Powered by the device recognition API, Device Fingerprint API overview are enriched with granular data that can include details about the device manufacturer, model and operating system (OS) of each device. This enables the identification of devices that may be using outdated OSes, which are often associated with security risks. In addition, fingerprints can be augmented with risk score augmentations that leverage behavioral analysis, feature aggregation and other factors to increase the accuracy of the overall fraud detection.
The core of device fingerprinting is the ability to collect crucial telemetry during an online action, such as a website visit or payment transaction. Combined with an accurate device ID and risk profile based on the quality of the end-user’s device or browser, fingerprinting can help you identify multi-accounting, account takeovers, digital onboarding, payment fraud and bonus abuse among other threats.
Device Fingerprint API Overview: Detect Fraud & Secure Transactions
In addition to collecting this information, fingerprints must be stable across sessions and remain consistent despite evolving technology and changes in browser behavior such as the use of anti-fingerprinting extensions, screen resolutions and other signaling. This is especially challenging as privacy regulations and initiatives like the new Enhanced Tracking Protection in Firefox limit what can be collected during a session.
Sift’s fingerprinting solution solves these challenges by ensuring that a device’s fingerprint is not changed in any way during the course of a single user’s interaction with your website or app. This is achieved by combining various signaling characteristics such as screen resolution, OS type, anti-fingerprinting extensions and other features into an identifier that is unique to each device. In this way, you can easily compare a device fingerprint to the profiles of your users and take the necessary actions. For example, a fingerprint that is not recognized in your customer’s profile can trigger an alert that requires them to take additional steps like requiring two-factor authentication before proceeding with a privileged transaction.
