We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Let the OSS Enterprise newsletter guide your open source journey! Sign up here.
FingerprintJS, a Chicago, Illinois-based company developing a fingerprinting service for the web, today announced that it raised $32 million in series B funding led by Craft Ventures with participation from Nexus Venture Partners and Uncorrelated Ventures. Cofounder and CEO Dan Pinto says that the new capital will be put toward supporting the creation of new developer tools and further developing FingerprintJS’ existing line of products.
The ubiquity of smartphones — combined with the growth of cryptocurrencies, online gaming, and payment solutions — has increased the risk of fraud for companies during the pandemic. According to a PricewaterhouseCoopers survey, the average business has experienced six frauds in 2020, with customer fraud, cybercrime, and equipment misappropriation identified as the most common forms of fraud. Thirteen of those who’d experienced fraud said that they’d lost more than $50 million in assets. And only 56% documented an investigation into their worst incident.
Founded in 2019 by Pinto and Valentin Vasilyev, FingerprintJS offers a “fingerprinting” service engineered to prevent fraud, spam, and account takeovers by combining hundreds of signals inside a web browser to generate an identifier that can be used to detect unusual behavior. While startups like NS8 offer similar solutions, Pinto claims that FingerprintJS is uniquely designed to let developers build custom solutions for complex fraud.
“Online fraudsters are becoming increasingly more sophisticated at evading detection, while the risk for companies from account takeovers and breaches has never been higher. Adding additional authentication measures can reduce the risk, but negatively impact customer experience at the same time, slowing conversions and reducing revenue,” Pinto said in a statement. “FingerprintJS solves a critical fraud protection gap by enabling accurate identification of every browser navigating to a website or app, without the cost of increased friction for customers.”
The open source version of FingerprintJS — which is used by 12% of the top 500 websites in terms of traffic, including eBay, Coinbase, and Yahoo — has been downloaded more than 14 million times. But FingerprintJS makes the bulk of its revenue from FingerprintJS Pro, a cloud-hosted software-as-a-service (SaaS) edition of the technology that adds additional client and server-side techniques, machine learning, APIs, and AI tools.
FingerprintJS Pro offers a superior method of anonymous visitor identification that uses browser fingerprinting in conjunction with cookies, visit history, and geolocation data to create a unique and highly stable visitorID.
FingerprintJS says that by capturing details like a user’s computer make and model, operating system, browser version, browser extensions, timezone language settings, screen size and resolution, and hardware specs (like the CPU, GPU, and hard disk model), its technology can be used to protect login pages from:
- Automated attacks and phishing attempts
- Providing data to payment processors to catch fraud
- Account sharing detection and prevention for SaaS and subscription services
- Building paywalls that can’t be easily evaded by going incognito or using a VPN
- Changing IP addresses or clearing cookies
- Preventing malicious users from trolling online communities
- Restricting cheaters’ access to online games and gambling services
Potential roadblocks to the company’s growth come from built-in browser protections and regulations like the European Union’s (EU) General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), which restrict the use of several browsers’ fingerprinting and tracking methods. Google Chrome’s Privacy Sandbox attempts to prevent fingerprinting by hiding hardware and software information from websites, while Safari blocks a number of tracking technologies, including some attempts at fingerprinting.
Sophisticated malicious actors might opt for tools like FraudFox and Antidetect, which allow users to change the components of their system to avoid detection. Antidetect can spoof things like the browser version, language, user agent, number, and type, as well as operating system settings.
On the subject of GDPR and CCPA, FingerprintJS claims that, because its service is only used for fraud detection and not tracking traffic, it doesn’t need visitor consent for compliance. As for browser-level blocking techniques, the company admits that users can theoretically “escape” being associated with a previous visit (if, for example, more than one person uses the same browser on the same type of phone or laptop), but that FingerprintJS can accurately identify 99.5% of returning web browsers in less than 500 milliseconds.
“One of the benefits of FingerprintJS’ product is that it can estimate identification accuracy for each customer separately and in real time, allowing us to make specific recommendations to our enterprise customers as to how they can improve their fraud workflows to catch edge cases. We are able to do this by comparing different identifier methods (e.g., cookies versus browser fingerprinting) to highlight cases where an identifier fails to differentiate two unique visitors.” Pinto told VentureBeat via email. “Beyond our customers, our identifier accuracy is a real ‘North Star’ for our engineering team, giving us data on how to improve our machine learning models over time, and pointing us in the right direction for research into additional fingerprinting signals.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.