Frequently Asked Questions

Fingerprint Pro

What is Fingerprint Pro's uptime SLA?

Fingerprint Pro guarantees at least a 99.8% uptime. In addition, you can check our current status, view previous incidents, and subscribe to updates on our status page.

What is your typical response time when there is an issue or bug?

Response times are based on the issue's size or the bug's severity and are approached on a case-by-case basis.

Do you provide a hosted service?

Fingerprint uses a series of global Amazon Web Services (AWS) datacenters with enterprise-grade physical and network security.

How do the machine learning aspects of Fingerprint work?

Fingerprint Pro's server-side API processes and analyzes a vast amount of data, searching for patterns and recurring fraudulent activity.

What types of companies do you typically work with?

Fingerprint works with companies of all sizes and industries like eCommerce, Financial Services, Travel, Gaming, Crypto, and more across many regions, including the US, EU, APAC, and LATAM.

How does Fingerprint's pricing structure accommodate varying API call volumes?

Fingerprint has tiered self-serve plans that scale by the number of API calls per month up until 1 million/month. After that, anything over requires an enterprise contract. For more pricing information, click here.

What are the advantages of using the custom subdomain?

The custom subdomain allows API calls through ad blockers and specific security policies.

Should we implement Fingerprint Pro on specific pages, every page, or the first page where a visitor lands?

The desired use case largely dictates the implementation of Fingerprint. For more information on what pages you should consider implementing, check out our best practices doc here.

How do you count users? For example, if the same person comes in multiple times with the same visitorID does that count as multiple API calls?

Yes, every time the API is called to generate a visitorID, even if for the same user, it will count towards the API call volume. This is because every time it's called, our servers need to process it irrespective of being a new ID vs an old one.

What can you do with a visitorID once Fingerprint generates it?

A visitor ID is a unique identifier for each visitor or user on a website. Websites can use the visitor ID for improving user authentication, fraud detection, fraud prevention or personalizing the user experience depending on the need of the specific system or application.

Open-source software

What is open-source software?

Open source software includes public source code access, which anyone can review, edit, and add over time. Generally, open source software is free for anyone to use and it can be incorporated into other software. Some famous examples of open source software include Firefox, OpenOffice, and MySQL.

What is FingerprintJS?

FingerprintJS is a browser fingerprinting library that queries browser attributes and computes a hashed visitor identifier from them. Unlike cookies and local storage, a fingerprint stays the same in incognito/private mode, even when browser data is purged.

How can I find your open-source library, FingerprintJS?

Our open-source software, FingerprintJS, is available on GitHub. FingerprintJS is the #1 browser fingerprinting solution on GitHub, with over 17,000 stars.

Is your open-source software always free to use?

FingerprintJS will always be free to use.

How is Fingerprint Pro different from FingerprintJS open source?

You can view a complete breakdown of the two in our technical documentation. However, the most significant difference is that FingerprintJS is less accurate than the Pro version because it does not include additional server-side identification methods, as well as machine learning processing included in the Pro version.

Browser Fingerprinting

What is browser fingerprinting? How does browser fingerprinting work?

Browser fingerprinting is a technique of identifying a website's visitors to be uniquely identifiable among other visitors. It combines many different pieces of information about the visitor, known as signals, to help machine learning ingest the signals and assign a unique identifier to a user.

Examples of signals that could be collected during browser fingerprints include, device operating system, browser version, preferred language, or screen resolution.

Is browser fingerprinting safe?

For a business, browser fingerprinting aims to identify visitors to a site better and separate those that may be fraudulent and those that may not. Therefore, we do not track across sites nor reveal PII (personally identifiable information) during our fingerprinting process.

The benefits of browser fingerprinting as a consumer include an overall safer browsing experience and user experience when using software or viewing a website.

What is my browser fingerprint?

You can view your detected VisitorID on our Demo page.

Can you detect a user in incognito mode or on a VPN?

Yes, we can uniquely identify website visitors in most cases using an incognito mode or a VPN. This is because we ingest over 100 signals about a visitor before assigning them a unique identifier. So, even if they change a signal, such as IP address, we can still identify them with 99.5% accuracy.

Device Identification

What is device identification?

Device identification is a process in which several signals from a device, user, browser, etc are collected and used to create and assign a unique number identifying that device. The act of signal collection can vary by methodology and technology.

How does device identification differ from browser fingerprinting?

Browser fingerprinting is just one of the many signal collection forms incorporated into device identification. Previously, device identification was achieved through signals like IP addresses and cookies. However, browser fingerprinting is a much more robust method given the number of signals collected, leading to the most accurate device identification generation.

Does Fingerprint Pro do device identification or browser fingerprinting?

To generate our unique VisitorID, Fingerprint incorporates device identification and browser fingerprinting. For mobile apps, we identify devices; for web and mobile browsers, we identify browsers as this allows us to achieve higher accuracy.

What is an IMEI, and is it part of a device identification?

IMEI stands for “International Mobile Equipment Identity.” It’s a unique number for identifying a device on a mobile network, and you can think of it as your phone’s social security number. IMEI factors into device identification of mobile devices but isn’t the only signal utilized when building a fingerprint.

Accuracy

How is your accuracy % defined?

We define our accuracy by how many returning visitors to a site we successfully identify as returning visitors, not new ones. So, for example, a 99.5% accuracy rate means we correctly identify 995 out of 1000 returning visitors on any site.

Does Fingerprint collect PII?

Fingerprint’s service utilizes IP address which may be constituted as PII depending on the regulations and/or laws under which your business operates. We do not collect other signals that are considered PII. Fingerprint also collects the URL from the page where signals are collected. We can hash the URL upon customer request under our Enterprise plan.

Which vendor identifiers does Fingerprint collect with mobile SDKs?

Fingerprint collects IDFV (identifier for vendor) on iOS and GFS ID (Google Services Framework Identifier) on Android. We do not collect any ad-related signals.

How do changes within browsers regarding privacy and tracking affect Fingerprint?

Security and privacy policies are rapidly changing; thus, the available signals from a user’s device are very dynamic. This requires constant tuning, machine learning, and other advanced techniques to keep our accuracy high. Due to this, we invest heavily in this exact area of the business.

Is Fingerprint Pro GDPR compliant?

Yes, Fingerprint Pro can be used in compliance with the General Data Protection Regulation (GDPR).  Where the GDPR applies, you are the “controller” of personal data collected in connection with the Fingerprint Pro service and Fingerprint is the “processor” of such data. To the extent that Fingerprint processes personal data in connection with the provision of the Fingerprint Pro service, we process such data in accordance with your instructions and as set forth in the GDPR data processing addendum. As a controller, it is your responsibility to comply with the GDPR requirements that apply to controllers. For example, you will need to establish a legal basis for the collection and use of data (such as legitimate interests or consent), provide appropriate notices to data subjects, ensure a record of consent when relying on consent as a legal basis and develop procedures to respond to data subject requests. The extent to which the GDPR applies and the nature of your obligations as a controller will depend on how you choose to use Fingerprint Pro. We recommend working with your legal team to determine the extent to which the GDPR may apply, and how best to address your GDPR compliance obligations. You can learn more about our compliance and security certifications here.

Is Fingerprint Pro CCPA compliant?

Yes, Fingerprint Pro can be used in compliance with the California Consumer Privacy Act (CCPA). Where the CCPA applies, you are the “business” with respect to any personal information collected in connection with the Fingerprint Pro service and Fingerprint processes such data as a the “service provider,” as set forth in the CCPA data processing addendum. As a business, it is your responsibility to comply with the CCPA requirements that apply to businesses. For example, you will need to provide appropriate notices to data subjects and develop procedures to respond to consumer rights requests. The extent to which the CCPA applies and the nature of your obligations as a business under the CCPA will depend on the way you choose to use Fingerprint Pro. We recommend working with your legal team to determine the extent to which the CCPA may apply, and how best to address your CCPA compliance obligations. You can learn more about our compliance and security certifications here.

Does Fingerprint Pro track website traffic automatically?

No, Fingerprint Pro does not track website traffic automatically. Fingerprint Pro provides tools for website owners, who determine the conditions under which website visitors are tracked. The website owner must ensure that its use of Fingerprint complies with relevant privacy laws, including addressing notice, consent or opt-out requirements, where necessary, depending on its use and implementation of the Fingerprint Pro technology.

Is Fingerprint SOC2 Compliant?

Yes - Fingerprint is SOC 2 compliant. You can learn more about our security certifications on our Security page.

Please contact sales if you want to see our SOC 2 report.

Does Fingerprint Pro require consent?

Fingerprint Pro is primarily designed for fraud detection, which generally does not require consent under most privacy laws. However, the extent to which you may need consent depends on where and how you choose to implement and use the Fingerprint Pro technology. We recommend working with your legal team to determine how best to address privacy requirements.

Where is Fingerprint Pro’s data stored?

When you create your account, you can choose between Global/US data storage (Richmond, Virginia), data EU storage (Frankfurt, Germany) and Asia-Pacific storage (Mumbai).

We can set up servers in additional locations for enterprise customers. To learn more, please contact sales.

Does Fingerprint collect personal data?

Fingerprint’s service leverages dozens of browser attributes, including IP address, to create a unique and stable visitorID for your website visitors. Depending on where and how you choose to use Fingerprint’s services, this visitorID, its associated browser attributes, and the data you choose to associate with them may be classified as “personal data” or “personal information” under applicable law. We recommend working with your legal team to determine the extent to which privacy laws may apply to your use of Fingerprint’s services.

Common Fraud Types

What are the types of payment fraud?

Digital payment fraud can take many forms. We help businesses detect several of them, including credit card fraud, credit card chargebacks (friendly fraud), coupon and promo code abuse, and card cracking. You can learn more about each here.

What is account takeover fraud (ATO)?

Account takeovers can appear in several forms, including credential stuffing and phishing attempts.

With credential stuffing, fraudsters will try to test thousands of login details they’ve obtained from an external source like a data breach of another site to try and gain access to a user’s accounts. This happens when users reuse passwords or unsecured passwords across multiple sites.

Phishing attempts are some of the most challenging fraud attempts to detect due to their level of social engineering sophistication. Phishing attempts happen in several ways, including through email, social media, phone calls, false web pages, and even direct mail.

What is multi-accounting fraud?

Multi-accounting fraud is when one person signs up for multiple accounts with the same service. This can happen for non-nefarious reasons or in attempts to gain something, including a winning advantage in an online poker game.

Multi-accounting is a growing problem in online gambling, gaming, and poker, and we discuss ways to detect and prevent multi-accounting in those industries here.