Comprehensive fraud protection begins with your customers’ pre-purchase behaviour.

Ravelin utilises signals from their device, current browsing session and activity during the checkout process to help differentiate bad actors from legitimate customers.

This allows Ravelin to potentially identify cases of account takeover and scripted attacks against your platform.

To aid us in the acquisition of this data, Ravelin provides a series of client-side libraries and SDKs:


ravelinjs is a JavaScript library for the browser to augment your integration with:

  • an identifier for the customer’s browser to be attached to an order (core);
  • simple page events like loading, pasting and resizing (track); and
  • cardholder data encrypted for transmission through your server (encrypt).

Mobile SDKs

  • Android SDK - Device fingerprinting, identification, tracking session activity and client-side card encryption.
  • iOS SDK - Device fingerprinting, identification, tracking session activity and client-side card encryption.

The data acquired from these libraries is critical to our ability to provide informed decisions: the integration of one, or all (where applicable) of these libraries is integral to a successful integration.

Device ID

A primary aim of all of these libraries is the generation of a unique device identifier, referred to in Ravelin as the DeviceID. These DeviceIDs persist between user sessions, allowing us to track when a single device is used to access one or more customer accounts on your platform. This value is used to populate our graph networks with connections between customers who are identified as having shared the same device. DeviceID reliability is paramount: an incorrectly assigned DeviceID results in unrelated customers becoming connected in the network.

For this reason, Ravelin insists you use one of our available libraries for generation of DeviceIDs.

If for whatever reason, you are unable to integrate one of our libraries to fulfill this purpose, we do not recommend generating and submitting to Ravelin your own DeviceID.

Session Tracking

Ravelin refers to the activities of your customers while using your service as sessions. There are several suspicious actions a fraudster is likely to perform during these sessions that our libraries can help identify and track.

Our libraries track these suspicious actions and directly notify our servers on their occurrence, as well as provide the ability for you to track and submit events custom to your platform.

Client-Side Card Encryption

For merchants who wish to maintain their PCI compliance at SAQ-A or SAQ-AEP, and therefore do not wish to handle full PANs on their servers, our Ravelin SDKs offer client-side encryption functionality for securely submitting credit card information from your site/app to our servers without expanding your PCI scope.

Without use of client-side encryption, SAQ-A and SAQ-AEP merchants may struggle to provide accurate and detailed card information to Ravelin pre-authorisation.