Device fingerprinting and user tracking

VX uses device fingerprinting to link sessions back to the same device, even when a person rotates emails, phone numbers, or other personally identifiable information. By monitoring how often a fingerprint requests a new verification session or successfully completes a journey, you can block suspicious behaviour such as rapid account creation attempts or repeat verifications from the same device.

How VX uses the fingerprint

VX administrators can create rate limits and trust policies that:

  • Stop a device after it exceeds the allowed number of verification attempts—successful or failed—within defined time windows.

  • Flag returning devices that have already been approved to prevent duplicate account creation.

  • Require additional checks for devices that repeatedly abandon, restart, or replay journeys in short succession.

These controls allow you to enforce fair usage rules even if an individual changes their contact information between attempts.

Device and network signals

Beyond core session limiting, VX surfaces a broad set of device and network telemetry that you can reference when writing custom rules. Commonly used indicators are summarised below.

Signal
What it tells you

Device fingerprint ID

Stable identifier that links sessions from the same device.

Confidence score

Likelihood that the fingerprint accurately represents a unique device.

First/last seen timestamps

When the device was first and most recently observed globally and within your subscription.

Browser & OS details

Reported browser, operating system, version, and user agent.

IP geolocation

Country, city, timezone, and accuracy radius of the originating IP.

Autonomous system & network

ASN and network owner for the IP address.

Datacenter detection

Indicates whether traffic originates from a datacenter.

VPN, proxy, or TOR usage

Flags anonymising services and provides confidence levels.

Incognito/private mode

Detects privacy-focused browsing modes.

Bot detection (BotD)

Classifies whether automated tooling is present.

Emulator, virtual machine, or rooted devices

Highlights non-standard or tampered device environments.

Tampering & anti-detect signals

Detects anomalies, anti-detect browsers, or debugging tools.

Frida & developer tools

Indicates dynamic instrumentation or developer console access.

Factory reset & cloned app checks

Surfaces recently reset or cloned mobile applications.

Raw device attributes

Technical attributes such as fonts, canvas data, audio, and hardware characteristics.

Velocity metrics

Counts of unique IPs, countries, events, and linked IDs over rolling intervals.

High activity indicator

Highlights unusually high interaction volumes for the device.

Location spoofing

Detects discrepancies between reported and derived location data.

Proximity data

Provides proximity ID and confidence for co-located devices.

IP blocklist & attack sources

Flags addresses with spam or attack history.

Implementing custom rules

Your VX implementation team will work with you during client setup to codify the rules that align with your fraud risk appetite. They can incorporate any of the above signals alongside your internal policies to deliver the right mix of automated blocks, step-up challenges, and manual reviews.

The example below illustrates the breadth of telemetry available when a user is in-session. This data stays within VX—none of the raw attributes are shared with clients. Instead, VX uses the signals internally so your team can craft granular policies that extend beyond default verification and velocity checks.

{
  "linked_id": "somelinkedId",
  "tags": {},
  "timestamp": 1708102555327,
  "event_id": "1708102555327.NLOjmg",
  "url": "https://www.example.com/login?hope{this{works[!",
  "ip_address": "61.127.217.15",
  "user_agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) ....",
  "browser_details": {
    "browser_name": "Chrome",
    "browser_major_version": "74",
    "browser_full_version": "74.0.3729",
    "os": "Windows",
    "os_version": "7",
    "device": "Other"
  },
  "identification": {
    "visitor_id": "Ibk1527CUFmcnjLwIs4A9",
    "confidence": {
      "score": 0.97,
      "version": "1.1"
    },
    "visitor_found": false,
    "first_seen_at": 1708102555327,
    "last_seen_at": 1708102555327
  },
  "supplementary_id_high_recall": {
    "visitor_id": "3HNey93AkBW6CRbxV6xP",
    "visitor_found": true,
    "confidence": {
      "score": 0.97,
      "version": "1.1"
    },
    "first_seen_at": 1708102555327,
    "last_seen_at": 1708102555327
  },
  "bot": "not_detected",
  "root_apps": false,
  "emulator": false,
  "ip_info": {
    "v4": {
      "address": "94.142.239.124",
      "geolocation": {
        "accuracy_radius": 20,
        "latitude": 50.05,
        "longitude": 14.4,
        "postal_code": "150 00",
        "timezone": "Europe/Prague",
        "city_name": "Prague",
        "country_code": "CZ",
        "country_name": "Czechia",
        "continent_code": "EU",
        "continent_name": "Europe",
        "subdivisions": [
          {
            "iso_code": "10",
            "name": "Hlavni mesto Praha"
          }
        ]
      },
      "asn": "7922",
      "asn_name": "COMCAST-7922",
      "asn_network": "73.136.0.0/13",
      "datacenter_result": true,
      "datacenter_name": "DediPath"
    },
    "v6": {
      "address": "2001:db8:3333:4444:5555:6666:7777:8888",
      "geolocation": {
        "accuracy_radius": 5,
        "latitude": 49.982,
        "longitude": 36.2566,
        "postal_code": "10112",
        "timezone": "Europe/Berlin",
        "city_name": "Berlin",
        "country_code": "DE",
        "country_name": "Germany",
        "continent_code": "EU",
        "continent_name": "Europe",
        "subdivisions": [
          {
            "iso_code": "BE",
            "name": "Land Berlin"
          }
        ]
      },
      "asn": "6805",
      "asn_name": "Telefonica Germany",
      "asn_network": "2a02:3100::/24",
      "datacenter_result": false,
      "datacenter_name": ""
    }
  },
  "ip_blocklist": {
    "email_spam": false,
    "attack_source": false,
    "tor_node": false
  },
  "proxy": true,
  "proxy_confidence": "low",
  "proxy_details": {
    "proxy_type": "residential",
    "last_seen_at": 1708102555327
  },
  "vpn": false,
  "vpn_confidence": "high",
  "vpn_origin_timezone": "Europe/Berlin",
  "vpn_origin_country": "unknown",
  "vpn_methods": {
    "timezone_mismatch": false,
    "public_vpn": false,
    "auxiliary_mobile": false,
    "os_mismatch": false,
    "relay": false
  },
  "incognito": false,
  "tampering": false,
  "tampering_details": {
    "anomaly_score": 0.1955,
    "anti_detect_browser": false
  },
  "cloned_app": false,
  "factory_reset_timestamp": 0,
  "jailbroken": false,
  "frida": false,
  "privacy_settings": false,
  "virtual_machine": false,
  "location_spoofing": false,
  "velocity": {
    "distinct_ip": {
      "5_minutes": 1,
      "1_hour": 1,
      "24_hours": 1
    },
    "distinct_country": {
      "5_minutes": 1,
      "1_hour": 2,
      "24_hours": 2
    },
    "events": {
      "5_minutes": 1,
      "1_hour": 5,
      "24_hours": 5
    },
    "ip_events": {
      "5_minutes": 1,
      "1_hour": 5,
      "24_hours": 5
    },
    "distinct_ip_by_linked_id": {
      "5_minutes": 1,
      "1_hour": 5,
      "24_hours": 5
    },
    "distinct_visitor_id_by_linked_id": {
      "5_minutes": 1,
      "1_hour": 5,
      "24_hours": 5
    }
  },
  "developer_tools": false,
  "mitm_attack": false,
  "sdk": {
    "platform": "js",
    "version": "3.11.10"
  },
  "replayed": false
}
PreviousStylesNextiFrame Integration

Last updated