Skip to content

Adding Device Fingerprinting

Overview

Signifyd’s device fingerprinting tags enable the collection of behavior (page view, clicks, mouse movements, etc.) and device data (operating system, browser, true IP, device Id, etc.) that helps bolster the identification of fraud. If you sell products through a native mobile application (iOS and/or Android), you will also need to integrate one of our Mobile SDKs.

This guide will cover the following steps:

  1. Generate Session ID >
  2. Add the Script >
  3. Send the Session ID >
  4. Verify Device Fingerprinting >

Note: The JavaScript tags load asynchronously, it does not affect page load times or the checkout experience.

Generate Session ID

The session ID is a random string that is unique to each checkout on your online store, not the user's browsing session.

Here are some suggestions for creating a unique session ID:

  • Create a session identifier from a cookie and append the date and time in milliseconds to the end of the identifier along with a hexadecimal hash.
  • Create a session identifier from scratch by using the date and time in milliseconds and a randomly generated hexadecimal hash.
  • Use an existing session identifier from your online store and add a hexadecimal hash to the value.

Important: To ensure the script works properly the session Id should meet the following guidelines:

  • Be greater than 10 characters and less than 128 characters long
  • Be unique for each user's checkout.
  • Only contain the following characters: upper and lowercase English letters (a-z, A-Z), digits (0-9), underscores (_), or hyphens (-).

Add the Script

Implementing on Your Website

Place the tags just before the closing  tag on all public facing pages on your store.

Note: We highly recommend that you include this script on every page on your site - not just the checkout page. Including the script on every page allows Signifyd to detect anomalous behavior that may be indicative of fraud as users browse through your online store.

Implementing on Your Mobile App

Refer to our SDK page and for the mobile SDK integration guide and other additional implementation details.

Send the Session ID

Add the data-order-session-id from the script and or mobile SDK to the order session Id in the body of the Checkout API or Sale API request

Sending Session ID

  1. purchase['orderSessionId'] = uniqueSessionId;

Verify Device Fingerprinting

To ensure optimal performance of Signifyd's device fingerprinting each order includes a device fingerprinting status. If an order does not contain a successful device fingerprint, the status of the issue and steps to resolve are displayed on the Data Quality page.

Best Practices

When sending orders for device fingerprinting analysis we recommend you mimic your production store's checkout flow and create test orders for every channel you sell on. This will help you identify and resolve technical issues before deploying your integration to your production store.

  • Create test orders for each payment method and payment gateway available on your store (stripe, paypal, check, credit card, Apple Pay, gift card, etc).
  • Create test orders for each order channel available on your store (web, mobile app, social media, marketplace, phone, etc).

Reviewing Device Fingerprinting Issues

  1. Submit an order using the Checkout API (Pre-Auth) or Sale API (Post-Auth).
  2. Got to the Teams page, find your team in the grid, and click on the Data Quality icon in the bottom right corner.
  3. Search for the order you created and find the Device Fingerprinting column
  4. If the order shows “Not received” repeat the steps below until all of the issues have been resolved.
Data Quality page in the Developer Tools web app.

Steps to Solve

For javascript tag implementations:

  1. Add the Signifyd javascript tags to your online store. Learn how
  2. Provide the order session id field in the Checkout API (Pre-Auth) or Sale API (Post-Auth) request.
  3. Make sure the order session id value used in the script tag matches the order session id provided in the Checkout API (Pre-Auth) or Sale API (Post-Auth) request.
  4. Be sure that the javascript tag has sufficient time to load before checkout is complete. The script tags should be loaded on all pages, especially pages where the user may spend a considerable amount of time interacting with.
  5. Verify extensions like Ghostery or Disconnect which can block scripts from loading are not enabled.

For mobile SDK implementations:

  1. Implement the mobile SDK on your native mobile application. Learn how
  2. Provide the order session id field in the Checkout API (Pre-Auth) or Sale API (Post-Auth) request.
  3. Make sure the session id used in the profile request matches the order session id provided in the Checkout API (Pre-Auth) or Sale API (Post-Auth) request.
  4. Be sure that the mobile SDK has sufficient time to load before checkout is complete. We recommend you call the profile request every time the app opens.

Wrap Up

You have successfully added device fingerprinting to your store, to enable the collection of behavior and device data.

Next Steps

Was this page helpful?