Device Identification - Fraud Library

The Fraud Practice eCommerce Fraud Consulting Services

aka. Device ID, Device Identification, Device Authentication

Device Identification is a technique used to establish a "fingerprint" of a users computer or other web access device in order to track their activity and determine linkages between other devices.

Enter your search terms Submit search form

Web www.fraudpractice.com

14 Different consumers, 14 different IP addresses, but they are using the same computer ???

The concept of device identification is not new, cookies have been around for long time, the problem is a user can delete and manipulate a cookie. Device identification has grown into a very sophisticated science, with versions that are completely transparent to the user, to some that load applets or other programs to serve their purpose.

How Good Is It? 

Device Identification is not full-proof, and fraudsters can get around this technique, but the commercial solutions available today make the effort on the fraudsters part very time and resource intensive to do so.

Device Identification is an excellent subsequent visit authentication mechanism, to be able to say the user in a subsequent visit is using the same computer as the last time they came to the site. Additionally it provides strong tools for linking mulitple accounts to the same device.

Device Identification works well for digital products, where a fraudster doesn't have to alter any information they have stolen from a victim. In these cases the identity information you would receive looks good, and would pass all authentication methods. If you were using device identification, the next time the fraudster attempted to make a purchase with a different identity, you would be able to catch them.          

Considerations When Implementing or Buying This Functionality    

• How many different variables are being used to identify a device ?

• "Exact" matches are easy to track and manage, the art and science is in the ability to apply partial matches to an existing device.
• Device Identification is better suited to catching repeat fraudsters, habitual friendly fraudsters and in some cases fraud rings.
• Device Identification is an excellent mechanism for account login authentication.
• Does the vendor allow for sharing device information with other similar companies?
• Device Identification is a tool, and you will need to do other fraud checks, authentication and verification techniques to create a complete solution.
• It is normal behavior for a consumer to have more than 1 device!

Estimated Costs – Solutions are available in a pay for each transaction and subscription fee basis.

Alternative Solutions – Cookies, ActiveX tracking controls, tokens.

Vendors – 41st Parameter, Iovation, RSA, iPASS

How Does it Work?  

Device Identification uses some to all of the "passive" data collected when a user interacts with your website. There are a number of discrete pieces of information that can be collected and used. In some cases these solutions will use a piece of code that a user must accept to tag the device. Just remember, if the user knows they are adding a piece of code, and they are fraudster, than they also know they need to remove it.

How Do I Use the Results? 

The primary use is to catalogue and maintain velocities on the number of devices associated with an account, and the number of accounts associated with a device. Additionally you should blacklist devices and prevent any device associated with fraud from doing future business.

Building This In-House 

While it is possible to build this in-house, the tricky part is modeling and building out the partial match capability. Any solution that relies solely on full matches will be short lived, and will provide very little uplift.

Property of The Fraud Practice, all rights reserved, no unauthorized duplication, reproduction or distribution without the express written permission of The Fraud Practice.