Forum Discussion
Christian_Schlegel
Microsoft
Nov 08, 2024Additional commonly asked Q&A related to ‘Device Fingerprinting’ in DFP continued
We're excited to keep our weekly spotlight series going on various topics within our Microsoft Fraud Protection Tech Community to help you maximize the benefits of Microsoft Dynamics 365 Fraud Protection (DFP). This week, we're continuing our focus on commonly asked questions about DFP 'Device Fingerprinting' which you can check out the Q&A details here:
If you have any questions, please feel free to reach out in the Fraud Protection Tech Community. Your feedback is incredibly valuable to us.
Best wishes,
DFP Product Team
------------------
1. Is device fingerprinting necessary?
For DFP to provide the most accurate scores, device fingerprinting is highly recommended as it provides hundreds of device attributes. These critical attributes are used by DFP's machine learning to constantly improve the accuracy of your system. For more information, see the DFP Documentation site: Overview of device fingerprinting - Dynamics 365 Fraud Protection | Microsoft Learn
2. What is DFP Device Fingerprinting and how does it work?
For a description of DFP Device Fingerprinting and how it works, please refer to the following DFP documentation: Overview of device fingerprinting - Dynamics 365 Fraud Protection | Microsoft Learn
3. What data is retained by DFP Device Fingerprinting and for how long?
The data collected by the device fingerprinting feature is stored in a Microsoft designated data center closest to the location of the transaction source for up to 28 days. The data could also be stored along with the transaction that was sent against this profiling session in the customer’s selected geography, if the customer has opted in to storing data with DFP. (Note – for legacy Purchase assessment, data storage is not optional)
4. How can I tell if device fingerprinting has stopped for some reason?
In Microsoft Dynamics 365 Fraud Protection, you can tell if device fingerprinting has stopped by monitoring the SSL certificate status and ensuring it is up to date. If the SSL certificate used for device fingerprinting is not renewed before its expiration date, device fingerprinting will stop collecting information. You should receive notifications regarding the SSL certificate for renewal status, as it is a critical component for the device fingerprinting service.
Additionally, you can monitor the health and status of device fingerprinting through the Dynamics 365 Fraud Protection portal, which provides metrics that refresh near real-time. These monitors are designed to assist in detecting unusual transaction patterns or anomalies in observation events, such as fraud attacks and faulty rule releases.
References:
5. Outline the device profiling capabilities you support, if any.
D365 Fraud Protection (DFP) supports probabilistic device identification, which involves returning an assigned device ID to the client along with device enrichment information.
6. What kind of device metadata can be gathered from the device being used?
Data categories collected for web include:
- UserAgent information
- Canvas/WebGL data
- HTTP data
- Within and across session anomaly information
- IP, network, VPN and geo intelligence
- TCP Signature
- SSL/TLS Signature
- Client hints
- Javascript collected information like OS, processor, screen resolution, round trip time, etc.
Data categories collected for iOS and Android include:
- Accelerometer and gyroscope data
- Location data
- Emulator and rooted information
- SIM card information
- Device specification data like advertising ID, screen size, total memory, screen refresh rate, build ID, etc.
- User preference data like is closed captioning enabled, is speak screen enabled, is haptic feedback enabled, etc.
For a full list of attributes we collect across web, Android, and iOS, see Attributes in device fingerprinting - Dynamics 365 Fraud Protection | Microsoft Learn.
7. How is the metadata evaluated to identify anomalies and create sticky identifiers for device recognition?
D365 Fraud Protection (DFP) enriches the attributes collected from the device and runs these attributes through an embedding model, creating a vector representation of a device that remains sticky over time. DFP then checks similarity to determine device ID assignment. With device vectors, we can consistently identify returning devices.
8. What kind of challenges (e.g., CAPTCHAs) are invoked if suspicious activity is detected?
D365 Fraud Protection (DFP) doesn't provide challenge capabilities in the product, however, clients can invoke different kinds of challenges that suit their own business needs (CAPTCHA, RECAPTCHA or MFA, for example), through a “challenge” decision based on the bot score rules they configure in our rule engine.
9. What if clients are using a device fingerprinting of their own and they would like to complement with MS DFP, could they use both?
Yes, they could use both services. The client can integrate with DFP and their other device fingerprinting and use the data from both on their end.
10. In the portal UX for classic PP, can attributes returned by device fingerprinting only be used in the "Post Risk Scoring" clause section?
No, you can reference @"deviceAttributes.trueIp" (for example; gets returned from Device Fingerprinting) in both types of rule clauses – Prior to Scoring, Post Risk Scoring – as this is different than generating a risk score.
- FlaviovCopper Contributor
Is it possible that several unrelated customers get the same device fingerprint id? And if so why?
- Christian_Schlegel
Microsoft
Yes, it is possible for several unrelated customers to get the same device fingerprint ID. This can happen due to several reasons:
- Shared Devices: If multiple customers use the same device, such as a public computer or a shared tablet, the device fingerprint ID generated will be the same for all users of that device.
- Similar Device Configurations: Device fingerprinting relies on collecting various attributes like hardware information, browser information, geographic information, and IP address. If two devices have very similar configurations and settings, they might end up with the same or very similar device fingerprint IDs
- Network and Proxy Usage: If customers are accessing the service through the same network or proxy, the IP address and some network-related attributes might be the same, leading to similar device fingerprints.
- Limited Attribute Variability: In some cases, the attributes collected might not be diverse enough to uniquely identify each device, especially if the devices are from the same manufacturer and model.
These factors can contribute to the generation of identical or similar device fingerprint IDs for different customers. If you have any more questions feel free to ask.
1.Overview of device fingerprinting - Dynamics 365 Fraud Protection | Microsoft Learn
2. Attributes in device fingerprinting - Dynamics 365 Fraud Protection | Microsoft Learn
- FlaviovCopper Contributor
Hey Christian
Thanks for your response.
It makes sense that in these cases we get the same or similar IDs. However, when I check some of the response JSON files, I find different True IPs, different Device Cities, different Carriers, etc., but still the same Device ID, and that doesn't make sense to me. Any idea what might be causing this?