Frequently Asked Questions

Fingerprint Identification

What is Fingerprint's uptime SLA?

Fingerprint guarantees at least a 99.9% uptime. In addition, you can check our current status, view previous incidents, and subscribe to updates on our status page.

What is your typical response time when there is an issue or bug?

Response times are based on the issue's size or the bug's severity and are approached on a case-by-case basis.

Do you provide a hosted service?

Fingerprint uses a series of global Amazon Web Services (AWS) datacenters with enterprise-grade physical and network security.

How do the machine learning aspects of Fingerprint work?

Fingerprint Identification's server-side API processes and analyzes a vast amount of data, searching for patterns and recurring fraudulent activity.

What types of companies do you typically work with?

Fingerprint works with companies of all sizes and industries like e-commerce, financial services, travel, gaming, crypto, and more across many regions, including North America, Europe, Asia-Pacific, and Latin America.

How does Fingerprint's pricing structure accommodate varying API call volumes?

Fingerprint has tiered self-serve plans that scale by the number of API calls per month up until 1 million/month. After that, anything over requires an enterprise contract. For more pricing information, visit our pricing page.

What are the advantages of using the custom subdomain or proxy?

The custom subdomain and cloud proxy integrations allows API calls through ad blockers and specific security policies. Visit our documentation for more information.

Should we implement Fingerprint on specific pages, every page, or the first page where a visitor lands?

The specific use case determines where Fingerprint should be implemented. For more information on what pages you should consider identifying visitors on, visit our documentation.

How do you count users? For example, if the same person comes in multiple times with the same visitor ID does that count as multiple API calls?

Yes, every time the identification API is called to generate a visitor ID, even if for the same user, it will count towards the API call volume. This is because every time it's called, our servers need to process it regardless of whether it's a new or existing ID.

What can you do with a visitor ID once Fingerprint generates it?

A visitor ID is a unique identifier for each visitor or user on a website. Websites can use the visitor ID for improving user authentication, fraud detection, fraud prevention or personalizing the user experience depending on the need of the specific system or application. For more details on how to use the visitor ID, visit our documentation or take a look at our use case demos.

Source-Available Software

What is source-available software?

Source-available software provides public access to its source code but is not freely available for open use, modification, or redistribution. Unlike open-source software, it often includes restrictions on commercial use or sharing.

What is FingerprintJS?

FingerprintJS is our source-available browser fingerprinting library that analyzes browser attributes to compute a hashed visitor identifier. Unlike cookies or local storage, fingerprints remain consistent in incognito or private mode, even after browser data is cleared. However, it is less accurate than the commercial Fingerprint Identification product.

Where can I find your source-available library, FingerprintJS?

Our source-available library, FingerprintJS, is available on GitHub. FingerprintJS is the #1 browser fingerprinting solution on GitHub, with over 23,000 stars.

Is your source-available software free to use?

FingerprintJS is free to use for non-production purposes. To use this library in production, please contact sales@fingerprint.com

How does the commercial Fingerprint Identification differ from the source-available FingerprintJS library?

A detailed comparison of the two can be found on GitHub. The main difference is that FingerprintJS is less accurate than the commercial version, as it lacks the additional server-side identification methods and machine learning processing available in the commercial product.

Browser Fingerprinting

What is browser fingerprinting? How does browser fingerprinting work?

Browser fingerprinting is a technique for identifying a website's visitors to make them uniquely identifiable among others. It combines various pieces of information about the visitor, known as signals, to help machine learning process these signals and assign a unique identifier to the user. Examples of signals that can be collected during browser fingerprinting include the device's operating system, browser version, preferred language, and screen resolution.

Is browser fingerprinting safe?

For businesses, browser fingerprinting is used to better identify site visitors and distinguish between potentially fraudulent users and legitimate ones. Importantly, we do not track users across sites or reveal personally identifiable information (PII) during the fingerprinting process. For consumers, the benefits of browser fingerprinting include a safer browsing experience and an improved user experience when using software or visiting websites.

What is my browser fingerprint?

You can view your detected visitor ID on our Demo page.

Can you detect a user in incognito mode or on a VPN?

Yes, we can uniquely identify website visitors in most cases, even when they use incognito mode or a VPN. This is because we analyze over 100 signals from a visitor before assigning them a unique identifier. Even if a signal, such as the IP address, changes, we can still achieve high accuracy in identification.

Device Identification

What is device identification?

Device identification is the process of collecting various signals from a device, user, browser, and more to create and assign a unique identifier to that device. The methods and technologies used to collect these signals can vary.

How does device identification differ from browser fingerprinting?

Browser fingerprinting is just one of the many signal collection forms incorporated into device identification. Previously, device identification was achieved through signals like IP addresses and cookies. However, browser fingerprinting is a much more robust method, given the number of signals collected, leading to the most accurate device identification generation.

Does Fingerprint do device identification or browser fingerprinting?

To generate our unique visitor ID, Fingerprint incorporates device identification and browser fingerprinting. For mobile apps, we identify devices, and for web and mobile browsers, we identify browsers, as this allows us to achieve higher accuracy.

What is an IMEI, and is it part of a device identification?

IMEI stands for "International Mobile Equipment Identity." It's a unique number used to identify a device on a mobile network, similar to a phone's social security number. IMEI is one factor in the device identification of mobile devices but is not the only signal used when building a fingerprint.

Accuracy

How is your accuracy rate defined?

We define our accuracy by how many returning visitors to a site we successfully identify as returning visitors, not new ones. So, for example, a 99% accuracy rate would mean we correctly identified 990 out of 1000 returning visitors on any site.

Does Fingerprint collect PII?

Fingerprint's service uses IP address which may be considered as PII depending on the regulations and/or laws under which your business operates. We do not collect other signals that are considered PII. Fingerprint also collects the URL from the page where signals are collected. We can configure your Fingerprint environment to hash the URL and use pseudonymized IP addresses upon request.

Which vendor identifiers does Fingerprint collect with mobile SDKs?

Fingerprint collects IDFV (identifier for vendor) on iOS and GFS ID (Google Services Framework Identifier) on Android. We do not collect any ad-related signals.

How do changes within browsers regarding privacy and tracking affect Fingerprint?

Security and privacy policies are rapidly changing, making the available signals from a user's device highly dynamic. This requires constant tuning, machine learning, and other advanced techniques to maintain high accuracy. As a result, we invest heavily in this specific area of the business.

Is Fingerprint GDPR compliant?

Yes, Fingerprint can be used in compliance with the General Data Protection Regulation (GDPR). Where the GDPR applies, you are the “controller” of personal data collected in connection with the Fingerprint service, and Fingerprint acts as the “processor” of such data. When Fingerprint processes personal data in connection with providing the service, we do so in accordance with your instructions and as outlined in the GDPR data processing addendum. As a controller, it is your responsibility to comply with GDPR requirements applicable to controllers. For example, you must establish a legal basis for collecting and using data (such as legitimate interests or consent), provide appropriate notices to data subjects, maintain records of consent when relying on consent as a legal basis, and develop procedures to address data subject requests. The extent to which the GDPR applies and your specific obligations as a controller will depend on how you use Fingerprint. We recommend consulting your legal team to determine how the GDPR applies and to address your compliance obligations effectively. You can learn more about our compliance and security certifications here.

Is Fingerprint CCPA compliant?

Yes, Fingerprint can be used in compliance with the California Consumer Privacy Act (CCPA). Where the CCPA applies, you are the “business” with respect to any personal information collected in connection with the Fingerprint service, and Fingerprint processes such data as the “service provider,” as outlined in the CCPA data processing addendum. As a business, it is your responsibility to comply with the CCPA requirements applicable to businesses. For example, you must provide appropriate notices to data subjects and develop procedures to respond to consumer rights requests. The extent to which the CCPA applies and the nature of your obligations as a business under the CCPA will depend on how you choose to use Fingerprint. We recommend consulting your legal team to determine the extent to which the CCPA may apply and how best to address your CCPA compliance obligations. You can learn more about our compliance and security certifications here.

Does Fingerprint analyze website traffic automatically?

No, Fingerprint does not automatically analyze website traffic. Fingerprint provides tools for website owners, who determine the conditions under which website visitors are identified. Website owners are responsible for ensuring their use of Fingerprint complies with relevant privacy laws, including addressing notice, consent, or opt-out requirements, as necessary, based on their use and implementation of Fingerprint.

Is Fingerprint SOC2 Compliant?

Yes - Fingerprint is SOC 2 compliant. You can learn more about our security certifications on our Security page. Please contact sales if you want to see our SOC 2 report.

Does Fingerprint require consent?

Fingerprint is primarily designed for fraud detection, which generally does not require consent under most privacy laws. However, whether you need consent depends on where and how you implement and use Fingerprint. We recommend consulting your legal team to determine the best approach to addressing privacy requirements.

Where is Fingerprint's data stored?

When creating your account, you can choose between Global/US data storage (Richmond, Virginia), EU data storage (Frankfurt, Germany), or Asia-Pacific data storage (Mumbai, India). We can set up servers in additional locations for enterprise customers. To learn more, please contact sales.

Does Fingerprint collect personal data?

Fingerprint's service leverages dozens of browser attributes, including IP address, to create a unique and stable visitor ID for your website visitors. We do not collect information on the person using the browser or device, such as their name or email address. Depending on where and how you choose to use Fingerprint's services, this visitor ID, its associated browser attributes, and the data you choose to associate with them may be classified as "personal data" or "personal information" under applicable law. We recommend working with your legal team to determine the extent to which privacy laws may apply to your use of Fingerprint's services.

Common Fraud Types

What are the types of payment fraud?

Digital payment fraud can take many forms. We help businesses detect several types, including credit card fraud, credit card chargebacks (friendly fraud), coupon and promo code abuse, and card cracking. You can learn more about each here.

What is account takeover fraud (ATO)?

Account takeovers can take several forms, including credential stuffing and phishing attempts. With credential stuffing, fraudsters test thousands of login details obtained from external sources, such as data breaches from other sites, to gain access to user accounts. This happens when users reuse passwords or use weak passwords across multiple sites. Phishing attempts are among the most challenging fraud types to detect due to their sophisticated social engineering techniques. These attempts can happen through several methods, including email, social media, phone calls, fake web pages, and even direct mail.

What is multi-accounting fraud?

Multi-accounting fraud happens when one person creates multiple accounts with the same service. This can be for non-nefarious reasons, like keeping work and personal accounts separate, or for unfair advantages, like winning in online poker or abusing signup bonuses. Multi-accounting is a growing problem in online gambling, gaming, and poker. We discuss ways to detect and prevent multi-accounting in these industries here.