Adding Device Fingerprinting

Signifyd’s device fingerprinting tags enable the collection of behavior (page view, clicks, mouse movements, etc.) and device data (operating system, browser, true IP, device Id, etc.) that helps bolster the identification of fraud. If you sell products through a native mobile application (iOS and/or Android), you will also need to integrate one of our Mobile SDKs.

🚧

Important

Device profiling data is key to Signifyd's model efficacy and a required part of a successful implementation.

Device profiling coverage levels below 80% of orders may be considered a blocker for Go-Live.

Generate Session ID

The session ID is a random string that must be shared between your client and server, and ultimately provided to Signifyd. This will be unique to each checkout on your online store, not the user's browsing session.

Here are some suggestions for creating a unique session ID:

  • Create a session identifier from a cookie and append the date and time in milliseconds to the end of the identifier along with a hexadecimal hash.
  • Create a session identifier from scratch by using the date and time in milliseconds and a randomly generated hexadecimal hash.
  • Use an existing session identifier from your online store and add a hexadecimal hash to the value.

🚧

Important

To ensure the script works properly the session Id should meet the following guidelines:

  • Be greater than 10 characters and less than 128 characters long
  • Be unique for each user's checkout.
  • Only contain the following characters: upper and lowercase English letters (a-z, A-Z), digits (0-9), underscores (_), or hyphens (-).

Add the Script

📘

Note

The JavaScript tags load asynchronously, it does not affect page load times or the checkout experience.

Implementing on Your Website

Place the tags just before the closing tag on all public facing pages on your store.

📘

Note

We highly recommend that you include this script on every page on your site - not just the checkout page. Including the script on every page allows Signifyd to detect anomalous behavior that may be indicative of fraud as users browse through your online store.

Implementing on Your Mobile App

Refer to our SDK page and for the mobile SDK integration guide and other additional implementation details.

Send the Session ID

Add the data-order-session-id from the script and or mobile SDK to the order session Id in the body of the Checkout API or Sale API request.

SENDING SESSION ID

purchase['orderSessionId'] = uniqueSessionId;

Verify Device Fingerprinting

To ensure optimal performance of Signifyd's device fingerprinting each order includes a device fingerprinting status. If an order does not contain a successful device fingerprint, the status of the issue and steps to resolve are displayed on the Data Quality page.

Best Practices

When sending orders for device fingerprinting analysis we recommend you mimic your production store's checkout flow and create test orders for every channel you sell on. This will help you identify and resolve technical issues before deploying your integration to your production store.

  • Create test orders for each payment method and payment gateway available on your store (stripe, paypal, check, credit card, Apple Pay, gift card, etc).
  • Create test orders for each order channel available on your store (web, mobile app, social media, marketplace, phone, etc).

Reviewing Device Fingerprinting Issues

  1. Submit an order using the Checkout API (Pre-Auth) or Sale API (Post-Auth).
  2. Got to the Teams page, find your team in the grid, and click on the Data Quality icon in the bottom right corner.
  3. Search for the order you created and find the Device Fingerprinting column
  4. If the order shows “Not received” repeat the steps below until all of the issues have been resolved.
Data Quality page in the Developer Tools web app.

Data Quality page in the Developer Tools web app.

Steps to Solve

For javascript tag implementations:

  1. Add the Signifyd javascript tags to your online store. Learn how
  2. Provide the order session id field in the Checkout API (Pre-Auth) or Sale API (Post-Auth) request.
  3. Make sure the order session id value used in the script tag matches the order session id provided in the Checkout API (Pre-Auth) or Sale API (Post-Auth) request.
  4. Be sure that the javascript tag has sufficient time to load before checkout is complete. The script tags should be loaded on all pages, especially pages where the user may spend a considerable amount of time interacting with.
  5. Verify extensions like Ghostery or Disconnect which can block scripts from loading are not enabled.

For mobile SDK implementations:

  1. Implement the mobile SDK on your native mobile application. Learn how
  2. Provide the order session id field in the Checkout API (Pre-Auth) or Sale API (Post-Auth) request.
  3. Make sure the session id used in the profile request matches the order session id provided in the Checkout API (Pre-Auth) or Sale API (Post-Auth) request.
  4. Be sure that the mobile SDK has sufficient time to load before checkout is complete. We recommend you call the profile request every time the app opens.