Device fingerprinting and user tracking
VX uses device fingerprinting to link sessions back to the same device, even when a person rotates emails, phone numbers, or other personally identifiable information. By monitoring how often a fingerprint requests a new verification session or successfully completes a journey, you can block suspicious behaviour such as rapid account creation attempts or repeat verifications from the same device.
How VX uses the fingerprint
VX administrators can create rate limits and trust policies that:
Stop a device after it exceeds the allowed number of verification attempts—successful or failed—within defined time windows.
Flag returning devices that have already been approved to prevent duplicate account creation.
Require additional checks for devices that repeatedly abandon, restart, or replay journeys in short succession.
These controls allow you to enforce fair usage rules even if an individual changes their contact information between attempts.
Device and network signals
Beyond core session limiting, VX surfaces a broad set of device and network telemetry that you can reference when writing custom rules. Commonly used indicators are summarised below.
Device fingerprint ID
Stable identifier that links sessions from the same device.
Confidence score
Likelihood that the fingerprint accurately represents a unique device.
First/last seen timestamps
When the device was first and most recently observed globally and within your subscription.
Browser & OS details
Reported browser, operating system, version, and user agent.
IP geolocation
Country, city, timezone, and accuracy radius of the originating IP.
Autonomous system & network
ASN and network owner for the IP address.
Datacenter detection
Indicates whether traffic originates from a datacenter.
VPN, proxy, or TOR usage
Flags anonymising services and provides confidence levels.
Incognito/private mode
Detects privacy-focused browsing modes.
Bot detection (BotD)
Classifies whether automated tooling is present.
Emulator, virtual machine, or rooted devices
Highlights non-standard or tampered device environments.
Tampering & anti-detect signals
Detects anomalies, anti-detect browsers, or debugging tools.
Frida & developer tools
Indicates dynamic instrumentation or developer console access.
Factory reset & cloned app checks
Surfaces recently reset or cloned mobile applications.
Raw device attributes
Technical attributes such as fonts, canvas data, audio, and hardware characteristics.
Velocity metrics
Counts of unique IPs, countries, events, and linked IDs over rolling intervals.
High activity indicator
Highlights unusually high interaction volumes for the device.
Location spoofing
Detects discrepancies between reported and derived location data.
Proximity data
Provides proximity ID and confidence for co-located devices.
IP blocklist & attack sources
Flags addresses with spam or attack history.
Implementing custom rules
Your VX implementation team will work with you during client setup to codify the rules that align with your fraud risk appetite. They can incorporate any of the above signals alongside your internal policies to deliver the right mix of automated blocks, step-up challenges, and manual reviews.
The example below illustrates the breadth of telemetry available when a user is in-session. This data stays within VX—none of the raw attributes are shared with clients. Instead, VX uses the signals internally so your team can craft granular policies that extend beyond default verification and velocity checks.
{
"linked_id": "somelinkedId",
"tags": {},
"timestamp": 1708102555327,
"event_id": "1708102555327.NLOjmg",
"url": "https://www.example.com/login?hope{this{works[!",
"ip_address": "61.127.217.15",
"user_agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) ....",
"browser_details": {
"browser_name": "Chrome",
"browser_major_version": "74",
"browser_full_version": "74.0.3729",
"os": "Windows",
"os_version": "7",
"device": "Other"
},
"identification": {
"visitor_id": "Ibk1527CUFmcnjLwIs4A9",
"confidence": {
"score": 0.97,
"version": "1.1"
},
"visitor_found": false,
"first_seen_at": 1708102555327,
"last_seen_at": 1708102555327
},
"supplementary_id_high_recall": {
"visitor_id": "3HNey93AkBW6CRbxV6xP",
"visitor_found": true,
"confidence": {
"score": 0.97,
"version": "1.1"
},
"first_seen_at": 1708102555327,
"last_seen_at": 1708102555327
},
"bot": "not_detected",
"root_apps": false,
"emulator": false,
"ip_info": {
"v4": {
"address": "94.142.239.124",
"geolocation": {
"accuracy_radius": 20,
"latitude": 50.05,
"longitude": 14.4,
"postal_code": "150 00",
"timezone": "Europe/Prague",
"city_name": "Prague",
"country_code": "CZ",
"country_name": "Czechia",
"continent_code": "EU",
"continent_name": "Europe",
"subdivisions": [
{
"iso_code": "10",
"name": "Hlavni mesto Praha"
}
]
},
"asn": "7922",
"asn_name": "COMCAST-7922",
"asn_network": "73.136.0.0/13",
"datacenter_result": true,
"datacenter_name": "DediPath"
},
"v6": {
"address": "2001:db8:3333:4444:5555:6666:7777:8888",
"geolocation": {
"accuracy_radius": 5,
"latitude": 49.982,
"longitude": 36.2566,
"postal_code": "10112",
"timezone": "Europe/Berlin",
"city_name": "Berlin",
"country_code": "DE",
"country_name": "Germany",
"continent_code": "EU",
"continent_name": "Europe",
"subdivisions": [
{
"iso_code": "BE",
"name": "Land Berlin"
}
]
},
"asn": "6805",
"asn_name": "Telefonica Germany",
"asn_network": "2a02:3100::/24",
"datacenter_result": false,
"datacenter_name": ""
}
},
"ip_blocklist": {
"email_spam": false,
"attack_source": false,
"tor_node": false
},
"proxy": true,
"proxy_confidence": "low",
"proxy_details": {
"proxy_type": "residential",
"last_seen_at": 1708102555327
},
"vpn": false,
"vpn_confidence": "high",
"vpn_origin_timezone": "Europe/Berlin",
"vpn_origin_country": "unknown",
"vpn_methods": {
"timezone_mismatch": false,
"public_vpn": false,
"auxiliary_mobile": false,
"os_mismatch": false,
"relay": false
},
"incognito": false,
"tampering": false,
"tampering_details": {
"anomaly_score": 0.1955,
"anti_detect_browser": false
},
"cloned_app": false,
"factory_reset_timestamp": 0,
"jailbroken": false,
"frida": false,
"privacy_settings": false,
"virtual_machine": false,
"location_spoofing": false,
"velocity": {
"distinct_ip": {
"5_minutes": 1,
"1_hour": 1,
"24_hours": 1
},
"distinct_country": {
"5_minutes": 1,
"1_hour": 2,
"24_hours": 2
},
"events": {
"5_minutes": 1,
"1_hour": 5,
"24_hours": 5
},
"ip_events": {
"5_minutes": 1,
"1_hour": 5,
"24_hours": 5
},
"distinct_ip_by_linked_id": {
"5_minutes": 1,
"1_hour": 5,
"24_hours": 5
},
"distinct_visitor_id_by_linked_id": {
"5_minutes": 1,
"1_hour": 5,
"24_hours": 5
}
},
"developer_tools": false,
"mitm_attack": false,
"sdk": {
"platform": "js",
"version": "3.11.10"
},
"replayed": false
}
Last updated