Fraud continues to become more pervasive and costly for financial services companies and institutions, making it a principal concern for executives. For example, instances of account takeover have increased dramatically, with consumers losing almost $16 billion in 2024, a 23% from the previous year, according to a recent Javelin study.
This means executives are constantly on the lookout for ways to better mitigate their risk, though they remain acutely aware that greater security can pose a hurdle to the convenient access consumers have come to expect from all things digital.
As part of our ongoing look at types of fraud and ways to mitigate them, this article will examine device fingerprinting—an advanced fraud-fighting tool that avoids creating additional friction in the user experience.
What is a device fingerprint?
A device fingerprint is a collection of information about the software and hardware of a remote computing device, allowing it to be identified. This includes things like the IP address, geolocation, browser and operating system settings, cookies, and more. The act of collecting this information is known as device fingerprinting—a fast-evolving method for identifying fraud signals.
By analyzing users’ configurations of software and hardware, device fingerprinting creates a unique ID—known as a device hash—for each configuration. The aim is to recognize potential connections between users and/or make assumptions about the veracity of intentions coming from a given device, thus highlighting potential fraudulent activities.
Subtypes of device fingerprinting include mobile device fingerprinting, browser fingerprinting, and cross-device fingerprinting. The latter refers to the tracking of users and their activity across different devices, based on certain identifiers that go unchanged when switching between a smartphone, computer, or tablet, for instance.
The benefits of using device fingerprinting
Device fingerprinting can help detect fraudsters and other bad actors. This uplevels fraud detection capabilities with respect to things like account takeovers, digital onboarding fraud, payment fraud, and more, without impacting the customer experience
For example, fraudsters often gain access to lists of compromised login details from data breaches and use trial-and-error to see if they work on other platforms. The repetitive nature of this process makes it nearly impossible to change devices with each attempt. Bad actors, therefore, try to go undetected by:
Clearing their cache
Switching browsers
Using incognito mode
Using virtual machines
Using device spoofing or anti-fingerprinting tools
Using emulators to spoof mobile devices
Device fingerprinting can help catch these red flags, particularly highly advanced spoofing attempts that can indicate well-organized fraud rings.
Find out how much identity verification is worth to your organization
Prevent fraud, win users, and protect your bottom line
How do device fingerprinting solutions work?
To understand how device fingerprinting works, one must first understand how a user accesses a platform. There are two components: the device initiating the session and an internet connection that retrieves an IP address. The resulting two data sources—present throughout a given browsing experience or digital session—provide all of the needed data points to fingerprint the device in question.
Plaid Identity Verification (IDV), for example, begins a "fingerprinting" session by looking at hundreds of different data points extracted from the above sources, including:
Browser plugins used
Browser and OS settings
WebGL parameters
User agent details
TCP settings
Cookies
Screen resolution
Battery usage
Device memory
With this information, Plaid IDV is able to identify returning users with 99.5% accuracy. It's also able to see how many IDV sessions the user has initiated, both on a customer’s platform specifically and across the breadth of Plaid IDV’s network.
Using multiple data points is crucial to ensuring the accuracy of online identity verification and preventing unauthorized access.
Plaid IDV also speeds up the verification process from the user side by using autofill and Remember Me, which allows users to navigate the device fingerprinting process faster and with less friction.
→ Want to fight fraud while maintaining a user-friendly experience? Plaid Identity Verification is the lowest friction identity verification tool available.
Device fingerprinting alone is not enough
The growth of device fingerprinting methods has led to the development of anti-fingerprint browsers, which intercept the requests used to build a browser fingerprint and return spoofed responses.
These browsers can be used for legitimate purposes, such as by privacy advocates aiming to prevent tracking through the return of a standing fingerprint. However, they can also be employed by bad actors to return a fraudulent fingerprint in order to impersonate a different browser or device. Indeed, existing technology can dynamically create fingerprints to meet the specific requirements desired to impersonate a given user.
Moreover, fingerprints can also be stolen from real user devices via malware, then imported into the anti-fingerprinting browsers to attempt to spoof the user in question. That’s why device fingerprinting solutions alone are not enough, and should be paired with additional data source verification, as well as tools like biometric identity verification.
How Plaid Protect goes beyond: The evolution of device fingerprinting
As bad actors become more skilled and technologically-savvy, device fingerprinting alone is not enough to protect consumers or businesses. The launch of Plaid Protect, currently in beta, is Plaid’s answer to these evolving threats.
Plaid Protect is a real-time fraud intelligence system built on top of Plaid's network across more than 7,000 apps. Because it uses device data only Plaid has access to, Protect offers faster, real-time threat detection. By looking at device data like network behavior, bank account history, ID verification, device signals, and shared fraud reports, Protect can catch even the most complex fraud signals–long before other systems can.
Even more importantly, Plaid Protect does this without increasing user friction. This means businesses can protect themselves and their customers without impacting the user experience or conversion rates.
A powerful tool in your fraud-prevention arsenal
With fraud becoming increasingly frequent and ever-more advanced, it’s essential that companies take every necessary step to combat it. At the same time, they must maintain a delicate balance of user-friendly ease.
Because device fingerprinting requires no action from the user, it’s a friction-free first line of defense against potential bad actors. When paired with additional fraud-fighting tools like Plaid Protect, it can help weed out fraudsters in the initial stages of a potential attack—keeping users safe and protecting your company’s bottom line.
Learn more about Plaid Identity Verification and Plaid Protect.
Learn more
Recommended reading
The Ultimate Guide to Identity Verification
Account takeover: what it is and how fintechs can stop it
3 ways to prevent first party fraud in fintech