strona główna Publications Device fingerprinting in the fight against fraud

Device fingerprinting in the fight against fraud

2025-12-04

Contents

  1. The situation in Poland and actions taken by financial institutions
  2. What is device fingerprinting, and how does it work?
  3. The role of device fingerprinting in digital security systems
  4. Verification of known and trusted devices
  5. Complementing SCA systems and scoring models
  6. Detecting high-risk transactions from new devices
  7. What is the process for attributing a device to a customer?
  8. When does fingerprinting work properly?
  9. Applications of device fingerprinting
  10. Fraud detection in banking
  11. Verification of e-commerce transactions
  12. “Buyer” fraud on classified-ad and marketplace platforms
  13. The future of fingerprinting and its role in security systems
  14. Integration with machine learning and behavioural verification
  15. Support for strong customer authentication (SCA) and regulation
  16. Application in open banking and payment ecosystems
  17. The CFD platform as an example of device fingerprinting in practice
  18. Challenges and developmental prospects
  19. Summary
  20. Frequently asked questions

The growth in the number of digital transactions not only brings greater convenience for customers but also opens up more opportunities for fraudsters. Traditional authentication methods, such as passwords or SMS codes, are increasingly often insufficient for effective identity verification especially in an environment where fraud is becoming ever more sophisticated and difficult to detect.

That is why financial institutions and fintechs are now turning increasingly often to device fingerprinting a technique that identifies devices based on a set of their technical and configuration characteristics. By analysing such parameters as the operating system, browser, language, time zone and screen resolution, it is possible to create a unique device profile and detect unusual or high-risk behaviour before fraud occurs.

As fraudsters become increasingly adept at impersonating customers, effective fraud detection requires understanding not only who is logging in, but also from what device. Device fingerprinting provides that insight and that is precisely why it is steadily gaining importance.


The situation in Poland and actions taken by financial institutions

Anti-fraud tools are also experiencing rapid development in the Polish financial sector. According to the report Cyfrowa Twierdza (“Digital Fortress”), sector-wide security platforms have enabled the blocking of attempts to obtain fraudulent loans amounting to over PLN 700 million. This proves that the effective exchange of information and advanced analytical systems can significantly reduce the scale of losses incurred by financial institutions.

At the same time, the Polish credit bureau BIK is developing solutions based on behavioural verification. In 2022, it acquired the fintech Digital Fingerprints, which specialises in analysing the way devices are used from typing rhythm to interaction with the screen or mouse. According to a BIK press release in 2025, this technology is already in use in several banks in Poland, enabling the detection of anomalies in the background without user involvement.

What is device fingerprinting, and how does it work?

Device fingerprinting is a technique for identifying devices, based on the analysis of their distinctive technical characteristics. Unlike traditional identifiers such as IP address or cookies, fingerprinting creates a unique device profile, a so-called “digital fingerprint”, based on a set of parameters that, in a given combination, occur with a very low probability of repetition.

The types of data most commonly analysed include:

  • browser type and version (user agent)
  • hardware components (graphics card model, processor even the number of cores, etc.)
  • operating system
  • screen resolution
  • time zone and language
  • installed plugins
  • time of device operation

The collected data is then processed to generate a unique device identifier. Importantly, fingerprinting is a passive technique: it does not require any software to be installed or the user’s explicit consent.

The purpose of fingerprinting is not to precisely identify the user as a physical person, but to recognise their hardware environment and detect anomalies, such as logins from a new or modified device, an emulated environment, or a configuration previously associated with fraud cases.

In practice, this means that even if a fraudster obtains valid login credentials, the system may flag their authentication attempt due to an inconsistent device profile such as an unusual combination of technical parameters, a different location, or the absence of any historical link to the account.

The role of device fingerprinting in digital security systems

In the field of digital security, device fingerprinting is used primarily as a component that supports real-time risk assessment. It does not replace traditional authentication mechanisms but provides valuable contextual data that helps to better understand the environment in which the user operates whether they are logging in, conducting transactions, or filling out forms and to assess whether that behaviour falls within the expected pattern.

Device fingerprinting supports the protection of logins and transactions at many stages from detecting new devices to enhancing risk scoring and securing fund withdrawals.

Verification of known and trusted devices

One of the main applications of fingerprinting is distinguishing already known, “trusted” devices from those appearing for the first time or showing an unusual configuration. Device verification is triggered when a customer logs in to their account. The system compares the current fingerprint with the previously recorded pattern, and if the data matches, it allows the customer to log in or performs a simplified authorisation procedure. Otherwise, the system may require additional identity verification, for example via an SMS code, mobile phone authorisation, or a strong customer authentication (SCA) mechanism.

In practice, this means that even if a fraudster obtains valid login credentials (for example, through phishing), the device used for the login attempt may fail verification. This is particularly likely in cases where the attacker uses an emulator, conceals their location, changes their browser, or masks real system parameters (for example, by using a VPN).

Complementing SCA systems and scoring models

In the PSD2-regulated environment, device fingerprinting is excellent at supporting the requirements of strong customer authentication and makes it possible to determine whether a given session meets the SCA criteria. It allows a transaction to be attributed not only to a specific customer, but also to a device that the user is in the exclusive possession of, which significantly enhances the session’s credibility.

Fingerprinting can also be used as one of the variables in risk-scoring models, for example to enable dynamic risk assessment of transactions or sessions. An unusual display resolution, a changed system language or an unexpected browser version can raise the level of risk and trigger additional rules in the decision engine.

Detecting high-risk transactions from new devices

Device fingerprinting plays an important role not only in login processes but also in analysing the risk of situations where the user performs payment transactions that could result in the loss of funds. A transaction initiated from an unknown device, particularly when no mobile app is used or when the method of authorisation has changed, may be considered suspicious and require additional verification.

When combined with behavioural verification and security rules, device fingerprinting supports mechanisms for blocking or delaying suspicious operations until they are verified. This is especially important in cases of account takeovers (ATO), attempted transfer fraud, or orders initiated from emulators or environments with a masked device identity.

What is the process for attributing a device to a customer?

The implementation of device fingerprint identification requires the definition of rule that will allow the system to differentiate trusted devices from those that should be treated as potentially risky. Although the technology operates in the background and does not require the user’s active participation, the way the system interprets the device’s behaviour in the context of account history and previous interactions is crucial.

In certain cases the customer may be asked to confirm that they want the device to be added to the list of trusted devices, confirmed either by a text message code or selection of the appropriate option when logging in.

When does fingerprinting work properly?

In order for fingerprinting to be effective, the user must consistently use the same technical configuration. Only then does the device fingerprint function correctly and enable the device to be reliably linked to the user. A change of browser, reset of settings, incognito mode or software that automatically deletes cookies and local data may cause the device to be treated as new even if it is physically the same piece of hardware. In such cases for example, after ending a session with cleared browser memory the fingerprint may differ from the version originally saved, which then triggers a re-verification.

It is worth adding that fingerprinting does not assume that the sole user of the device is a specific customer. On the contrary risk analysis takes into account the fact that devices can be shared (for example, within households) and that certain parameters may be modified or simulated. Therefore, fingerprinting serves as a supporting component, and not the sole reference point for authorisation decisions.

Applications of device fingerprinting

The implementation of device fingerprinting delivers measurable benefits across various areas from banking and payments to e-commerce and classified-ad platforms. The technology helps to better assess the user’s technical and behavioural context, which translates to more effective fraud detection and a reduction in transaction risk. The examples below illustrate the most common applications of device fingerprinting.

Fraud detection in banking

Device fingerprinting technology is widely used in the banking sector, particularly for monitoring unusual user behaviour. Analysing characteristic device parameters enables the quick detection of situations where a single device is used to log in to multiple accounts, which may indicate an attempt at identity theft or other forms of fraud.

Verification of e-commerce transactions

Online stores and sales platforms increasingly use device fingerprinting to enhance the credibility of the purchasing process. By comparing the current device profile with earlier data, systems are able to detect irregularities, such as a high-value order from a device not previously linked to the customer’s account. This type of analysis constitutes an important aspect of payment fraud prevention, particularly in fast-paced environments with large transaction volumes.

Buyer” fraud on classified-ad and marketplace platforms

On classified-ad and marketplace platforms, device fingerprinting can help detect attempts at so-called “fake buyer” fraud. This refers to situations where the same person posing as multiple different buyers contacts numerous sellers from different accounts while actually using a single device or distinctive technical configuration. Detecting such a pattern enables faster identification of attempts to obtain personal data, request off-platform payments, or commit other types frauds before the actual transaction takes place.

The future of fingerprinting and its role in security systems

The rapid development of technology, tightening regulatory requirements, and fraudsters’ increasingly sophisticated methods of operation mean that device fingerprinting will play an ever more important role in digital security strategies. Although not new technology, its application is evolving from the simple device recognition to a more advanced component of multi-layered risk-assessment models.

Integration with machine learning and behavioural verification

In the coming years, device fingerprinting is expected to be used more widely in combination with machine learning. Machine-learning algorithms will analyse not only a device’s technical profile, but also patterns of user behaviour (including scrolling speed, navigation paths, and click sequences), allowing the construction of significantly more precise risk profiles.

Such a hybrid model combining device fingerprinting with behavioural verification will enable not only the detection of unauthorised access, but also the identification of subtle deviations from the user’s usual behaviour, for example in the event of their account being hijacked by a third party.

Support for strong customer authentication (SCA) and regulation

In a regulated environment, and particularly in the context of PSD2 and Strong Customer Authentication (SCA) requirements, device fingerprinting is gaining importance as a tool that supports authentication. It can be used to confirm a user’s identity independently of their login and password, and to classify transactions as low-or high-risk within the framework of dynamic transaction risk analysis (TRA).

Application in open banking and payment ecosystems

In the open banking model, were multiple entities have access to user data (with the user’s consent), device fingerprinting can serve as an additional layer of verification, independent of the service provider. This enables the creation of consistent risk-detection mechanisms, even in fragmented environments.

Likewise in the e-commerce sector, where users more and more often use multiple shopping channels and devices, fingerprinting can help detect fraud related to payments, refunds, promotions or temporary accounts.

The CFD platform as an example of device fingerprinting in practice

One of the anti-fraud solutions offered by BIK is the Cyber Fraud Detection (CFD) platform, designed to detect attempted fraud across online channels. A key element of this platform is its dedicated anti-fraud rules engine, which uses analysis of the customer’s device in other words, device fingerprinting.

Thanks to such device fingerprinting, it is possible to assign a unique device identifier (device ID) and obtain detailed technical information, such as IP address, VPN use, geolocation, user agent data (including screen resolution, the browser and its version), cookies and session ID.

An additional advantage of the CFD platform is its ability to share information about compromised devices among subscribers. If a device is marked as being associated with fraud by one of the system’s users, this information becomes available to all other platform participants, significantly enhancing the effectiveness of fraud prevention efforts.

Challenges and developmental prospects

Despite its numerous strengths, there are also challenges with device fingerprinting. Technological progress fosters the emergence of increasingly sophisticated methods of bypassing security measures, thereby making effective device identification more difficult. In order to keep this technology effective, it is essential to continually adapt it to these developments.

The direction of device fingerprinting development is to strike a balance between effective protection and respect for user privacy. Future solutions will increasingly take into account the need for greater transparency and user control, promoting more responsible use of the technology.

Summary

Device fingerprinting is an effective tool for supporting fraud detection and risk assessment in the digital environment. It enables the recognition of trusted devices, the detection of anomalies, and the strengthening of authentication processes all without involving the user. Its value is growing, especially in the context of SCA, open banking, and dynamic detection models. It is not a standalone solution, but provides effective support for other security tools. The key to its effectiveness lies in integration with other data sources and compliance with regulatory requirements.

Frequently asked questions

What is device fingerprinting?

Device fingerprinting is a technique for identifying a device based on its unique technical characteristics, such as its browser, operating system, and screen resolution. It enables the creation of a so-called digital fingerprint, which is used to recognise and monitor devices.

How does device fingerprinting work?

Device fingerprinting involves the collection of information on the technical parameters of a user’s device and its analysis for the purpose of generating a unique identifier. This process usually takes place in the background, without the user’s involvement, and serves to assess risk, detect anomalies, and secure sessions.

What are the typical applications of device fingerprinting?

This technology is used, among other things, for detecting fraud in banking, verifying transactions in e-commerce, and identifying fake accounts on classified-ad platforms. Fingerprinting strengthens security systems by detecting suspicious logins or unusual behaviour.

Can a device’s fingerprint be concealed or changed?

Partly, yes. Users can use VPNs, browsers in private mode, or tools that modify device parameters, but advanced systems are capable of detecting such attempts and treat them as risk signals.