Fingerprint Technology

Device Fingerprint overview

Digital fingerprint is a technology used to identify each individual device using parameters the said device has. There is a number of possible usage scenarios for this technology, they mainly stem from the potential ability to identify and analyze real users irrespective of cookie files, the main analytic and tracking tool of our time.

Device Fingerprinting is used to determine whether the computer you are doing business with should be trusted or not. It is a measurement of browser information, operating system information, and connection information of a given device. With personal information such as account credentials becoming a commodity on the black market, companies need to look to alternative methods for verifying whether each given login attempt, account creation, transaction, and order come from a valid user. Standard methods like IP Address Blacklisting and IP Address Geolocation are no longer a valid tool. Proxies, VPNs, and botnets have made them obsolete. Device Fingerprint on the other hand is a valid and effective tool since it will recognize fraudsters even if they change their name, IP Address, cookies or use stolen credentials.

FraudHunt Technology

We at FraudHunt used a combination of known technologies to create a unique system capable of creating a resistant Fingerprint key, a list of main parameters for any given device, and a list of triggers that indicate a visitor as a fraudster or a malicious bot.

Technologies Used:

1

Canvas Fingerprint;

2

Web RTC;

3

Audio Fingerprint;

4

Evercookie;

The biggest issue of FraudHunt Device Fingerprint is the same as with any other fingerprinting technology. It is impossible to precisely create a fingerprint for any device at any given time. Since the fingerprint itself is based on device parameters, same parameters will have same “fingerprints”, it means that two identical devices should have same Device Fingerptint, this is especially the case with newly purchased devices or devices that have a limited customization possibilities.

We faced two obvious problems developing the solution, 1. How to make sure different devices do not get same Fingerprint and 2. How to make sure one device does not get multiple fingerprints. The first problem is especially topical for devices like IPhones, etc. that in many cases operate on default settings and second one is a common problem of all fingerprinting services.

At this point of time we do not assign same keys to different devices and the success rate of our solution even in case of partial parameters change is around 85% – 90%. So one user can get different keys but only in case of serious parameters change which is very rare in case of quality users. We also provide a quality score and a list of triggers most commonly used by fraudsters (emulations, proxies, UserAgent changes, etc.).

How to use FraudHunt Device Fingerprint

Our Primary Tracking script is used to generate a unique fingerprint key once it communicates with our server. You are welcome to read about basic integration here.

Once the key is generated you can grab it and send to your server.

Please note that we recommend to perform all operations with the system via a server side. This includes saving the Fingerprint key, quering the API, etc. However, we do have examples of the global callback and the API calls done on page here.

You can then query our API to receive data about the user. The data in the JSON string may vary depending on your exact needs, but you can see a standard set (used for free testing) below:


{
  	
"fingerprintKey": "BCCWNED2A557D2B157261D5867752B13"
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
"language":	"en-US"
"doNotTrack": false
"cookies": true
"timeZone": 2
"ipList":	
0: "192.168.109.110"
"plugins":	
0: "Chrome PDF Plugin"
1: "Chrome PDF Viewer"
2: "Native Client"
3: "Widevine Content Decryption Module"
"deviceInfo":	
"browser": "Chrome"
"browserVersion": "63.0.3239.132"
"OS": "Windows 10"
"deviceModel": ""
"screenInfo":	
"screen": "1920x1080"
"client": "1097x557"
"customerInfo": {}
"httpInfo":	
"refererUrl": "http://clientdemo.fraudhunt.net/demo.html?clickid=5"
"originUrl": "http://clientdemo.fraudhunt.net"
"publicIp":	"207.244.77.175"
"location":	
city: "Manassas"
country: "United States"
region: "Virginia"
"fraudScore": 72
}

Data storage

You have to prepare to store all data about your users on your side. The fingerprint keys will be generated on the visitor page and then used to receive the rest of the information. We recommend you to save all the API responses and keys paired with your own identifiers (email addresses, user ids, etc.). The information stored in our Public API is deleted every 4-5 days.
Fraud Prevention