Overview

Comprehensive fraud protection begins with your customers’ pre-purchase behaviour. Ravelin utilises signals from their device, current browsing session and activity during the checkout process to help differentiate bad actors from legitimate customers, as well as potentially identifying cases of potential account take-over or scripted attacks against your platform.

To aide us in the acquisition of this data, Ravelin provides a series of client-side libraries and SDKs:

Javascript

  • fingerprint.js - Device fingerprinting, identification and session-tracking library
  • ravelin.js - Client-side card encryption library. Also contains all of the functionality of fingerprint.js

Mobile SDKs

  • Android SDK - Coming soon
  • iOS SDK - Coming soon

The data acquired from these libraries is critical to our ability to provide informed decisions: the integration of one, or all (where applicable) of these libraries is integral to a successful integration.

Device ID

A primary aim of all of these libraries is the generation of a unique device identifier, referred to in Ravelin as the DeviceID. These DeviceIDs persist between user sessions, allowing us to track when a single device is used to access one or more customer accounts on your platform. This value is used to populate our graph networks with connections between customers who are identified as having shared the same device. DeviceID reliability is paramount: an incorrectly assigned DeviceID results in unrelated customers becoming connected in the network.

For this reason, Ravelin insists you use one of our available libraries for generation of DeviceIDs.

If for whatever reason, you are unable to integrate one of our libraries to fulfill this purpose, we do not recommend generating and submitting to Ravelin your own DeviceID.

Device Fingerprinting

In addition to providing a DeviceID, our libraries also generate a unique fingerprint for each device your customers use. A fingerprint is the combination of a wide range of device characters, where the combination of these data points can be used to accurately identify a particular device with a high degree of accuracy. We also use the data gathered during fingerprinting to inform us of suspicious behaviour fraudsters regularly employ to try and circumvent conventional fraud prevention systems.

Our libraries acquire this fingerprint, and then submit the information gathered directly to Ravelin for analysis.

Session Tracking

Ravelin refers to the activities of your customers while using your service as sessions. There are several suspicious actions a fraudster is likely to perform during these sessions that our libraries can help identify and track.

Our libraries track these suspicious actions and directly notify our servers on their occurrence, as well as provide the ability for you to track and submit events custom to your platform.

Client-Side Card Encryption

For merchants who are not PCI compliant, Ravelin offers a client-side encryption library called ravelinjs for securely submitting credit card information from your site/app to our servers without bringing your infrastructure within PCI scope.

Without using this library, non PCI compliant merchants may struggle to provide accurate and detailed card information to Ravelin pre-authorisation.

For information on integrating ravelinjs please refer to our Client-side Card Encryption guide.