Skip to main content

Device ID

The device your customers use to make a transaction is an excellent tool you can use in your risk management strategy. As a Rule manager user, you can use velocity attributes to manage the risk coming from a specific device ID.

Did you know?

Fraugster offers you several options to manage the device ID fraud. You can send your own device ID to the Fraugster API in device_id and use this data during the rule creation. If you're using an external service provider for device fingerprinting, you can also send device_id_smart and device_id_exact and use them as desired.

Alternatively, you can opt in to use Fraugster device ID. It's represented by the hashed value of all device fingerprint datapoints concatenated with the Class B IP address. Read more in Device ID at Fraugster.

Velocity attributes of the device ID specify the frequency of transactions incoming from one device ID. These attributes are particularly useful if you want to detect and prevent fraud coming from the same device in quick succession.

Fraugster offers the following velocity attributes for the device ID:

  • 1 minute
  • 5 minutes
  • 1 hour
  • 7 hours
  • 1 day
  • 5 days

Here are a few scenarios you may want to consider for your rule logic:

  • Velocity of one minute is usually used to detect scripts or any other non-human behavior. It is highly unlikely that a human user attempts several purchase attempts within 1 minute.
  • Velocity of 5 minutes wouldn't normally show multiple good transactions.
  • It's good to combine the device ID velocity logic with the IP address. Consider how many different IP addresses you see with the same device ID. Usually we expect the IP address to be the same or change over a period of at least few days. If, however, we see the IP address change frequently, this is an indicator of fraud.
  • Another common scenario is to combine the device ID logic with the email address. If you see 5 different transactions with the dame device ID but 5 different email addresses, this most probably is a result of an account takeover. The same logic applies to the customer ID instead of email address.
Last updated on