Device fingerprinting

Article by: Alisdair Faulkner, VP Products
Date: 29 May 2008
Last Update: 7th September 2008

ThreatMETRIX device fingerprinting technology can pin-point fraudsters regardless of credit card, name or IP Address used.

Device Fingerprinting is valuable because fraudsters use stolen identities and proxies to fool IP Address blacklists and IP Geolocation filters. Worse, companies are turning away good customers by accidently blacklisting IP Addresses shared by customers in the same hotel or company.

On the surface many devices share similar and predicable set of attributes, for example operating system and browser type, but there are many subtle differences between computers such as plug-ins that are installed in the browser and other attributes that are less obvious. Fraudsters will try to get around any detection system, and device fingerprinting is no different. However, typically good customers present themselves in predictable ways which causes fraudsters trying to cover their tracks to stand out like a sore thumb.

When evaluating Device Fingerprinting tools it is important to understand the strengths and weaknesses of different approaches available and to appreciate that Device Fingerprinting is a necessary, but not sufficient, weapon in your Device Risk Intelligence arsenal. Device Fingerprinting is necessary because you need tools that help you recognize a returning fraudster even when their IP Address changes though the use of botnet proxies. Without Device Fingerprinting your IP Address based fraud filters are costing you money in falsely rejected orders and additional order review costs due to its inherent inaccuracy. However, Device Fingerprinting and Device Reputation is not a panacea in itself as it does not provide first time fraud protection. Just like stolen credit card and identity details, new devices are continually used and recycled over time. The real power of Device Fingerprinting and Device Reputation as a fraud prevention tool lies in the ability to transparently correlate Device Attributes and Anomalies at the browser, protocol, packet and operating system level in order to catch fraud attempts the first time.

This is where ThreatMETRIX Device Fingerprinting and Profiling excels. Unlike other methods which simply look at browser attributes and IP Address information, ThreatMETRIX through its Hyper Profiling technology is able to dig deeper and extract intelligence that other Device Fingerprinting and Device Identification approaches cant see. ThreatMETRIX will to peer through proxies in real time to provide both TrueGeo and TrueIP information, as well as look deep into individual packets of the Device's connection to discover hidden fraud attempts in real time.

The two common approaches used to Fingerprint Devices today are browser fingerprinting and browser tagging. While useful, they both share the limitation that the browser can be easily changed and manipulated. For example, knowledge of the time zone on a PC is a useful parameter for detecting anomalies; however, it is also trivial for a fraudster to change. Even information about the browser being used is easily spoofed. Likewise, malware used by professional fraudsters to infect devices and carry out fraudulent transactions are programmed to delete cookies.

These Browser-based Device Fingerprinting and Device Identification approaches are only able to see the tip of the iceberg - and what you cant see can sink you. What ThreatMETRIX patent-pending Device Profiling technology is able to see that others cant is the additional fraud intelligence that is available at the packet and protocol level during a transaction. ThreatMETRIX goes beyond simple Browser Fingerprinting to include Operating System Fingerprinting, Protocol Fingerprinting and Packet Fingerprinting in order to provide a complete view of whether a device should be trusted or not in a card-not-present or online transaction.

ThreatMETRIX real-time device profiling and analytics capability is combined in real-time with the ThreatMETRIX Device Intelligence Network, a global fraud intelligence network that includes shared Device Reputation data as well as the active collection and collation of botnet activities. ThreatMETRIX tracks over 10 million malicious Device Fingerprints at any given time, and has profiled over 180 million since its inception. Unlike other approaches, ThreatMETRIX TrueRep capability will protect you even when a device with previous "good" reputation suddenly turns "bad".

Combined, ThreatMETRIX True Device Fingerprinting and Profiling technology provides the most comprehensive Device Risk Intelligence available, helping you make identity verification more efficient and effective.