Using Browser Fingerprinting to Deter Repeat Fraud

Using Browser Fingerprinting to Deter Repeat Fraud

Each of our browsers are quite unique, just like us

A browser fingerprint is a unique string that documents a specific interaction between a web browser and a device. Browser fingerprinting can be used as a light-weight form of fraud prevention via partial identity verification. 

We’ve built features into Persona that allow you to use browser fingerprints in your verification and review processes to flag bad actors. This can augment the existing fraud prevention that Persona already offers with another layer of verification. 

Please note: We do not use browser fingerprinting to track web users or collect personally identifiable information. 

If you’d like to calculate your fingerprint, check out amiunique.org, which also shows you how similar you are to others on the web. This will not calculate the same fingerprint that we compute on our end, due to a difference in the components of the fingerprint, but should give you an idea of how the browser fingerprint is computed.

How can browser fingerprinting be used to deter repeat fraud?

The shorter answer: 

  1. When you use Persona, you already have a handful of checks in place that are used to verify the identity of individuals. 
  2. If you flag an inquiry as potentially fraudulent, you can add information about that inquiry to a List in Persona (browser fingerprint being one example List type).
  3. If the bad actor returns with the same browser settings, you’ll be able to spot them quickly as a short term solution to detect future fraud. 

The longer answer: 

Each one of our browsers are actually quite unique. Browser fingerprinting collects a specific set of data related to the browser itself. This includes information like user agent header, font list, and operating system. The fingerprint does not rely on cookies or IP addresses, and works when returning on the same browser on the same device. If you switch between browsers, ex. Google Chrome vs Safari vs Firefox, it will compute a different browser fingerprint since the settings will be different. 

Browser fingerprinting can be used to detect repeat fraud by identifying data points about a user, without tracking that user with cookies. This means you can check if a user matches another user who has previously gone through the system based on matching that unique string computed with information from the browser. If the fingerprints match with one that has been marked as suspicious, you’ve initiated your first line of defense.

Browser Fingerprinting is a short term fraud deterrence strategy

It’s important to note that browser fingerprinting is best used as a short term fraud prevention tool. If an individual updates their browser version, their browser fingerprint will update, which will not provide accurate verification results. Browser fingerprinting should never be your singular fraud prevention tool, but it can serve as an additional layer of defense.

Browser Fingerprinting is security compliant 

When Persona collects browser fingerprints, we do not collect any information about the user themselves. There is no way to identify any individual via a browser fingerprint, or tie it back to any end-user. There are no compliance concerns or PII involved in a browser fingerprint.

Browser Fingerprinting with Persona Workflows and Lists

With Persona, you can use browser fingerprinting to catch repeat fraud through our Workflow and Lists features in the Persona Dashboard, which lets you set up certain scenarios with if-then-else statements to automate your decisioning and review process. 

If you flag a bad actor, you can add their browser fingerprint to a List, which will create a match if that user tries again with the same browser settings. Additionally, you can enable a Workflow to raise a flag if this match occurs on your List, which you can set up to automate the decision to move to manual review for further investigation. 

Creating Browser Fingerprint Lists

When you click into an Inquiry, the browser fingerprint is listed under the devices section on the bottom right. You will need this for when you set up your List. 

To start, add a new List in the Persona Dashboard. Pick any List name that you’d like, in this case, “Bad Browser Fingerprints” and a List type of “Browser fingerprint”. You need to have the browser fingerprint first to input into the List, from the Inquiry page (above).

After the List has been created, in the next screen, you will be prompted to add the browser fingerprint that you want to track to that List, and then click “Add Item”.  You will have to go to that individual’s inquiry page in the Dashboard to find their browser fingerprint, which is automatically computed.  This will populate your new List with the browser fingerprint.

Once added, you will see that specific browser fingerprint show up in the List. If an individual goes through an inquiry flow again, it will be flagged as a match on the List, as long as they are on the same browser and version, with the same settings. When you click into “List matches” on that Inquiry, you will see a log of any List types that came up as a match.

list match UI


Building Workflows for Browser Fingerprints

Workflows in Persona are like if-then statements that are used to move Inquiries to your manual review if they obtain certain, prescribed characteristics. Getting started with setting up this Workflow is simple. When you click “Add criteria” in your Workflow, you will be given the opportunity to add criteria around any List matches. When you set up your Workflow with the List match, you will be prompted in the dropdown with any Lists you have made (hence why we recommend to create your List first, before setting it up with the Workflow). 

new workflow UI

For this scenario, the Workflow is triggered when an Inquiry is completed, and if there is a match on the “Bad Browser Fingerprint” List. Then, it will send the inquiry to “Mark for review” for the match. If the inquiry has no matches, the Workflow will fall through to the next step defined in the route. In this Workflow, a Browser Fingerprint match is marked for review, and if there is no match, the inquiry completes regardless of any Workflow requirements. 

new workflow route UI

Please note: Our Workflows feature is currently under a feature flag and has not been released for everyone yet. If you would like early access, please email support@withpersona.com.

What now?

Ultimately, browser fingerprinting is powerful in the sense that it is a lightweight, frictionless, repeat fraud-prevention mechanic. It is a quick, short term way to set up an added layer of protection for your business. 

As we continue to build for your productivity in Persona, we plan to iterate on browser fingerprinting features by letting you add to a List directly through a Workflow. 

To try out this feature, request a demo or chat with someone on our team here.