# How Device Fingerprints Work In Identity Fraud Scenarios
In identity fraud, the typical risk scenarios include fake registration, account takeover, and credential theft, which often involves batch script operations and changes to the device parameters.
Based on the unique identification ability of the device fingerprint, it is very important to prevent risk and increase the cost of fraud.
In simple terms, the device fingerprint is a technology used to identify the device. The corresponding device fingerprint or the unique identification given is generated by collecting device-related information and then combining it with the encryption algorithm.
In identity fraud, the typical risk scenarios include fake registration, account takeover, and credential theft, which often involves batch script operations and changes to the device parameters.
# What Are the Typical Fraud Characteristics?
Taking fake registration as an example, fraud industry players will register accounts in bulk to obtain points, coupons, and other benefits by doing the registration activities, or sending information in groups to attract advertisement and obtain benefits.
This process will involve fabrication made by machine, with fraud industry players using different devices to fabricate the completion of the registration. They will tamper with the device information by using flashing software, device modification tools, etc., resulting in the app being "tricked" when collecting the device information. Every time the device information is modified, the app will mistakenly identify it as a new device.
Various types of device information can be modified, such as MAC address, IMEI number, WIFI environment, browser version, system language, system version number, mobile phone model, etc. Visually, it is registered as a different device, but in reality, it is the same device.
# Use Case Example
For example, in the gaming industry, fraudsters are registering fake accounts in batches and sending mass advertisements in the chat room of the game app. Destroying the game app environment will affect the user experience of normal players. Therefore, the top priority of risk control for this game app is to prevent the batch registration of fake accounts by fraudsters.
From 8th to 19th September 2022, this app was attacked by fake registrations made by fraudsters. Through device fingerprint identification, the obvious abnormality is observed in form of a sudden increase of the average daily registration volume. It has reached 2.736 million, of which more than 95% were identified as the attacks of fraudsters, and the total amount of 12-day risk control interception reached 31.19 million. Many anomalies have appeared in the device dimension, such as simulator usage, device parameter tampering, associating multiple accounts by the same device in a short period of time, using Free Multi Launcher and Quick Macro, etc. After these fake accounts are registered, they can be stored for a long time. When they start to act, they can publish a large number of advertisements to attract traffic and even set up romance scams to defraud normal users, which will seriously threaten the safe and orderly operation of the business. To obtain huge economic benefits, fraudsters will be very patient and they can even maintain their number for more than 1-3 years.
Prevention and control benefits:
\1) Economic value - gain profits by intercepting fraudsters: According to the feedback from the business personnel of this company, the resell price after maintaining the account is generally 2-3 US dollars. As for more than 30 million registered fake accounts, if not intercepted in time, they may form an economic benefit of tens of millions of dollars after reselling the maintained fake accounts, which will also affect the account value of normal users.
\2) Economic value - the labor and system maintenance costs for accounts cleansing: If there are so many fake accounts that are not identified and intercepted in time, they will require high labor costs and system maintenance costs to clean them up by banning accounts batch by batch after it happened.
\3) Potential value - proper development of business is guaranteed: A large number of fake registered accounts will seriously affect the development of normal business, result in a crisis of customer trust and loss of customers, and even lead to business development stagnation in severe cases. It can form a good business ecological environment by establishing a protective wall to keep fraudsters out as soon as possible.
# How to Use Device Fingerprints to Prevent and Control Risks?
By collecting the device information and applying the encryption algorithm, the following two situations can be identified:
\1) On the same device, if the information of different networks and some device tampering are detected, it can be identified as the same device fingerprint;
\2) On different devices, if the information of the same network and device is detected, it can be identified as different device fingerprints.
Based on the two points above, in view of fraudulent crimes, device fingerprints can effectively avoid the cheating behaviors of flashing software and modifying tools by using its identification ability, so it can specifically identify risks and selectively intervene risky behaviors.
\1) Identify suspicious risks: The unique identification capability of device fingerprints can be configured in form of a prevention and control strategy, which, by combining it with other data features, can identify abnormal network and device environments, and also provide necessary pop-up verification information or directly intercept risks. At the same time, it can establish systematic prevention, control, and fraud scoring through fraud ring mining, correlation analysis, machine learning, and also by combining user's historical operation behaviors, which will result in different levels of risk decisions, such as SMS warning, phone call, account freezing, device blocking, etc.
\2) Identify trusted users: Based on the unique identification ability, device fingerprints can identify trusted users. By combining continuous data accumulation, it can also determine the habitual operation behavior of users under the device, such as common information or network environment of daily operations. Then, it will form the trusted device portraits, trusted IP portraits, and trusted address portraits to be selectively configured and applied in the policy system. When the trusted feature condition is triggered, it will specifically output the risk control decisions to reduce the disturbance of users' journey, such as password-free login.
\3) Promote business transformation: Through the above credible identification and combining it with users' behavior data in the entire transaction link, it can carry users' behavioral characteristics through device fingerprints to draw a multi-dimensional user portrait. For different types of business activities, it will push information to targeted users by combining it with the classification of corresponding user portraits, which will achieve the activity goal of accurate delivery and effective improvement.
# The Value of Device Fingerprint for Risk Control
Fraudsters have cost considerations when committing fraud. Mobile phone and PC is important cost expenditure points. Therefore, modifying device information and disguising a large number of the device is key to reducing costs. Based on the unique identification ability of the device fingerprint, it is very important to prevent risk and increase the cost of fraud. Promoting the continuous increase in the cost of fraud can effectively reduce the motive of fraud at the source.
Overall, the unique identification capability of the device fingerprint plays a crucial role in user identification. It can effectively identify fraud behavior and modification behavior of equipment information, and greatly increase the cost of committing identity fraud. Based on this capability, a variety of risk control strategies and identity recognition models can be created, so that targeted prevention strategies can be implemented in different business scenarios.
# Solution
TrustDecision device fingerprint aims to identify the key indicators of the device. It should be verifiable on the Internet, with the characteristics of cross-time, cross-region, and cross-application, and is also safe and resistant to attacks. To achieve this goal, we collect and process data from multiple dimensions of physical equipment, provide a variety of compatibility solutions for different application platforms, provide compliant advice and guidance in all aspects of data processing, and add the corresponding protection mechanism. We conduct a comprehensive analysis of the readable hardware information, system information, application information, and environmental information of the device, and perform multi-level attribution of strong and weak features through the correlation, aggregation, and discreteness of the data. Then, combine it with algorithms and resource libraries to calculate the globally unique ID of the device. TrustDevice collects multi-dimensional data, such as embedded SDK, network interaction information, etc., and sends the data of associated devices to the global data service center through a trusted channel. Through our computing engine, combined with a large number of data samples, generate the unique ID of the device. In this way, we can always attribute the same physical device in different states, at different times and spaces to a unique ID in the world. Combined with our nearly tens of billions of data samples, the comprehensive attribution success rate is above 99.5%.