In the real world, people rely on their senses to recognize one another—for instance, a small business owner might recognize a regular’s voice over the phone, or they might recognize the face of a repeated shoplifter. Online, where people interact through devices, identification is equally as important and yet much more complicated.
There are a few primary ways that website and app developers can track and recognize unique devices and by extension, their users. One is through the use of cookies–files created by websites that keep track of their users’ website preferences, location, and credentials. Another common way is through device fingerprinting.
Device fingerprinting uses a unique combination of device attributes to recognize devices when cookies aren’t available. These attributes can include the device model, which operating system (OS) the device is running on, IP address, browser version, screen resolution, and much more.
Similar to the way that no two people share the same set of fingerprints, two devices are also highly unlikely to share all of their attributes exactly in common. This fact is what enables device fingerprinting to be used to identify individual devices and authenticate users.
The accuracy of a device fingerprinting solution depends on which attributes are used to create it. Some attributes are easier to manipulate than others, making them less reliable for identification. When done well, device fingerprinting can detect multiple account creations and maintain account security by preventing account takeovers. However, doing effective device fingerprinting isn’t as straightforward today as it was in the past.
The world of online user identification and fraud prevention is constantly evolving, and legacy device fingerprinting solutions are struggling to keep up. Several factors make device fingerprinting less effective today than in the past.
1. Online privacy
For example, today’s Internet users are much more concerned about their online privacy, and web browsers are reflecting this change in user priorities with policies that make it more difficult to collect data about certain device attributes.
In the same vein, privacy tools like VPNs (which mask some user information, such as IP addresses) are growing more common among individual users as well as organizations. According to Forbes Advisor, two-thirds of Americans and one-third of people globally have used a VPN at some point. In the same survey, 47% of respondents said that they use a VPN to enhance their data privacy.
2. New device models and operating systems
Another factor that makes fingerprinting more complex for legacy solutions is the constant release of new device models and operating systems. There’s also the fact that people today simply use more devices per person than in years past. Parks Associates research from 2022 showed that US households now own an average of sixteen connected devices each. When a single household is using that many devices, it’s a lot harder than it used to be to identify a rogue device.
3. Fraud tactics are more sophisticated
Lastly, fraudsters themselves have grown more sophisticated and organized as they’ve devised workarounds for online fraud prevention tactics and tools, including device fingerprinting. Bad actors can manipulate and mask their device fingerprint with little technical skill by using techniques like factory resetting a device, changing OS or screen resolution, using multiple devices, or using app cloners to run multiple instances of an app on a single device.
All of these factors combined mean that the device fingerprinting solutions of yesterday are no longer resilient enough to accurately identify and re-identify bad actors. However, that doesn’t mean that fraud prevention using device recognition is impossible. It means that, just like fraudsters and their methods have evolved over time, device fingerprinting technology also needs to be re-imagined.
Despite the weaknesses of legacy solutions, device fingerprinting still has immense potential. That potential is unlocked when the fingerprint is combined with other identity signals. At Incognia, we’ve created the winning combination: a proprietary device fingerprint paired with hyper-precise location data. This combination of location and device intelligence allows Incognia to accurately identify over 99.9% of users, making it an incredibly powerful account security and fraud prevention tool.
Incognia’s Location Fingerprint uses precise location analysis in conjunction with device fingerprinting to create valuable new capabilities. For example, leveraging location data enables Incognia’s solution to accurately identify devices that have been factory reset, which has been a long-standing weakness of device fingerprinting. This makes it a much more persistent, “stickier” identification solution.
The persistence of Incognia’s solution also makes it particularly effective in identifying users creating fake accounts (also known as multi-accounting). The location layer incorporated in Incognia’s next-gen device fingerprint solution makes associations between devices and accounts more apparent, meaning that what may on the surface appear to be multiple devices can be accurately identified as just one device and treated accordingly.
The added context that location intelligence provides allows platforms to take a proactive approach to fraud prevention rather than a reactive one. This in turn can lead to less resources being spent on manual review and improve downstream outcomes.
Traditional device fingerprinting isn’t the solution it once was, but that doesn’t mean it can’t evolve into a better one. Even as fraudsters evolve and refine their strategies, fraud prevention technologies like Incognia’s location and device fingerprint solution stay on the cutting edge to help platforms rise to the challenge. To learn more about our innovative new approach to reliable and persistent device recognition, visit our Location Fingerprint page.