Device Fingerprint

Device Fingerprint

Device Fingerprint

What is?

Fraudsters typically run their fraudulent transactions from the same computer system but try to mask certain aspects of the order such as the IP address of the computer, what country they're in, etc.  The device fingerprint attempts to use aspects of the computer that don't typically change such as the operating system, browser, etc., and creates a unique “fingerprint” based on that information.  Despite what the fraudster changes on the surface of the system, the fingerprint remains the same, and identifies the computer that the orders originate from.

ThreatMetrix, our partner for device fingerprinting, uses “deep packet tracing” which uses information in the packets to detect risky device behavior like botnet activity, firewall scanning, spamming, etc., to trace the packets back to the originating system.  This means that even if a fraudster takes control of someone else's computer remotely (known as creating a zombie machine) and puts an order through, we can get information about the fraudster's system and use that to detect the fraudulent activity. If the fraudster moves to a different zombie machine, Decision Manager will still be able to identify the fraudulent activity by evaluating the true IP through its device fingerprint. (Source, cybersource )
How to generate Device Fingerprint?
x_login = Business ID, generated and given by QpayPro to the customer.

To successfully implement Device Fingerprinting, an invisible 1-pixel image file and two scripts need to be placed in the <body> tag your checkout page (the page prior to directing the customer to Secure Acceptance) at the top of the main body. This ensures a 3-5 second window in which the code segments can complete the data collection necessary to create a fingerprint for the device making the order.

Below are the code segments for implementing Device Fingerprinting:

PNG Image

<p style="background:url(<org ID>&amp;session_id=<x_login><session ID>&amp;m=1)"></p> <img src="<org ID>&amp;session_ id=<x_login><session ID>&amp;m=2" alt="">

Flash Code

<object type="application/x-shockwave-flash" data=" fp.swf?org_id=<org ID>&amp;session_id=<x_login><session ID>" width="1" height="1" id="thm_fp"> <param name="movie" value="<org ID>&amp;session_id=<x_login><session ID>" /> <div></div> </object>

JavaScript Code

<script src="<org ID>&amp;session_ id=<x_login><session ID>" type="text/javascript"> </script>

The following attributes need to be placed within the italic bold sections of the above code segments:

  • Domain:
    • Testing – Use, which is the DNS name of the fingerprint server as shown in the sample HTML tags above.
    • Production – Change the domain name to a local URL, and configure your Web server to redirect the URL to
    • <org ID>:


      Test Ord ID:




      Live Ord ID:




<x_login>: Merchants unique CyberSource merchant ID

< Session ID>:  is a string variable (letters and numbers only) that must be unique for each merchant ID. Merchants can use any string that they are already generating, such as an order number or Web session ID. However, do not use the same uppercase and lowercase letters to indicate different session IDs.


Sample of how generate the fingerprint code in PHP:

$testMode = true;
$sessionID = uniqid(); //this value must be passed to the device_fingerprint_id variable of qpaypro
$orgID = $testMode ? '1snn5n9w' : 'k8vif92e';
$mechantID = 'visanetgt_qpay'; //this is just an example from sandbox environment

<script src="<?php echo $orgID ?>&amp;session_id=<?php echo $mechantID?><?php echo $sessionID ?>" type="application/javascript"></script>

<iframe style="width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"
src="<?php echo $orgID ?>&amp;session_id=<?php echo $mechantID?><?php echo $sessionID ?>" >


Then you have to associate the $sessionID to the device_fingerprint_id variable to send to the API of QPayPro.



    • Related Articles

    • Manual de integración de pago QPayPro via API V1.0

      Integración QPayPro QPayPro es un servicio de cobro en línea para Latinoamérica. Este documento detalla la información específicamente para la integración de pago en línea de cualquier sistema con QPayPro Para más detalles y ejemplos sobre cómo ...
    • QPayPro Payment API V1.0 reference (English)

      QPayPro Integration QpayPro is a Payment Integration service for Latin America. This document explain how to integrate the payment service between you application and QpayPro.   For more details and examples on how to make a payment via API refer to ...