risk scoring manually, not to mention every person can use multiple devices to access your platform, and you should ensure a seamless customer experience for them. Cookie files were the traditional answer, but they have multiple flaws (a user can simply disable accepting cookies on all sites in their browser), and they do nothing in terms of preventing online fraud and chargebacks.

This is where device fingerprinting comes in handy.

Every device has to transmit a certain range of its hardware and software identifiers for debugging purposes (so that if some web or mobile app crashes, developers can recreate the conditions by emulating your device). It is done using details sent in the crash report, so the devs can create hotfixes. The most important part here is that THIS IS a BASIC, NECESSARY, and LEGAL activity that EVERY DEVICE performs ALL THE TIME since sliced bread and IT DOESN’T NEED OWNER’S CONSENT OR PERMIT.

Device fingerprinting technology simply places a script on any required pages of your website, which collects the identifiers every device transmits during every session. It combines these details with information manually provided by the customer — their email address, phone number, password, and details within their account with you — to provide digital fingerprints of DEVICES, not PEOPLE. 

Does device fingerprint help in protecting private information?

Device fingerprinting can’t track where a person is, what they are doing, whom they are talking with, or what they think. It only tracks which device was used to access the services on any given website page.

Why is this important? Because, as we described earlier, the key advantage of online fraud actors is that you have literally no way to discover their identity and have to judge based on transaction details. 

Device fingerprinting provides a ton more details, which helps merchants make informed decisions, reduce risks and prevent chargebacks by declining risky transactions. Note that this is done even without requesting additional verification, like providing personal details — so legitimate customers are not frustrated with additional verification (well, sometimes an additional 3D Secure check is needed anyways).

But device fingerprinting alone is not enough.

How do you stop chargeback fraud?

Covery antifraud system uses device fingerprinting in conjunction with other features, like Trustchain and behavior analysis.

The device fingerprint of a user’s profile contains all the software/hardware markers of all the devices they regularly use, as well as their session details like IP address, time zone, language preferences, normal transaction limits, and normal behavioral patterns. This way, when a regular customer makes a transaction from usual geolocation and for a usual amount, the system considers this low-risk behavior, and the transaction is approved.

But should the same credentials be used from another device, with another set of hardware/software markers, in another timezone and geolocation — this is a warning sign. Of course, there can be multiple perfectly valid reasons for a customer to log in from another location and device — a business trip or a holiday, for example. But should such login be followed by an attempt to change the password or withdraw the money to another card — an account takeover is clearly in progress. 

Should the transaction also exceed normal limits and customer behavior during the session be unusual — these are indicators of a high-risk transaction that will most likely result in a chargeback.

Trustchain is a global knowledge base of reputation records, which is updated by all members of the Covery community. It helps define customer reputation, so if any of the device’s fingerprint details or user credentials match those involved with fraudulent schemes, Covery issues an alert immediately, so an automated scenario can cancel that account and/or decline all transactions from it.

By monitoring all these aspects in real-time, Covery is able to decline risky transactions, prevent account takeover attempts, precisely evaluate risk scores of every transaction and provide informed decisions for automated scenarios of the flexible risk logic rule engine.

What about friendly online fraud then/ when customers deliberately try to defraud you by saying they did not approve this transaction? In this case, Covery provides in-depth information about the device used and customer behavior noted during that session, which can prove that it was indeed the customer who performed that transaction. Providing this information helps win a chargeback dispute, improving your standing with a PSP and consequent reduction of chargeback cases by at least 80%.
This way, device fingerprinting technology from Covery helps you stem online fraud, secure your revenues and reduce chargebacks. But this is only the tip of the iceberg and Covery can provide much, much more value to your business. Get in touch, order a free demo, and find out how else Covery can help your business succeed!