Guides

Adding Device Fingerprinting

Device fingerprinting uniquely identifies the device used to access a service. Device fingerprinting provides an effective layer of security in fighting account fraud by identifying unusual or suspicious device behavior. Unlike cookies, device fingerprints do not require storage on a user’s device. Instead, combining the collected attributes creates a unique identifier (the fingerprint). This identifier is used to track users across different websites or sessions, even if they clear cookies or use incognito mode. You can enable device fingerprinting with Verosint by:

The VerosintJS library enables the capture of fingerprints in users' browsers and the submission of these IDs through the Verosint APIs to enhance fraud detection and prevention. Verosint uses device fingerprinting is used to combat account fraud in the following ways:

Identifying New or Unusual Devices — When a user logs into an account, Verosint compares the device fingerprint with past logins. If a login attempt comes from a new or unrecognized device, a Workflow can trigger additional security measures, such as MFA or additional security questions.

Added Risk-Based Authentication — Device fingerprinting can be used as part of Verosint's broader risk and anomaly scoring, which evaluates the risk of each login attempt. Fraudulent actors use various techniques to evade detection, such as:

  • Using or emulating VPNs or proxies to mask their location.
  • Constantly switching between devices or browsers to confuse systems.
  • Using bots to carry out attacks like credential stuffing (trying stolen credentials in bulk).

Device fingerprinting helps detect these anomalies by flagging mismatches between normal user behavior and current session data.

Preventing Account Takeover (ATO) — Account takeover occurs when a fraudster gains unauthorized access to an account. Device fingerprinting helps detect ATO attempts by identifying changes in the user’s usual device or browsing behavior. If an attacker tries to log in from a different device, the fingerprinting system can block or flag the login attempt as suspicious.

Updated 9 days ago