Strictera DFP

Digital fraud prevention through persistent, reproducible fingerprints for users on browsers and mobile devices.

Book a demo

100+ signals real-time aggregation

Cookieless persistent ID

No personal data collection

About the product

Strictera DFP (Digital Fraud Prevention) evaluates more than 100 browser or mobile device signals in real time and generates a unique visitor identifier.

Additional network, behavioral, and automated signals scoring produces a unique user ID that help address a range of online fraud issues at key journey points such as login, sign-up, and payment.

At the same time, Strictera DFP reduces friction for returning visitors without collecting personal information, improving the overall user experience.

Product components

Stable identification

Dozens of browser and mobile device signals, such as version, OS, language, time zone, Canvas, and WebGPU, are combined into a unique visitor ID that remains stable even when cookies are blocked of cleared.

Risk signals scoring

Additional parameters, such as bot_score, vpn, hosting, and bot_hosting are weighted in real time to identify risky behavior and prevent online fraud.

Features

Cookieless identification

Use a more persistent method than basic JA3, JA4, and User-Agent matching to identify unique visitors, incognito sessions, cookieless users and devices with unwanted activity.

Multi-accounting detection

Detect multiple accounts accessed from the same device and support account-linking logic without requiring major backend changes on the customer side.

Compromised device detection

Detect sessions that show signs of rooted, emulated, infected, or manipulated environments before they can be used for unauthorized access or data extraction.

Anti-fraud policies enrichment

Enhance your security system with fraud-related attributes such as bot_score, VPN, bot hosting, suspicious browser behavior, incognito or private mode indicators, and environment inconsistencies to improve traffic control decisions.

Cookie stealing prevention

Compare the environment in which an authentication token was created with the current session environment. Any mismatch may indicate token or cookie theft.

SMS and promo abuse prevention

Connect repeated sing-ups, bonus activations, referral abuse and SMS pumping patterns to stable digital fingerprints rather than volatile cookies or IPs.

Spoofing and anonymization detection

Identify VPN, Tor, proxy usage, geo mismatches, fake browser fingerprints, private mode, and environment substitution to provide cleaner signals to the fraud stack.

User friction reduction

Reduce unnecessary re-authentication, 2FA, OTP, and CAPTCHA challenges, through background recognition of trusted returning users, improving conversion rates and UX metrics.

How it works

1.

Embedding the JS Script on the web resource. The script executes on every user visit to the page (logins, sign-ups, checkout, payment confirmation, promo activation, etc.), or under specific conditions. The script is embedded by adding a line of code:

<script src="https://fp.strictera.tech/fp/v1/<CUSTOMER-TOKEN>/fp.js"></script>

2.

Collecting device and browser signals. The data characterizes the user’s device, browser engine, unique browser parameters, as well as user changes to their environment (Canvas, audio, WebGPU, screen size, extensions, language, fonts, etc.).

3.

Sending data to Strictera DFP. The script sends client data to our endpoint. We enrich it with data obtained from the server side and perform all necessary processing.

4.

Receiving the result and sending data to the client’s backend. The backend receives encrypted data, decrypts it, and obtains a JSON containing all the necessary information for user evaluation: user system information, bot signals, VPN indicators, etc.

The main result of the Strictera DFP is a unique user identifier (browser or mobile device) based on the entire variety of collected information, enabling the solution of various anti-fraud tasks.

Note. Strictera DFP is designed to be used as a data layer. It can work together with existing anti-fraud, IAM, SIEM, bot protection and payment risk tools rather than replacing them. Depending on the customer’s architecture and risk requirements solution can be connected through a ready JS agent, direct API calls or a dedicated subdomain.