August 19, 2016
Device Identification Moving Beyond the Device: Three-part Executive Summary
Device Identification—an online fraud prevention tool that only recently has begun to gain mainstream acceptance—establishes a unique ID for a device attempting to access a Website. Devices are assigned tokens that can be tracked across multiple user transactions, providing a unique identifier that makes it possible to differentiate one entity from all the other entities accessing the site. A new white paper from Sarasota, Fla.-based e-commerce payments consultancy The Fraud Practice describes methods required to integrate Device Identification into an overall fraud solution. CardNotPresent.com will offer an executive summary of the detailed document in three parts. Today: Part I.
Overview of Device Identification
Device Identification—also known as device authentication, device fingerprinting and device ID—is a technique used to establish a “fingerprint” of a user’s computer or other web access device in order to track their activity and determine linkages between other devices. Device Identification has grown into a very sophisticated science, with active and passive versions, both of which have the ability to be deployed so that they are completely transparent to the end user.
The passive version collects information about the end user’s device, including attributes like browser settings, operating system, software version numbers and other unique, identifiable traits of the device. The information is then used to create a unique token for that combination of settings that can be identified every time the device is used.
The Origins of Device Identification
As e-commerce gained a foothold in the retail world, merchants found that the anonymity provided by the Internet was not only prized by fraudsters, but by honest consumers as well. It became evident that strong authentication of user-supplied profile data, which could minimize fraud for merchants, was anathema to consumers who didn’t want to supply much information, expected a fast, low-touch checkout process and demanded a high level of security.
Merchants needed new ways to establish and connect an identity to an account in order to prevent fraud, authenticate return consumers and stop account takeovers. The concept of Device Identification offered the possibility to tag an end user’s device—whether a computer, phone or tablet—so that it could be tracked for future business processes. This was a huge concept in fraud prevention, allowing merchants to quickly authenticate a returning user, provide the low-touch transactions consumers were demanding and still be able to detect and act on fraud.
Setting Expectations on the Value of Device Identification
Device Identification has strengths and weaknesses and it is best applied as part of an over arching solution. You need to set proper expectations for your company on just what Device Identification can offer. Thus, it’s important to understand the limitations of the tool as well as the context in which to apply it.
Next: The Limitations of Device Identification, The Power of Device Identification and Integrating Device ID Into an Overall Solution.
Part Two will be released on November 29 . David’s research has been made possible by funding from Kount, Inc.