IPQualityScore's Device Fingerprint Technology allows you to further analyze your users, transactions, ad traffic, and similar data to produce highly accurate Fraud Scores. Multi-layered AI & machine learning algorithms analyze user behavior and intent against millions of patterns to accurately identify high risk activity. Over hundreds of data points are scored to produce a confident result for fraud prevention.
After creating a Device Fingerprint Tracker, you will be presented with a script to include on your website to analyze behavior. We recommend placing this script on a funnel page or through a critical flow of your website such as the registration, login, or checkout/payment page. It is also useful at filtering impressions, clicks, redirects, and similar actions. You may create unique trackers for different pages or sites.
It is recommended to associate a request with an identifying piece of information (such as a "userID", "clickID", "transactionID", etc.). Any Custom Tracking Variables established in your account settings can be passed with each device fingerprinting request. This allows our reporting tools to filter by specific users, products, campaigns, transactions, etc. so that you can easily identify fraudulent activity. Simply pass your value(s) to our script as seen below to take advantage of this feature.
Our system allows you to execute a function after results are finished loading. You can use this for a variety of reasons. The most common include:
You can specify a function to be executed after our API returns its result by adding something like this after the script tag provided on the tracker page.
If you are storing limited data upon the initial check with Startup.AfterResult(), such as the "request_id", or would like to rescore a user based on changes you have made to your Custom Scoring Weights, then you can retrieve updated data using the following example:
Let's say we didn't have the "request_id" and did not capture any data with Startup.AfterResult(), but we knew that the request used Startup.Store() to associate the lookup with "userID" = 99. The data can retrieved by setting "type" to the correct tool and appending the "userID". This approach supports any variables on your account's Custom Tracking Variables and will always return the most recent request data that matches the search parameters.
|message||string||A string describing the output in human terms. Generally this will only have a non-empty value in the case of an error.|
|success||boolean||Status of the request.|
|device_id||SHA256 / string||A hash of the user's device based on the data we received. This can be used for tracking purposes or passed to our callback for confirmation.|
|guid||SHA256 / string||Sticky tracking ID that will stay with the user as they change their IP address, browser, etc. This is the most useful parameter for tracking duplicate accounts. Some "guid" values may represent common default configurations which could correspond to multiple users, so use in conjunction with "guid_confidence".|
|guid_confidence||int (0 - 100)||Accuracy of the "guid" match which associates a profile with duplicate users. 0 = not likely, 100 = very likely. A result of 100 is a guaranteed match. Confidence levels below 100 use an intelligent "best guess" approach. Some "guid" results may overlap users, such as a device with factory settings for popular devices.|
|fraud_chance||int (0 - 100)||How likely this device is to commit fraud or engage in abusive behavior. 0 = not likely, 100 = very likely. 25 is the median result. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent. We recommend flagging or blocking traffic with Fraud Scores >= 85, but you may find it beneficial to use a higher or lower threshold.|
|proxy||boolean||Returns true if the lookup is on a Proxy, VPN, or Tor connection.|
|vpn||boolean||Is this IP suspected of being a VPN connection? (proxy will always be true if this is true)|
|tor||boolean||Is this IP suspected of being a Tor connection? (proxy will always be true if this is true)|
|recent_abuse||boolean||This value will indicate if there has been any recently verified abuse across our network for this user. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days.|
|bot_status||boolean||Premium Account Feature - Indicates if this device is a bot, spoofed device, or non-human request. Provides stronger confidence in decision making.|
|reasons||array[string]||Premium Account Feature - Fraud Score Insights explain how this device's Fraud Score was calculated and provides further detail into enhanced Fraud Scores and penalties. This data point is only available via the postback API so real-time users cannot reverse engineer why they were penalized.|
|ISP||string||Internet Service Provider of the IP address. If unavailable, then "N/A".|
|country||string||Two letter country code of the IP address, example: "US".|
|city||string||City of IP address if available or "N/A" if unknown.|
|region||string||Region or state of IP address if available or "N/A" if unknown.|
|timezone||string||Timezone of IP address if available or "N/A" if unknown.|
|mobile||boolean||Is this a mobile device?|
|operating_system||string||Operating system name and version or "N/A" if unknown.|
|browser||string||Browser name and version or "N/A" if unknown.|
|brand||string||Brand name of the device or "N/A" if unknown.|
|model||string||Model name of the device or "N/A" if unknown.|
|unique||boolean||Returns false if this device ID has been seen on multiple IP addresses. Returns true if we haven't seen this ID on multiple IPs.|
|canvas_hash||SHA256 / string||A hash of the user's Canvas profile, calculated by the graphics card and other device hardware. This value is often not unique, so should not be used to identify a specific user.|
|webgl_hash||SHA256 / string||A hash of the user's WebGL profile, calculated by the graphics card and other device hardware. This value is often not unique, so should not be used to identify a specific user.|
|request_id||string||A unique identifier for this request that can be used to lookup the request details, interact with our API reports, or send a postback conversion notice.|
|fast_processing||boolean||If this request is waiting for a callback or passing tracking variables then fast_processing will be false. Requests process faster without this data.|
|time||int||Unix timestamp of request.|
|last_seen||Date Time||Time of the most recent request.|
You can specify a function to be executed after our API fails to return its results correctly. This could be a result of them blocking some of our tracking or disabling third party scripts.
You can optionally process the Device Fingerprint service to collect additional details after the user has performed an action, such as after the user has submitted an order or purchase form. Our system allows you to provide an element to bind to as part of an "onclick" or "onsubmit" trigger. When the user clicks or submits that element, the Device Fingerprint code will execute and gather the form elements you've specified to perform fraud analysis.
The trigger will override the default action of the element's "onclick" or "onsubmit" function, perform IPQS fraud analysis and Device Fingerprinting service, and then execute the original action of the element. For example, if you bind the trigger to a form's submit button, our Device Fingerprint script will run first, then it will append the results of our fraud scoring to your form, and submit the form to your server. Setting "Startup.FormFieldPrepend" will prepend a title to all appended form variables as shown in the example above.
If you would like to prevent submitting the form right away, then you can use the Startup.AfterResult() function detailed above. When using the Startup.AfterResult() function, the Device Fingerprint will not append the results to your form. The console log will report errors if the service is unable to bind to your supplied trigger.
If you prefer to execute code right before our API is called during a trigger event, you can optionally supply a callback function as the second parameter on Startup.Trigger(). The event object will be passed so you can optionally utilize preventDefault() or call any other function as needed.
Below is a list of optionally accepted parameters for order & transaction support, a brief description and a listing of their required formatting. All fields are optional and should be passed with Startup.FieldStore(). Please note, it is recommended to use our dedicated Transaction Scoring API for more accurate analysis on transaction & user data.
|billing_first_name||String||The customer's billing first name.|
|billing_last_name||String||The customer's billing last name.|
|billing_company||String||The customer's billing company.|
|billing_country||String||The customer's billing country name or billing country ISO-Alpha2. (EG: United States or US)|
|billing_address_1||String||The customer's billing street address part 1.|
|billing_address_2||String||The customer's billing street address part 2.|
|billing_city||String||The customer's billing city.|
|billing_region||String||The customer's billing region or state.|
|billing_postcode||String / Number||The customer's billing postcode or zipcode.|
|billing_email||String||The customer's billing email address.|
|billing_phone||Number||The customer's billing 11 to 14 digit phone number. (If less than 10 digits provided, the country code will be guessed by our AI.)|
|shipping_first_name||String||The customer's shipping first name.|
|shipping_last_name||String||The customer's shipping last name.|
|shipping_company||String||The customer's shipping company.|
|shipping_country||String||The customer's shipping country name or shipping country ISO-Alpha2. (EG: United States or US)|
|shipping_address_1||String||The customer's shipping street address part 1.|
|shipping_address_2||String||The customer's shipping street address part 2.|
|shipping_city||String||The customer's shipping city.|
|shipping_region||String||The customer's shipping region or state.|
|shipping_postcode||String / Number||The customer's shipping postcode or zipcode.|
|shipping_email||String||The customer's shipping email address.|
|shipping_phone||Number||The customer's shipping 11 to 14 digit phone number. (If less than 10 digits provided, the country code will be guessed by our AI.)|
|username||String||The customer's username.|
|password_hash||SHA256 / string||For security reasons and following industry best practices, a SHA256 hash of the user's password for better user analysis.|
|credit_card_bin||Number||First six digits of the credit or debit card, referred to ask the Bank Identification Number.|
|credit_card_hash||SHA256 / string||For security reasons and following industry best practices, a SHA256 hash of the credit card number is accepted to check against blacklisted cards.|
|credit_card_expiration_month||Number||Two letter format of the credit card's expiration month. For example, May would be "05".|
|credit_card_expiration_year||Number||Two letter format of the credit card's expiration year. For example, 2022 would be "22".|
|avs_code||Number||One letter Address Verification Service (AVS) response code provided by the credit card processor or bank.|
|cvv_code||Number||One letter Card Verification Value (CVV2) response code provided by the credit card processor or bank.|
|order_amount||Number||Total balance of the entire order without currency symbols.|
|order_quantity||Number||Quantity of items for this order.|
|recurring||boolean||Is this a recurring order that automatically rebills?|
|recurring_times||Number||If this is a recurring order, then how many times has this recurring order rebilled? For example, if this is the third time the user is being billed, please enter this value as "3". If this is the initial recurring order, please leave the value as blank or enter "1".|