Skip to content

Adding Device Fingerprinting

Overview

Signifyd’s device fingerprinting tags enable the collection of behavior (page view, clicks, mouse movements, etc.) and device data (operating system, browser, true IP, device Id, etc.) that helps bolster the identification of fraud. If you sell products through a native mobile application (iOS and/or Android), you will also need to integrate one of our Mobile SDKs.

This guide will cover the following steps:

  1. Generate Session ID >
  2. Add the Script >
  3. Send the Session ID >
  4. Verify Device Fingerprinting >

Note: The JavaScript tags load asynchronously, it does not affect page load times or the checkout experience.

1. Generate Session ID

The session ID is a random string that is unique to each checkout on your online store, not the user's browsing session.

Here are some suggestions for creating a unique session ID:

  • Create a session identifier from a cookie and append the date and time in milliseconds to the end of the identifier along with a hexadecimal hash.
  • Create a session identifier from scratch by using the date and time in milliseconds and a randomly generated hexadecimal hash.
  • Use an existing session identifier from your online store and add a hexadecimal hash to the value.

Important: To ensure the script works properly the session Id should meet the following guidelines:

  • Be greater than 10 characters and less than 128 characters long
  • Be unique for each user's checkout.
  • Only contain the following characters: upper and lowercase English letters (a-z, A-Z), digits (0-9), underscores (_), or hyphens (-).

2. Add the Script

Implementing on Your Website

Place the tags just before the closing </head> tag on all public facing pages on your store.

Note: We highly recommend that you include this script on every page on your site - not just the checkout page. Including the script on every page allows Signifyd to detect anomalous behavior that may be indicative of fraud as users browse through your online store.

Implementing on Your Mobile App

Refer to our SDK page and for the mobile SDK integration guide and other additional implementation details.

3. Send the Session ID

Add the data-order-session-id from the script and or mobile SDK to the order session Id in the body of the create case request.

Sending Session ID

  1. purchase['orderSessionId'] = uniqueSessionId;

4. Verify Device Fingerprinting

To ensure optimal performance of Signifyd's device fingerprinting each order includes a device fingerprinting status. If a case does not contain a successful device fingerprint, the status of the issue and steps to resolve are displayed on the Data Quality page.

Best Practices

When sending orders for device fingerprinting analysis we recommend you mimic your production store's checkout flow and create test orders for every channel you sell on. This will help you identify and resolve technical issues before deploying your integration to your production store.

  • Create test orders for each payment method and payment gateway available on your store (stripe, paypal, check, credit card, Apple Pay, gift card, etc).
  • Create test orders for each order channel available on your store (web, mobile app, social media, marketplace, phone, etc).

Reviewing Device Fingerprinting Issues

  1. Submit a case using the Create Case API.
  2. Go to Data Quality and search for the case you created.
  3. Review the status of the device fingerprint, this would either be Received or Not Received.
  4. If Not Received, click on the status button to expand the details pane and locate the Steps to Solve section to resolve any issues.
  5. Please note that steps will be appropriate for javascript tag implementations and for mobile SDK implementations separately.
  6. Repeat steps 1-5 until all of the issues have been resolved.
Data Quality page in the Developer Tools web app.

Steps to Solve

For javascript tag implementations:

  1. Add the Signifyd javascript tags to your online store. Learn how
  2. Provide the order session id field in the create case API request.
  3. Make sure the order session id value used in the script tag matches the order session id provided in the create case API request.
  4. Be sure that the javascript tag has sufficient time to load before checkout is complete. The script tags should be loaded on all pages, especially pages where the user may spend a considerable amount of time interacting with.
  5. Verify extensions like Ghostery or Disconnect which can block scripts from loading are not enabled.

For mobile SDK implementations:

  1. Implement the mobile SDK on your native mobile application. Learn how
  2. Provide the order session id field in the create case API request.
  3. Make sure the session id used in the profile request matches the order session id provided in the create case API request.
  4. Be sure that the mobile SDK has sufficient time to load before checkout is complete. We recommend you call the profile request every time the app opens.

Wrap Up

You have successfully added device fingerprinting to your store, to enable the collection of behavior and device data.

Next Steps

Was this page helpful?