A Better Title For A Central

On top of that, the whole concept of finding fraudsters using device fingerprints is totally reactive. Even if a device is effectively fingerprinted, it must first be blacklisted for bad behavior at least once before being blocked from future access.

With the understanding that the fingerprints of most users’ devices will change over time, the next step is to figure out which changes to which component, application and configuration that are used to compute the fingerprint are OK to ignore. Often changes on the same device can generate different fingerprints but aren't indicators of fraud. If two distinct fingerprints differ only by one component, i.e. fonts used on browser, fraud data scientists should be able to reliably assume that the two fingerprints are from the same device. If two distinct fingerprints differ by the operating system of the device, fraud data scientists should be able to predict that the two fingerprints are from different devices.

 

A huge limitation of device fingerprinting is how easy it is to fake a new fingerprint. For example, FraudFox is a deterministic program that spoofs the signals of its users according to certain rules, defeating static fingerprinting. Fraud detection data scientists should be able to detect patterns in how FraudFox alters signals and effectively reverse engineer its algorithms to detect when a device’s signals have been artificially changed.

 

Ultimately this will turn into an arms race, with FraudFox tuning its algorithms to mimic good users and fraud detection data scientists revising their detection models to differentiate between artificial and organic changes. But thankfully fraud fighters have greater resources.