Summarize this article with
I recently got to sit down with our CTO and co-founder, Valentin Vasilyev, to talk about one of our newest features, Proximity Detection. We dug into what the feature does, how it works under the hood, and why it gives customers a new way to spot suspicious behavior before it turns into fraud.
Watch the interview or keep reading to see how the feature came together and what it unlocks for fraud prevention.
Keshia
Hi, I'm Keshia, and I'm here with our CTO and co-founder, Valentin Vasilyev, and we're going to talk about one of our latest new features, Proximity Detection. So first things first, Valentin, what is Proximity Detection?
Valentin
Proximity Detection is a new powerful way of identifying the location of mobile devices. It works across Android and iOS devices and it allows [you] to identify the location of the device in a privacy preserving way that is actually very helpful for fraud detection. We had a lot of these cases in mind when we developed Proximity Detection. Such as delivery fraud, co-located devices, device farms, account takeover, and many others, which I'm happy to talk about.
Keshia
Why did we build Proximity Detection? What kind of problems are our customers trying to solve?
Valentin
Fingerprint's original idea was device fingerprinting and generating unique device identifiers. Each device would get its own identifier. It's a permanent and unique identifier, but when you're dealing with hundreds of devices sitting on a device rack (you probably saw those scary images on the internet, like a few hundred devices), each of them will get a unique and different identifier. It's sometimes hard to cross correlate all those identifiers in order to see a device farm attack on your mobile app or on your website.
With the Proximity ID, all those devices will get the same identifier, and you will immediately recognize all these devices sitting together with a certain precision and certain radius, and understand if you are dealing with a coordinated attack, whether it's ATO or whether it's mass account creation and things like that.
Keshia
Gotcha. Well, how come traditional signals like raw GPS data or IP geolocation don't give us what we need?
Valentin
These traditional techniques like coordinates, latitude and longitude can be used for that, it's just very difficult to use them. They require a lot of specialized knowledge on how to calculate the location on the globe, calculate the distance between two devices, see how they relate to each other, take into account GPS warm up times, all those uncertainties. Dealing with confidence level, dealing with the precision radius, is very difficult when dealing with traditional coordinates and traditional flat L-N-G [lat/long] systems.
They require usually a specialized engineer on your team that only deals with geospatial types of tasks. With the Proximity ID, we try to solve this for our customers and give them a developer friendly API to identify devices using this method, then also signal how confident we are in the identification, and also provide a precision radius which you can use to search bigger and bigger concentric circles of devices to find more and more devices if you want more confidence, or want a broader area where you want to find the devices.
All of this is possible with traditional coordinates, but it's very unfriendly for developers and hard to use. That's why we wanted to solve this.
Keshia
Well, how does Proximity Detection work under the hood? You mentioned concentric circles, tell me more.
Valentin
Yes, we designed a hexagon-based system. It's a hierarchical hexagon-based system where each device would be assigned a very small, like 10-meter in radius, hexagon, and devices sitting in that hexagon will get the same proximity identifier. And then we made it hierarchical so that you could actually increase the precision radius, and each hexagon will sit in a larger and larger hexagon. And we will use the precision radius to find the devices depending on the radius that you want.
So if you want just these 300 devices in this room, use a precision radius of 10 meters. But if you want to find more devices, like in a 100-meter radius for delivery fraud or ride-hailing fraud, you will use a broader radius and find potentially more devices.
We also give the confidence levels with each response of how confident we are the device indeed belongs to that specific hexagon, and this is a very comprehensive system that developers can use to solve multiple types of fraud, and it applies very well to multiple use cases.
Keshia
And tell me, what are some of the design considerations around privacy?
Valentin
We took privacy very seriously when designing the Proximity Detection. First of all, it's not possible to link a proximity identifier back to coordinates. They are not reverse-engineerable. If you have a Proximity ID, you don't know the coordinates that generated the proximity identifier.
Some jurisdictions treat latitude and longitude, especially at the granular level, as personally identifiable information. And we wanted to make it a privacy-friendly option for companies and developers.
Second, if two companies have the Proximity ID for the same device, they will get different values because they are scoped to each customer account. Even if it's the same device sitting in the same physical location, you will get two different Proximity IDs, and it's not possible to cross-correlate them in any way. Even [if] you have two different identifiers, you cannot really compare [them] and determine if this is the same device, so they're completely different on the API level.
So these are very important things that we wanted to incorporate in the original design, and we believe Proximity ID is a privacy-friendly way of identifying location fraud.
Keshia
Well, I think that covers all my questions. Thanks for your time, Valentin!
Valentin
Thanks for having me!
Want to learn more about Proximity Detection? Check out our technical explainer or start a free trial to get started.
