Modern digital fraud has evolved to such an extent that it’s easier than ever for online scams or cybercrimes to bypass common filters. This means that ecommerce scams, spam or ad fraud need more sophisticated anti-fraud methods to stop them being a regular occurrence.

And that’s where device fingerprinting comes in.

Many fraud detection and prevention services now provide device fingerprinting, including us here at ClickCease.

But what is device fingerprinting, how does it work, and is it enough to stop fraud in it’s tracks?

What is device fingerprinting?

Device fingerprinting is the identification of a device by readily accessible data such as the operating system, browser in use, and even some of the hardware on the device. It is also sometimes referred to as machine fingerprinting.

The process of device fingerprinting is usually performed by software to track whether a device is genuine or not. 

However, it can also be performed by apps and some websites which have the necessary software installed.

Data included in device fingerprinting will usually include:

  • IP address
  • Device model and other hardware information such as processor chip and number of cores
  • Display information including the screen resolution or graphics card used
  • Font information
  • Operating system version
  • Browser used and version
  • Battery information
  • System language settings
  • System time zone 
  • Browser cookies
  • Information about any VPNs or other software used
  • The user agent or UA string
  • SSL/TLS information 
  • Other network information 

This information is conveyed using the device hash, also called the hardware hash. This information can be requested by the software in question and is used to create a unique profile of a device: the device fingerprint or device ID.

The importance of the device hash

This device hash is perhaps the most important element in identifying a device fingerprint. With this unique form of machine identification, services such as ClickCease can be used to understand the types of activity happening online.

The term hash refers to the string of information. There are other forms of hash including:

Browser hash – The data relating to the browser used as well as the machine and the OS it’s running on. The browser hash remains the same even if the user uses a VPN or clears their cookies. Browser fingerprinting is another way to identify fraudulent behavior which we’ll look at shortly…

Cookie hash – Nope, not those snacks you had at that music festival last year. This relates to the data within a browser session such as sites visited and other activities performed within the browser. This information is stored in the web cookies and is reset after every session – so a cookie hash will change

Device hash – The unique verifying data used to identify the device in question, and a key element of device fingerprinting

These other forms of hashing are also used in fraud detection, but are unique elements which do not have a bearing on the action of device fingerprinting.

How does device fingerprinting work?

Building a clear picture of which devices are interacting with your website or service can help to identify who is doing what on your site. For example, a common way for ad fraud or click fraud to bypass filters is to change their IP address.

If a platform such as Google Ads sees that a specific IP address is clicking multiple times on an ad, it can add that IP address to an exclusion list so that it doesn’t see that ad any more. This is one of the main methods of click fraud prevention used by ad platforms.

But by changing the IP address every time, the same device can continue to perform the same fraudulent activity. As far as Google is concerned, this is a new device every time.

Other ways to hide include user agent spoofing, or UA spoofing, which is when the device provides fake system information to the platform making the request.

But with a device fingerprint there is, in theory, nowhere to hide. 

Once that hardware and corresponding system has been identified, it’s very hard to change that information.

What is device spoofing?

One of the main ways that fraudsters bypass device fingerprinting is to use device spoofing. This is a process where the machine will present inaccurate information about the device being used so that, for example, a server tower in Pakistan can appear to be a laptop running Chrome from the USA, or an Android phone in Kazakhstan can appear to be an iPhone in Australia.

Spoofing a device is also not that complicated. There are commonly used browsers, browser extensions, and easily accessible developer tools which make device spoofing relatively simple. 

With the rise in awareness around data privacy, there are more people than ever using privacy tools. Although this usually means ad blockers, or tools for blocking ad trackers, device spoofing tools are also a popular way for more advanced users to be anonymous online.

What is device or machine fingerprinting used for?

There are several fraudulent activities which rely on changing the device identity, or device spoofing. 

Often these cybercrimes rely on switching between multiple (virtual) devices to successfully carry out their aims. By switching IP addresses or spoofing their device ID, they can usually slide past the off-the-shelf fraud protection used by many platforms.

But by using device fingerprinting to verify the device, fraudsters find it much harder to pull the virtual wool over the digital eyes of the specific platform.

For example, with ad fraud, fraudsters will use bots to try and process multiple clicks on a display ad. The same might also happen with a business competitor who has hired a click farm to click your search ads multiple times until it disappears from the search results.

This activity can happen usually thanks to either the use of VPNs or proxy servers – in effect the user string changes each time so the platform thinks someone new is clicking.

But when using device fingerprinting, suspicious behavior from a specific laptop, phone or tablet can be flagged and, if necessary, blocked. 

By tracking the activity from a user’s device or tracking device info, you can ensure this kind of malicious proactively blocked.

How ClickCease uses the device fingerprint to spot fraud

Although device fingerprinting is a key element in the fight against click fraud and ad fraud, it isn’t the only tool in the kit. But by understanding how device fingerprinting helps to identify users behavior, you can start to see its relevance.

IP addresses

Shared IP addresses are not always a surefire sign of fraud. For example, you might be working in a cafe or airport lounge with tens, hundreds, even thousands of other people, all using the same WiFi connection. In this instance, multiple clicks from the same IP address are unlikely to be fraudulent. 

However there are other instances where multiple fraudulent devices might be using the same IP address, or hiding behind a VPN to perform their fraud. Talking of which…

VPNs and Proxies

Many people use VPNs and proxy servers for legitimate use – for example if they want to access data from other countries, or they simply don’t want people to track them online. 

But by contrast, click farms will also use VPNs and proxy servers to switch their IP addresses regularly, or even appear as if they are somewhere else. By using methods to identify the devices, it’s clearer that there is some form of fraud occurring. 

VPNs and proxy servers are used to avoid device fingerprinting

Data mismatch

One of our metrics for fraudulent ad traffic at ClickCease is the out-of-geo click. Advertisers targeting a specific area or region might be getting ad traffic from areas outside their target zone. This is often a result of bot traffic routing through data centers or click farms using VPNs and proxies to hide their true location. 

This can also happen with devices claiming to be an iPhone or laptop, but are actually those data center servers or click farm devices. 

Of course with machine fingerprinting you have access to the data which reveals the true location and identity of the user device. If there is a data mismatch then we have good reason to block due to fraud, especially if there are other fraudulent actions taking place.  

Is device fingerprinting effective in preventing fraud?

Although device fingerprinting is an effective tracking method to monitor a visitor’s device, it isn’t totally effective on its own. Most fraud prevention tools, including ClickCease, will use other tracking methods and data points such cookie data, device information, click frequency and other custom rules.  

And because device fingerprinting is not a new technology, fraudsters are aware of it and do have techniques to get around this form of tracking.

Some of the typical ways to avoid device fingerprinting is to use private or incognito mode on a browser. There are also specific web browsers that hide the user’s fingerprint data. Or more advanced users might try disabling Javascript on their device as this is one of the main methods of conveying the information.

Fraud and digital advertising

Click fraud or ad fraud is currently the biggest and most lucrative form of online fraud. It’s often seen as a victimless crime by the perpetrators too as stealing from the ad platforms viewed more as a Robin Hood style stealing from the rich activity, rather than defrauding advertisers.

In addition to this, advertisers are often focused on the metrics of getting the most impressions and clicks on their ads.

Against this backdrop, the challenge of advertising click fraud cost the marketing industry over $41 billion in 2021 alone. And this number has been steadily increasing year on year since, well… Since the start of digital advertising…

Marketers are more aware than ever about the problem of click fraud and ad fraud, and taking steps to ensure they target legitimate users with their ad campaigns. Using fraud detection and blocking tools to track users and stop fake clicks has become a cost effective way to reduce click wastage and improve return on ad spend.

And by combining device fingerprinting and other methods to verify legitimate users, ClickCease has become the industry choice for click fraud prevention. 

If you run PPC ads on Google Ads, Meta for Business ads or Microsoft Ads, you should run a traffic audit to check your exposure to fraud. With a free trial of ClickCease, you can monitor the clicks you get for yourself and see.

Get your FREE 7 day trial today and see who really clicks your ads!