Fingerprint, a device intelligence API, helps developers build security solutions using information from hardware accessing a website. The primary goal is to help prevent fraud.
Today, the Chicago-based company announced a $33 million Series C investment led by Nexus Venture Partners with participation from Uncorrelated Ventures.
Dan Pinto, the company’s co-founder and CEO, says what his startup does really well is identify devices on the internet, whether through a browser like Chrome, Safari or Firefox, or through a mobile operating system via a native app on your phone. He argues that the methods of tracking devices like cookies and IP addresses don’t really work anymore with changes in browser technology, especially with the ability to hide who you are using a VPN.
“Fundamentally being anonymous on the internet means that you can do bad things,” Pinto told TechCrunch.
“We provide our [fingerprinting] service to high-scale businesses in order to uniquely identify devices and prevent things like people logging into other people’s accounts they’re not supposed to, using stolen credit cards across multiple fake accounts and things like that.”
They do this via an API, enabling developers to link to their service to help prevent fraud on their websites. He says they look for things like what fonts are installed on the device, the screen resolution… all the way to really deep technical things like how the device completes an SSL handshake with the server. The company’s technology is based on an open source library called Fingerprint.js, created by co-founder and CTO Valentin Vasilyev.
Pinto met Vasilyev at his previous startup, Machinio, when he hired him as one of the company’s first software engineers. By that time, Vasilyev had already created the open source Fingerprint.js project and it was gaining in popularity. About a year after Machinio was sold in 2018, he left to find a way to build on the success of the open source project. Pinto soon joined him and Fingerprint was born.
While the company still technically supports the open source libraries, Pinto says they offer a less robust experience. “So the technology we use to identify people in the open source version has been in the open too long, and bad actors have figured out ways to get around it,” he said. “Whereas the technologies that we use in the pro version, we’re able to keep more private because it’s not open source, and they work significantly better,” he said.
There are some tricky privacy implications with a solution like this, especially in Europe with GDPR regulations, but Pinto says that the company doesn’t actually collect personal information. “The way that we get around that is that fundamentally, we still don’t know who the person is. We only know the devices, and it’s an anonymous identifier even from our side. So all you’re doing when you receive our identifier is comparing multiple anonymous identifiers to find patterns, and then blocking anonymous identifiers [if needed],” he explained.
While some customers want to go that extra step to identify the user, he says his company is not providing the means to do that. “If you associate the identifier with an email address, then the next time the anonymous identifier comes back, you can know who it is, but we don’t know who it is necessarily, and we designed our system in that way to avoid [coming up against the privacy laws],” he said.
He adds while it’s theoretically possible for companies to use the technology for marketing and advertising purposes, the pricing discourages that.
The company has grown to 100 employees and 6,000 customers, including TD Ameritrade, Western Union and US Bank.