Comprehensive fraud protection begins with your customers’ pre-purchase behaviour. Ravelin utilises signals from their device, current browsing session and activity during the checkout process to help differentiate bad actors from legitimate customers, as well as potentially identifying cases of potential account take-over or scripted attacks against your platform.

To aide us in the acquisition of this data, Ravelin provides a series of client-side libraries and SDKs:


  • fingerprint.js - Device fingerprinting, identification and session-tracking library
  • ravelin.js - Client-side card encryption library. Also contains all of the functionality of fingerprint.js

Mobile SDKs

  • Android SDK - Currently in beta, and contains all of the functionality of ravelin.js.
  • iOS SDK - Currently in beta, and contains all of the functionality of ravelin.js.

The data acquired from these libraries is critical to our ability to provide informed decisions: the integration of one, or all (where applicable) of these libraries is integral to a successful integration.

Device ID

A primary aim of all of these libraries is the generation of a unique device identifier, referred to in Ravelin as the DeviceID. These DeviceIDs persist between user sessions, allowing us to track when a single device is used to access one or more customer accounts on your platform. This value is used to populate our graph networks with connections between customers who are identified as having shared the same device. DeviceID reliability is paramount: an incorrectly assigned DeviceID results in unrelated customers becoming connected in the network.

For this reason, Ravelin insists you use one of our available libraries for generation of DeviceIDs.

If for whatever reason, you are unable to integrate one of our libraries to fulfill this purpose, we do not recommend generating and submitting to Ravelin your own DeviceID.

Device Fingerprinting

In addition to providing a DeviceID, our libraries also generate a unique fingerprint for each device your customers use. A fingerprint is the combination of a wide range of device characters, where the combination of these data points can be used to accurately identify a particular device with a high degree of accuracy. We also use the data gathered during fingerprinting to inform us of suspicious behaviour fraudsters regularly employ to try and circumvent conventional fraud prevention systems.

Our libraries acquire this fingerprint, and then submit the information gathered directly to Ravelin for analysis.

Session Tracking

Ravelin refers to the activities of your customers while using your service as sessions. There are several suspicious actions a fraudster is likely to perform during these sessions that our libraries can help identify and track.

Our libraries track these suspicious actions and directly notify our servers on their occurrence, as well as provide the ability for you to track and submit events custom to your platform.

Client-Side Card Encryption

For merchants who wish to maintain their PCI compliance at SAQ-A or SAQ-AEP, and therefore do not wish to handle full PANs on their servers, our Ravelin SDKs offer client-side encryption functionality for securely submitting credit card information from your site/app to our servers without expanding your PCI scope.

Without use of client-side encryption, SAQ-A and SAQ-AEP merchants may struggle to provide accurate and detailed card information to Ravelin pre-authorisation.