Covery is an eCommerce fraud prevention solution that specializes in using device fingerprinting to help merchants to both detect fraudsters, as well as increase their rate of customer conversions. We sat down with them for an interview to discuss how merchants can get the most out of device fingerprinting, how fraud solutions should be thinking about the use of proxies by fraudsters, customer retention strategies, and more.
1. You specialize in device fingerprinting technology. Can you explain what it does, and how merchants can use it to detect fraud?
Device Fingerprinting is a technology that identifies a user according to his device and browser signifiers.
It is often compared with web cookies, but the truth is they are very distinct, because device fingerprinting data is stored in databases, not on the client-side. Moreover, fingerprinting analyzes more user data points like IP address, HTTP request headers, installed plugins, client time zone, screen resolution and operating system, language etc.
Device Fingerprinting looks like a hash with all possible information about the end user. There isn’t a single hash per person — every change in user information creates a unique hash. In other words, if you use one laptop but two different browsers, you will have two unique device fingerprints.
The number of device fingerprints you have is only limited by the number of variables you have.
It’s true that device fingerprinting is commonly used as a tool for targeting Internet users with different kinds of ads. But in the realm of e-commerce and dealing with constant payments industries it is also applicable to detect bot attacks, synthetic traffic, account takeovers, card and other types of fraud. However, despite its importance and continual updates, its application remains controversial and has drawn the attention of GDPR regulation.
Overall, the technology is more efficient when utilized in tandem with other instruments of fraud prevention and risk management.
2. Given that many legitimate shoppers use things like proxies and ad blockers, how can merchants have any degree of confidence that device fingerprinting can detect fraud accurately?
In the vast majority of cases it’s almost impossible to detect a fraudster based on fingerprint scans alone. If it isn’t supplemented by other techniques, it will actually lead to high chargeback rates, and by extension, revenue loss.
To solve this problem, companies should support device fingerprinting with other fraud prevention technologies such as the results of AML, KYC checks, rule-based scenarios, and machine learning.
That being said, it is ok to use device fingerprinting to detect your best customers and retarget them with additional services.
3. In addition to fraud prevention, you cite customer retention and revenue optimization as a benefit of device fingerprinting. Can you give some best practices for merchants to use the technology in this way?
There are two possible approaches for these purposes.
The first one is to shorten the product funnel, or, in simple terms, the quantity of steps during the interaction process with product/platform/service for trusted customers. For example, to access the product every customer needs to pass 2FA (two-factor authentication). Using device fingerprint in such a case helps us to detect constant and reliable customers who use same devices with minimal changes in their device fingerprint data. Therefore, the authorization process for that kind of customer could be shortened, or even fully automated. This in turn eliminates the annoyance created by standard processes, and increases net promoter score, customer satisfaction, and customer lifetime value.
The second one is to stimulate customers to spend more via upselling and other marketing activities. Normally, the risk of chargebacks and other revenue loss factors increases with your sales volume. However, this is mitigated when you can only offer additional opportunities to trusted customers, whose identities have been verified via fingerprint checks.
4. I think lots of merchants will be surprised to see “bots” listed as a potential fraud threat. What does a bot attack look like, and how would merchants know if they are being targeted?
People definitely know about good bots — they are used in messengers, chats, or incorporated into web interfaces, etc. In this context, it’s easy to understand how the purpose of any bot — good bots included — is to gather information. In the same way, fraudsters use malware bots to gather passwords, financial information, card credentials, spam, launch DoS attacks, and perform other malicious actions.
The type of bot attack depends on the type of business. Bot attacks on eCommerce business usually start by looking like great business, as the quantity of users increases sharply. It’s only later when the business notices a drop in conversions or profit that it realizes something is wrong. Account takeovers, user complaints, and other bad signs are often not far behind.
Some of the common bot attacks we see are affiliate fraud, bonus abuse, reputation abuse, etc. The most important part of stopping a bot attack is awareness an attack is occurring. Unfortunately, the big problem is bot attacks often go unnoticed. Device fingerprinting helps to greatly reduce this vulnerability.
5. You work with industries considered “high risk” like gaming, affiliate sites, and the dating industry. What tips can you give to human fraud managers working in these industries?
There are several tips that are same good both for high risk as well as low risk industries.
The most crucial thing to remember is that fraud patterns and fraudsters are not standing still and it is very important to look ahead in the long term and update your knowledge every day.
- Fraudsters are people too. Remember that every malicious action against a business comes from a human.
To understand how to protect yourself again fraud attacks, you shouldn’t think defensively in terms of “anti-fraud”, but instead offensively as a fraudster before devising a counter-strategy. - Think as your customer. The right approach to fraud prevention is always the one which is made for your real customers. Think about pains and problems of your customers, because they are the ones who give your business the best feedback.
- Use your anti-fraud tool. Our time on the conferences and exhibitions circuit brought us around to the conclusion that the vast majority of fraud managers do not understand the capabilities of their anti-fraud tools. Stay up to date on the functionality of your tools, and be sure to make the best use of it you can at all times.
- Pay attention to reporting and analytics. Reports are a powerful tool for deep analysis and fraud prevention. Unfortunately, they are usually underestimated by fraud analysts.
- Love your job. Nothing more to say here.
Finally, if you could give merchants one tip for how to fight chargebacks, what would it be?
A lot has been said to try and answer the question of how to prevent chargebacks. What is undeniable is that if you are in eCommerce, it’s important to be aware of credit card fraud and apply device fingerprinting technology to prevent it. Ultimately, the customer is the only source of feedback for your business, and fraud prevention in such case is King.