A browser fingerprint is a unique string that documents a specific interaction between a web browser and a device. Browser fingerprinting can be used as a lightweight form of fraud prevention via partial identity verification.
We’ve built features into Persona that allow you to use browser fingerprints in your verification and review processes to flag bad actors. This can augment the existing fraud prevention that Persona already offers with another layer of verification.
Please note: We do not use browser fingerprinting to track web users or collect personally identifiable information.
If you’d like to calculate your fingerprint, check out amiunique.org, which also shows you how similar you are to others on the web. This will not calculate the same fingerprint that we compute on our end, due to a difference in the components of the fingerprint, but should give you an idea of how the browser fingerprint is computed.
How can browser fingerprinting be used to deter repeat fraud?
The shorter answer:
- When you use Persona, you already have a handful of checks in place that are used to verify the identity of individuals.
- If you flag an inquiry as potentially fraudulent, you can add information about that inquiry to a List in Persona (browser fingerprint being one example List type).
- If the bad actor returns with the same browser settings, you’ll be able to spot them quickly as a short term solution to detect future fraud.
The longer answer:
Each one of our browsers are actually quite unique. Browser fingerprinting collects a specific set of data related to the browser itself. This includes information like user agent header, font list, and operating system. The fingerprint does not rely on cookies or IP addresses, and works when returning on the same browser on the same device. If you switch between browsers, ex. Google Chrome vs. Safari vs. Firefox, it will compute a different browser fingerprint since the settings will be different.
Browser fingerprinting can be used to detect repeat fraud by identifying data points about a user, without tracking that user with cookies. This means you can check if a user matches another user who has previously gone through the system based on matching that unique string computed with information from the browser. If the fingerprints match with one that has been marked as suspicious, you’ve initiated your first line of defense.
Browser fingerprinting is a short term fraud deterrence strategy
It’s important to note that browser fingerprinting is best used as a short term fraud prevention tool. If an individual updates their browser version, their browser fingerprint will update, which will not provide accurate verification results. Browser fingerprinting should never be your singular fraud prevention tool, but it can serve as an additional layer of defense.
Browser fingerprinting is security compliant
When Persona collects browser fingerprints, we do not collect any information about the user themselves. There is no way to identify any individual via a browser fingerprint or tie it back to any end-user. There are no compliance concerns or PII involved in a browser fingerprint.
Browser fingerprinting with Persona Workflows and Lists
With Persona, you can use browser fingerprinting to catch repeat fraud through our Workflow and Lists features in the Persona Dashboard, which lets you set up certain scenarios with if-then-else statements to automate your decisioning and review process.
If you flag a bad actor, you can add their browser fingerprint to a List, which will create a match if that user tries again with the same browser settings. Additionally, you can enable a Workflow to raise a flag if this match occurs on your List, which you can set up to automate the decision to move to manual review for further investigation.
Creating browser fingerprint Lists
When you click into an Inquiry, the browser fingerprint is listed under the devices section on the bottom right. You will need this when you set up your List.
To start, add a new List in the Persona Dashboard. Pick any List name that you’d like, in this case, “Bad Browser Fingerprints,” and a List type of “Browser fingerprint.” You need to have the browser fingerprint first to input into the List, from the Inquiry page (above).
After the List has been created, in the next screen, you will be prompted to add the browser fingerprint that you want to track to that List, and then click “Add Item.” You will have to go to that individual’s inquiry page in the Dashboard to find their browser fingerprint, which is automatically computed. This will populate your new List with the browser fingerprint.
Once added, you will see that specific browser fingerprint show up in the List. If an individual goes through an inquiry flow again, it will be flagged as a match on the List, as long as they are on the same browser and version, with the same settings. When you click into “List matches” on that Inquiry, you will see a log of any List types that came up as a match.
Building Workflows for browser fingerprints
Workflows in Persona are like if-then statements that are used to move Inquiries to your manual review if they obtain certain, prescribed characteristics. Setting up this Workflow is simple. When you click “Add criteria” in your Workflow, you will be given the opportunity to add criteria around any List matches. When you set up your Workflow with the List match, you will be prompted in the dropdown with any Lists you have made (this is why we recommend creating your List before setting it up with the Workflow).
For this scenario, the Workflow is triggered when an Inquiry is completed and if there is a match on the “Bad Browser Fingerprint” List. Then, it will send the inquiry to “Mark for review” for the match. If the inquiry has no matches, the Workflow will fall through to the next step defined in the route. In this Workflow, a Browser Fingerprint match is marked for review, and if there is no match, the inquiry completes regardless of any Workflow requirements.
Please note: Our Workflows feature is currently under a feature flag and has not been released for everyone yet. If you would like early access, please email [email protected].
What's next?
Ultimately, browser fingerprinting is powerful in the sense that it is a lightweight, frictionless, repeat fraud-prevention mechanic. It is a quick, short term way to set up an added layer of protection for your business.
As we continue to build for your productivity in Persona, we plan to iterate on browser fingerprinting features by letting you add to a List directly through a Workflow.
To try out this feature, request a demo or chat with someone on our team here.
Methods for fingerprint tracking
Some of the most common methods for browser fingerprinting include:
Cookie fingerprinting
Cookies are small text files stored in your browser that allow websites to personalize your experience or authenticate user identity. Here’s how they work: The first time you visit a site, your browser downloads cookies. When you return, the site accesses the cookies stored in your browser to display the same font size, screen resolution, and other display characteristics.
Cookies can also carry pieces of information that identify your location or device type. Businesses can use these small bytes of text to verify users before granting access to secure services or accounts.
However, sites are now required to disclose the use of cookies and give individuals the chance to decline some or all of the cookies offered, which could reduce the overall efficacy of cookie-based ID verification.
Canvas fingerprinting
Canvas fingerprinting leverages the HTML5 canvas element, which can force browsers to draw images or text. This process occurs behind the scenes, so it doesn’t impact the user experience, and it offers a reliable way to fingerprint device information. By analyzing the specific way your browser draws text or images, this fingerprinting method can discover information about user graphics cards, drivers, web browser settings, and OS types.
Device fingerprinting
Device fingerprinting takes verification a step further by identifying all media devices that are connected to a desktop or laptop. This includes both internal components such as graphics and sound cards and peripheral devices such as headsets and cameras. Devices are then assigned a unique identifier based on their specific configuration.
Audio fingerprinting
This fingerprinting method analyzes the way your device plays sound to determine what type of audio devices are connected to your desktop or laptop and glean information about drivers and software.
WebGL fingerprinting
Similar to canvas fingerprinting, WebGL compels browsers to draw specific shapes or text as a way to identify key graphics hardware and create unique user profiles. While some browser plugins can be disabled to limit the amount of graphics card information available, WebGL fingerprinting is similar in reliability to canvas fingerprinting for ID verification.