CyberSource Device Fingerprint Support in SCA Vinson
In this post, we’ll look at some of the latese security features introduced by NetSuite in the latest version of SuiteCommerce Advanced titled Vinson. The biggest addition in this area is support for CyberSource’s Device Fingerprinting functionality.
What is Device Fingerprinting?
For those unfamiliar with the concept, a device or machine fingerprint (as it is sometimes called) or browser fingerprint, is the information collected about a remote computing device for the purpose of identification. These digital fingerprints can be used to fully or partially identify individual users or devices, even when cookies are turned off.
So while a number of different users may own the same device, each one will be configured slightly differently i.e. “personalized” according to the user’s individual preferences and requirements. The data about these configuration changes can be aggregated to create a recognizable “device fingerprint.”
The information that is typically used to create a device fingerprint includes:
- Browser version
- Operating system
- Items installed (plugins, fonts, etc.)
- Location & time zone settings
Why use Device Fingerprinting?
With mobile access to the internet having surpassed the traditional computer based access and with the exponential rise in ecommerce and online financial transactions, more and more people are using multiple devices to access information and make purchases online. This makes it more difficult for brands to connect personally with their target audiences because if you can’t identify the user using the device, you cannot target them with the relevant ads or content.
This problem has become worse with the recent changes in online privacy policies concerning the use of cookies, which were thus far, the default method for user & device identification online.
How Device FingerPrinting Works
Device fingerprinting uses aspects of the computer that don’t typically change such as the operating system, browser, etc. and creates a unique “fingerprint” based on that information. So even if someone masks their IP and the country they are placing orders from (which is typically the case with scammers), the device’s digital fingerprint remains the same, and can be used to identify the computer that the orders originated from.
Device FingerPrinting in SuiteCommerce Advanced Vinson
SuiteCommerce Advanced’s latest release ‘Vinson’ supports device fingerprinting for online orders as part of the advanced fraud management features available within the CyberSource Decision Manager. The device fingerprinting feature collects information about the computer used to place an order through your SuiteCommerce Advanced web store to determine whether the device is trustworthy.
This data is gathered at checkout and is analyzed by the Decision Manager in real-time. Then, based on the rules you have defined in the Decision Manager, the order can either be accepted, rejected, or placed on payment hold status, pending a review by the store admin, as part of the order management process in NetSuite.
Before you can use device fingerprinting in your SuiteCommerce Advanced web store, you must make sure that the following prerequisites have been met.
- You must be using the CyberSource Decision Manager to authorize credit card transactions on your web store. If so, you just need to check the Enable Device Fingerprinting box in your CyberSource gateway profile. For more details on how to do that, hit the link below.
Using CyberSource Decision Manager for Fraud Management.
- You have enabled the Require Authorization for Credit Card Transactions checkbox for the desired web store in the ‘Shopping’ tab of the web site setup record at Setup > SuiteCommerce Advanced > Set Up Web Site.
Once these prerequisites have been met and device fingerprinting is successfully enabled in your SuiteCommerce Advanced web store, then whenever someone places an order on your site and opens the final ‘submit’ page during checkout on the web store, all the relevant information about their device along with a unique session ID will be sent to the device fingerprinting server.
Steps to Implement Device FingerPrinting in Prior to Vinson Release
Even if you are using an older release of SuiteCommerce Advanced (prior to Vinson), you can still customize your SuiteCommerce Advanced web store implementation to support device fingerprinting.
To do so, just add the following code snippet before the closing </body> tag of the checkout.ssp file at /[email protected]/SuiteScript/checkout.ssp.
Hope you found this post useful.