Product

Using browser fingerprinting to deter repeat fraud

Each of our browsers are unique, just like us.

Icon of a browser fingerprint
Last updated:
2/21/2024
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways

‍A browser fingerprint is a unique string that documents a specific interaction between a web browser and a device. Browser fingerprinting can be used as a lightweight form of fraud prevention via partial identity verification. 

We’ve built features into Persona that allow you to use browser fingerprints in your verification and review processes to flag bad actors. This can augment the existing fraud prevention that Persona already offers with another layer of verification. 

Please note: We do not use browser fingerprinting to track web users or collect personally identifiable information. 

If you’d like to calculate your fingerprint, check out amiunique.org, which also shows you how similar you are to others on the web. This will not calculate the same fingerprint that we compute on our end, due to a difference in the components of the fingerprint, but should give you an idea of how the browser fingerprint is computed.

How can browser fingerprinting be used to deter repeat fraud?

The shorter answer: 

  1. When you use Persona, you already have a handful of checks in place that are used to verify the identity of individuals. 
  2. If you flag an inquiry as potentially fraudulent, you can add information about that inquiry to a List in Persona (browser fingerprint being one example List type).
  3. If the bad actor returns with the same browser settings, you’ll be able to spot them quickly as a short term solution to detect future fraud. 

The longer answer: 

Each one of our browsers are actually quite unique. Browser fingerprinting collects a specific set of data related to the browser itself. This includes information like user agent header, font list, and operating system. The fingerprint does not rely on cookies or IP addresses, and works when returning on the same browser on the same device. If you switch between browsers, ex. Google Chrome vs. Safari vs. Firefox, it will compute a different browser fingerprint since the settings will be different. 

Browser fingerprinting can be used to detect repeat fraud by identifying data points about a user, without tracking that user with cookies. This means you can check if a user matches another user who has previously gone through the system based on matching that unique string computed with information from the browser. If the fingerprints match with one that has been marked as suspicious, you’ve initiated your first line of defense.

Browser fingerprinting is a short term fraud deterrence strategy

It’s important to note that browser fingerprinting is best used as a short term fraud prevention tool. If an individual updates their browser version, their browser fingerprint will update, which will not provide accurate verification results. Browser fingerprinting should never be your singular fraud prevention tool, but it can serve as an additional layer of defense.

Browser fingerprinting is security compliant 

When Persona collects browser fingerprints, we do not collect any information about the user themselves. There is no way to identify any individual via a browser fingerprint or tie it back to any end-user. There are no compliance concerns or PII involved in a browser fingerprint.

Browser fingerprinting with Persona Workflows and Lists

With Persona, you can use browser fingerprinting to catch repeat fraud through our Workflow and Lists features in the Persona Dashboard, which lets you set up certain scenarios with if-then-else statements to automate your decisioning and review process. 

If you flag a bad actor, you can add their browser fingerprint to a List, which will create a match if that user tries again with the same browser settings. Additionally, you can enable a Workflow to raise a flag if this match occurs on your List, which you can set up to automate the decision to move to manual review for further investigation. 

Creating browser fingerprint Lists

When you click into an Inquiry, the browser fingerprint is listed under the devices section on the bottom right. You will need this when you set up your List.

Browser fingerprint section inside inquiry details in the Persona dashboard.

To start, add a new List in the Persona Dashboard. Pick any List name that you’d like, in this case, “Bad Browser Fingerprints,” and a List type of “Browser fingerprint.” You need to have the browser fingerprint first to input into the List, from the Inquiry page (above).

Add new list dialog in the Persona dashboard.

After the List has been created, in the next screen, you will be prompted to add the browser fingerprint that you want to track to that List, and then click “Add Item.” You will have to go to that individual’s inquiry page in the Dashboard to find their browser fingerprint, which is automatically computed. This will populate your new List with the browser fingerprint.

Once added, you will see that specific browser fingerprint show up in the List. If an individual goes through an inquiry flow again, it will be flagged as a match on the List, as long as they are on the same browser and version, with the same settings. When you click into “List matches” on that Inquiry, you will see a log of any List types that came up as a match.

List matches in the Persona dashboard.

Building Workflows for browser fingerprints

Workflows in Persona are like if-then statements that are used to move Inquiries to your manual review if they obtain certain, prescribed characteristics. Setting up this Workflow is simple. When you click “Add criteria” in your Workflow, you will be given the opportunity to add criteria around any List matches. When you set up your Workflow with the List match, you will be prompted in the dropdown with any Lists you have made (this is why we recommend creating your List before setting it up with the Workflow).

Creating a workflow in the Persona dashboard.

For this scenario, the Workflow is triggered when an Inquiry is completed and if there is a match on the “Bad Browser Fingerprint” List. Then, it will send the inquiry to “Mark for review” for the match. If the inquiry has no matches, the Workflow will fall through to the next step defined in the route. In this Workflow, a Browser Fingerprint match is marked for review, and if there is no match, the inquiry completes regardless of any Workflow requirements.

Viewing a workflow in the Persona dashboard.

‍Please note: Our Workflows feature is currently under a feature flag and has not been released for everyone yet. If you would like early access, please email [email protected].

What's next?

Ultimately, browser fingerprinting is powerful in the sense that it is a lightweight, frictionless, repeat fraud-prevention mechanic. It is a quick, short term way to set up an added layer of protection for your business. 

As we continue to build for your productivity in Persona, we plan to iterate on browser fingerprinting features by letting you add to a List directly through a Workflow. 

To try out this feature, request a demo or chat with someone on our team here.

Methods for fingerprint tracking

Some of the most common methods for browser fingerprinting include:

Cookie fingerprinting

Cookies are small text files stored in your browser that allow websites to personalize your experience or authenticate user identity. Here’s how they work: The first time you visit a site, your browser downloads cookies. When you return, the site accesses the cookies stored in your browser to display the same font size, screen resolution, and other display characteristics.

Cookies can also carry pieces of information that identify your location or device type. Businesses can use these small bytes of text to verify users before granting access to secure services or accounts.

However, sites are now required to disclose the use of cookies and give individuals the chance to decline some or all of the cookies offered, which could reduce the overall efficacy of cookie-based ID verification.

Canvas fingerprinting

Canvas fingerprinting leverages the HTML5 canvas element, which can force browsers to draw images or text. This process occurs behind the scenes, so it doesn’t impact the user experience, and it offers a reliable way to fingerprint device information. By analyzing the specific way your browser draws text or images, this fingerprinting method can discover information about user graphics cards, drivers, web browser settings, and OS types.

Device fingerprinting

Device fingerprinting takes verification a step further by identifying all media devices that are connected to a desktop or laptop. This includes both internal components such as graphics and sound cards and peripheral devices such as headsets and cameras. Devices are then assigned a unique identifier based on their specific configuration.

Audio fingerprinting

This fingerprinting method analyzes the way your device plays sound to determine what type of audio devices are connected to your desktop or laptop and glean information about drivers and software.

WebGL fingerprinting

Similar to canvas fingerprinting, WebGL compels browsers to draw specific shapes or text as a way to identify key graphics hardware and create unique user profiles. While some browser plugins can be disabled to limit the amount of graphics card information available, WebGL fingerprinting is similar in reliability to canvas fingerprinting for ID verification.

Published on:
4/21/2020

Frequently asked questions

How accurate is browser fingerprinting?

It depends. Desktops are easier to identify than mobile devices, and accuracy increases as more techniques are used simultaneously.

Do specific internet browsers have fingerprinting limitations?

While leveraging services such as the Tor browser or VPNs makes it possible to limit data collection, no method or browser is completely impervious to fingerprinting.

What types of businesses should use browser fingerprinting?

Any business that wants to deter fraud should consider using browser fingerprinting to reduce total risk.

Is browser fingerprinting easy to circumvent?

Individuals can create multiple IDs or mask their IP address to reduce the efficacy of browser fingerprinting. They can also reduce their total number of browser extensions or use services that disable Javascript interactions to limit the amount of browser data available. Ultimately, however, the only way to circumvent fingerprinting is by avoiding the internet in general.

What about privacy?

Privacy is a critical concern in browser fingerprinting, since in-depth data could put users at risk. Persona’s fingerprinting approach does not collect information about the individual themself. Instead, it creates a unique user profile based on specific hardware and software information.

Continue reading

Continue reading

Build the onboarding flows you need with our self-serve Dynamic Flow for Startups solution
Build the onboarding flows you need with our self-serve Dynamic Flow for Startups solution
Product

Build the onboarding flows you need with our self-serve Dynamic Flow for Startups solution

Building identity flows doesn’t need to be time or resource intensive. See how Persona can help solve your identity challenges with Dynamic Flow for Startups.

Startups’ top four identity verification challenges — and how Persona can help
Startups’ top four identity verification challenges — and how Persona can help
Product

Startups’ top four identity verification challenges — and how Persona can help

Simplify KYC with Persona's no-code editor and tailored support for swift, effective identity verification.

Optimize your identity processes with our top orchestration resolutions
Optimize your identity processes with our top orchestration resolutions
Product

Optimize your identity processes with our top orchestration resolutions

Learn how Workflows automates identity processes, compliance, and fraud prevention. See how more data leads to better decisions.

How device fingerprinting catches suspicious actors
Industry

How device fingerprinting catches suspicious actors

Device fingerprinting is an effective way for organizations to catch suspicious actors in their tracks. Learn how you can apply it.

Link analysis: How can it help you spot fraud?
Industry

Link analysis: How can it help you spot fraud?

Link analysis is a method of analyzing data that allows you to study relationships that aren't visible in raw data. Learn more.

Capture more fraud with less effort using link analysis via Persona Graph
Product

Capture more fraud with less effort using link analysis via Persona Graph

Proactively stop hard-to-catch fraud in its tracks with Persona

Ready to get started?

Get in touch or start exploring Persona today.