Can Fraudsters Change Their Device Fingerprints?
As technology advances, it’s become much easier for fraudsters to change their device fingerprint using malicious tools and techniques. Changing a device’s fingerprint will make said device look different, and different devices are more likely to be trusted than those that have been used to commit fraud before.
For example, VPN apps are a pretty popular tool used to mask IP addresses. Someone looking to access content unavailable in their current location could use a VPN to change their IP address before logging onto a streaming service. Media and streaming services also cost different amounts depending on where someone is, so users that want to take advantage of lower prices in another country can use VPN apps to switch their location and pay less.
Another way fraudsters can change their device fingerprint is by factory resetting their device, which resets it to its default settings. An app would recognize this device as a new one, therefore allowing the same user to create another account. By factory resetting their phone each time, fraudsters will be able to create new and fake accounts using the same device. Since fake accounts are the root of fraud, the green light to create these accounts exposes digital ecosystems to a host of fraud attacks, including referral and promo abuse, content spam, and transaction fraud.
How Is Device Fingerprinting Used to Stop Fraud?
A device’s fingerprint can be used to stop fraudsters by determining the level of risk at any point in the customer journey—from registration to transaction. This is done by continuously profiling user sessions. Based on this, fraud teams can decide to block risky devices automatically or conduct manual reviews before making a decision. There are three key indicators that a device fingerprinting solution should provide.
1. Device ID
A device ID is a unique string of alphanumeric characters that serves as the identifier of the device. It’s assigned by the fraud prevention vendor and might look something like this: b43n45734oi1208n76j5h43ou7.
The most important aspect of a device ID is that it remains the same even if a fraudster tries to change their device’s fingerprint. Let’s say a fraudster tries to create multiple fake accounts using the same device. The device ID will reveal that the device is linked to multiple accounts, no matter how many times the fraudster factory resets their device and masks their locations to appear as new accounts.
2. Risk Indicators
Device risk indicators reveal the tools and techniques that are typically associated with fraud. Some of the tools include app cloners, GPS spoofers, emulators, and VPNs, and techniques can include app tampering, device tampering, and signs of jailbreaking. When one or more of these is being used by a certain device, they will be flagged as a risk indicator. The presence of one or more indicators does not necessarily mean fraud is happening, but that there is a tool in use that is typically associated with fraud.
3. Risk Score
As the name would suggest, a risk score is a numerical indicator of a device’s ‘riskiness’. It tells you the risk level of a device. This risk score is calculated from an analysis of the type and frequency of tools and techniques used on each device and whether the same device ID is linked to multiple accounts, among many other factors.
Case Study: SHIELD In Action
Let's say you run an e-commerce app. You’re trying to put an end to fake accounts because they’re being used to post fake reviews and abuse the incentives you offer. This can hinder your financial growth, skew your analytics, and damage customer trust. You then decide to implement a device fingerprinting solution. It’ll work something like this:
1. A fraudster tries to create a fake account on your app.
2. SHIELD will check thousands of device data points in real time (e.g. device name, model, screen resolution) and resolve thousands of questions, including:
- Do any other accounts use this device to log into your platform?
- Is the device using any tools or techniques associated with risky behavior? For example, app cloners and bots.
- Do the device’s attributes differ a lot from regular users? For instance, logging in from a country your app doesn’t operate in.
- Has the device been used in a previous fraud attempt?
3. SHIELD’s technology returns device intelligence in the form of:
- A unique device ID.
- The names of the tools and techniques being used to create the fake account.
- A trust score to let you know how trustworthy a device session is.
- How many users are using the device.
4. This device intelligence empowers you to take charge of your risk decisioning. You could:
- Leverage SHIELD to block this device instantly from your platform.
- Send the user account to your fraud team for a review before deciding to accept or reject it.
SHIELD’s Device Intelligence for Fraud Prevention
Getting a precise picture of users and devices is a key tool for preventing fraud on digital platforms. Here at SHIELD, we partner with world-leading enterprises, providing them with device intelligence that empowers them to stop fraud, build trust, and drive growth. Our proprietary device fingerprinting technology enables businesses to make precise decisions about device trustworthiness with the global standard for device identification — SHIELD ID.
Powered by machine learning algorithms and artificial intelligence, we analyze thousands of device, network, and behavioral data points to return the most comprehensive picture of risk on an ecosystem. With our technology, businesses are able to harness accurate signals to eliminate risk blind spots, provide superior user experiences, and accelerate growth.
