A device fingerprint is a string of numbers or other code generated based on a range of different attributes for a particular computer or other device. The idea behind this code is that the methods used to generate it rely on various settings and aspects of a machine, including things like the operating system (OS), the Internet service provider (ISP) and Internet protocol (IP) address for the machine, and even hardware installed on the computer. A device fingerprint generated by these factors creates a unique code for that device, allowing security protocols to then identify fraudulent computer activity more easily.
Much like a human fingerprint, the idea behind a device fingerprint is to have a reliable method by which a computer can be uniquely identified. The information used to generate this code is not directly conveyed through the code itself, so there is no infringement upon the privacy of the computer user. Instead, this data is simply used to generate enough information to create an identifier that should be unique. Many different methods can be used to generate a device fingerprint, though they typically come down to either passive or active means.
Passive methods for generating a device fingerprint rely on information that can be queried by a server or other host and received from the client system. This type of method is often used by online retailers and similar businesses, to generate a fairly unique identifier without interfering too much with a customer’s experience. Active generation of a device fingerprint, however, involves the use of software installed onto a client system which then generates a fingerprint code. This method is more invasive for clients, since software must be installed to generate the code, but often creates a much more reliable and unique identifier by accessing more information on a computer or device.
By using a device fingerprint, online businesses are better able to prevent fraud and ensure customer identity for purchases. Many banks, for example, utilize strong passive fingerprinting methods that may require customers to connect from the same machine at the same location, or to follow certain procedures to reaffirm the customer’s identity. Online retailers often use fingerprints to verify a customer’s information, tracking fingerprints for multiple transactions under different names through the same device, which usually flags these orders for further fraud investigation. Many developers of computer games and other digital media have begun using active device fingerprint generation methods, often through digital rights management (DRM) software, to reduce piracy.