/
Contact usSee pricingStart building

    About Stytch Fraud and Risk

    Introduction
    Use cases
      Overview

    • Recipes

        • Invisible captcha
        Remembered device flow
        New device notifications
        Block traffic by country
        Prevent free trial abuse
    Device Fingerprinting
      Overview
      Fingerprints

    • Verdicts

        • Verdicts overview
        Allow
        Block
        Challenge
        Not Found
    Email IntelligenceComing soon
      Overview
    Getting started
      Device Fingerprinting API
      DFP Protected Auth
    Decisioning
      Decisioning overview
      Setting rules with DFP
      Overriding verdict reasons
      Intelligent Rate Limiting
    Enforcement
      Enforcement overview

    • Protected Auth

        • Overview
        Handling challenges
    Integration steps
      Go-live checklist
      Configure custom domains
      Add external metadata
      Test your integration
      Privacy and compliance considerations
    Reference
      Warning Flags (Verdict Reasons)
      Raw Signals
Get support on SlackVisit our developer forum

Contact us

Fraud and Risk Prevention

/

Guides

/

About Stytch Fraud and Risk

/

Use cases

/

Overview

Device Fingerprinting use cases and industry needs

Stytch Device Fingerprinting enhances security and user experience across consumer and B2B apps in all industries:

Block advanced programmatic attacks

Stytch Device Fingerprinting detects bot activity and returns a BLOCK verdict. Developers can check for bots before any sensitive operation:

  • Prevent costly attacks: B2B and consumer applications are both vulnerable to automated attacks, especially against your login endpoints. Bot detection may be used to guard against:

    • Credential stuffing and brute-force attacks: Defend your app against these common threats targeting password logins.
    • Phishing and account takeover (ATO) attacks: Assess high-risk logins by detecting man-in-the-middle (MITM) attacks and high-velocity logins using Stytch's bot detection and Intelligent Rate Limiting.
    • Toll fraud: Guard against SMS pumping and SIP fraud caused by bot traffic, particularly in apps using SMS login for international users.

  • Prevent account creation abuse: In product-led growth (PLG) motions and consumer applications, free sign-up flows are vulnerable to abuse. Stop giving away free credit or trials to abusers, and prevent spam and scam activity from new accounts.

    • Learn more in the Prevent free trial abuse recipe.

Use device IDs as an additional user identifier

Stytch Device Fingerprinting provides highly-unique, stable device UUIDs. Developers can improve UX by adding or removing friction based on a user's device:

  • Detect unrecognized devices or trusted devices: Add additional checks (like multi-factor authentication) when a user uses a new device for the first time, or make it easier to log in from a known device.
    • See the recipes for Remembered device flow and New device notifications for detailed guides.
  • Ban all of a user's accounts: Ensure policy violators are banned across all accounts associated with their device (fan-out banning).
  • Prevent seat sharing or enforce paywalls: Prevent unauthorized account-sharing by limiting the number of devices per account. Inversely, prevent paywall evasion by limiting the number of accounts per device.

Block advanced programmatic attacks

Use device IDs as an additional user identifier