Fingerprint Pro guarantees at least a 99.8% uptime. In addition, you can check our current status, view previous incidents, and subscribe to updates on our status page.
Response times are based on the issue's size or the bug's severity and are approached on a case-by-case basis.
Fingerprint uses a series of global Amazon Web Services (AWS) datacenters with enterprise-grade physical and network security.
Fingerprint Pro's server-side API processes and analyzes a vast amount of data, searching for patterns and recurring fraudulent activity.
Fingerprint works with companies of all sizes and industries like eCommerce, Financial Services, Travel, Gaming, Crypto, and more across many regions, including the US, EU, APAC, and LATAM.
Fingerprint has tiered self-serve plans that scale by the number of API calls per month up until 1 million/month. After that, anything over requires an enterprise contract. For more pricing information, click here.
The custom subdomain allows API calls through ad blockers and specific security policies.
The desired use case largely dictates the implementation of Fingerprint. For more information on what pages you should consider implementing, check out our best practices doc here.
Yes, every time the API is called to generate a visitorID, even if for the same user, it will count towards the API call volume. This is because every time it's called, our servers need to process it irrespective of being a new ID vs an old one.
Open source software includes public source code access, which anyone can review, edit, and add over time. Generally, open source software is free for anyone to use and it can be incorporated into other software. Some famous examples of open source software include Firefox, OpenOffice, and MySQL.
FingerprintJS is a browser fingerprinting library that queries browser attributes and computes a hashed visitor identifier from them. Unlike cookies and local storage, a fingerprint stays the same in incognito/private mode, even when browser data is purged.
Our open-source software, FingerprintJS, is available on GitHub. FingerprintJS is the #1 browser fingerprinting solution on GitHub, with over 17,000 stars.
FingerprintJS will always be free to use.
You can view a complete breakdown of the two in our technical documentation. However, the most significant difference is that FingerprintJS is less accurate than the Pro version because it does not include additional server-side identification methods, as well as machine learning processing included in the Pro version.
Browser fingerprinting is a technique of identifying a website's visitors to be uniquely identifiable among other visitors. It combines many different pieces of information about the visitor, known as signals, to help machine learning ingest the signals and assign a unique identifier to a user.
Examples of signals that could be collected during browser fingerprints include, device operating system, browser version, preferred language, or screen resolution.
For a business, browser fingerprinting aims to identify visitors to a site better and separate those that may be fraudulent and those that may not. Therefore, we do not track across sites nor reveal PII (personally identifiable information) during our fingerprinting process.
The benefits of browser fingerprinting as a consumer include an overall safer browsing experience and user experience when using software or viewing a website.
Yes, we can uniquely identify website visitors in most cases using an incognito mode or a VPN. This is because we ingest over 100 signals about a visitor before assigning them a unique identifier. So, even if they change a signal, such as IP address, we can still identify them with 99.5% accuracy.
Device identification is a process in which several signals from a device, user, browser, etc are collected and used to create and assign a unique number identifying that device. The act of signal collection can vary by methodology and technology.
Browser fingerprinting is just one of the many signal collection forms incorporated into device identification. Previously, device identification was achieved through signals like IP addresses and cookies. However, browser fingerprinting is a much more robust method given the number of signals collected, leading to the most accurate device identification generation.
To generate our unique VisitorID, Fingerprint incorporates device identification and browser fingerprinting. For mobile apps, we identify devices; for web and mobile browsers, we identify browsers as this allows us to achieve higher accuracy.
IMEI stands for “International Mobile Equipment Identity.” It’s a unique number for identifying a device on a mobile network, and you can think of it as your phone’s social security number. IMEI factors into device identification of mobile devices but isn’t the only signal utilized when building a fingerprint.
We define our accuracy by how many returning visitors to a site we successfully identify as returning visitors, not new ones. So, for example, a 99.5% accuracy rate means we correctly identify 995 out of 1000 returning visitors on any site.
Fingerprint’s service utilizes IP address which may be constituted as PII depending on the regulations and/or laws under which your business operates. We do not collect other signals that are considered PII. Fingerprint also collects the URL from the page where signals are collected. We can hash the URL upon customer request under our Enterprise plan.
Fingerprint collects IDFV (identifier for vendor) on iOS and GFS ID (Google Services Framework Identifier) on Android. We do not collect any ad-related signals.
Security and privacy policies are rapidly changing; thus, the available signals from a user’s device are very dynamic. This requires constant tuning, machine learning, and other advanced techniques to keep our accuracy high. Due to this, we invest heavily in this exact area of the business.
Yes - Fingerprint is GDPR compliant. You can learn more about our security certifications on our Security page.
Yes - Fingerprint is CCPA compliant. You can learn more about our security certifications on our Security page.
We never automatically track traffic - our customers can configure under what conditions visitors are tracked, and we never do cross-domain tracking.
Yes - Fingerprint is SOC 2 compliant. You can learn more about our security certifications on our Security page.
Please contact sales if you want to see our SOC 2 report.
Our technology is intended to be used for fraud detection only; for this case, no user consent is required. However, any use outside of fraud detection must comply with GDPR user consent rules.
When you create your account, you can choose between Global/US data storage (Richmond, Virginia), data EU storage (Frankfurt, Germany) and Asia-Pacific storage (Mumbai).
We can set up servers in additional locations for enterprise customers. To learn more, please contact sales.
Digital payment fraud can take many forms. We help businesses detect several of them, including credit card fraud, credit card chargebacks (friendly fraud), coupon and promo code abuse, and card cracking. You can learn more about each here.
Account takeovers can appear in several forms, including credential stuffing and phishing attempts.
With credential stuffing, fraudsters will try to test thousands of login details they’ve obtained from an external source like a data breach of another site to try and gain access to a user’s accounts. This happens when users reuse passwords or unsecured passwords across multiple sites.
Phishing attempts are some of the most challenging fraud attempts to detect due to their level of social engineering sophistication. Phishing attempts happen in several ways, including through email, social media, phone calls, false web pages, and even direct mail.
Multi-accounting fraud is when one person signs up for multiple accounts with the same service. This can happen for non-nefarious reasons or in attempts to gain something, including a winning advantage in an online poker game.
Multi-accounting is a growing problem in online gambling, gaming, and poker, and we discuss ways to detect and prevent multi-accounting in those industries here.