Device ID fingerprinting: what changes when signals keep moving?

TL;DR: Static device fingerprinting creates division and collision problems as browsers update, privacy tools randomise signals, and shared environments make different devices look identical, according to Arkose Labs. Device identity for fraud control now has to treat change as a signal, not just noise, because persistent reputation is only useful when the underlying identity is stable.

NHIMG editorial — based on content published by Arkose Labs: Device ID Fingerprinting Is Broken. Here’s How We Fixed It

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.

Questions worth separating out

Q: How should security teams handle device identity when fingerprints change over time?

A: Security teams should treat device identity as a continuity problem, not a one-time match.

Q: Why do static device fingerprints create false positives and false negatives?

A: Static fingerprints create false negatives when one device fragments into many IDs after signal changes, because historical risk no longer follows the same entity.

Q: What do fraud teams get wrong about device collision and division?

A: Teams often treat collision and division as tuning issues, but they are structural limits of snapshot-based identity.

Practitioner guidance

• Inventory where static fingerprints feed risk decisions Trace every fraud, step-up, and reputation workflow that depends on a single device hash, then mark where exact-match logic can fragment histories or merge unrelated users.
• Segment shared-infrastructure environments from unique-device workflows Separate corporate networks, campus networks, shared VDI, and common hardware pools from higher-confidence device contexts so collision-prone traffic does not contaminate the same reputation logic.
• Preserve device history across signal drift Keep a continuous record of past associations, prior risk decisions, and known behaviour so browser updates or network changes do not erase identity continuity.

What's in the full article

Arkose Labs' full blog post covers the operational detail this post intentionally leaves for the source:

• How Arkose Labs describes its stateless and stateful identification workflow for device continuity.
• The specific collision and division patterns the vendor says it observed across production traffic.
• The practical impact on fraud friction, false positives, and historical device reputation handling.
• How the vendor frames adversarial homogenization in the context of device identity evasion.

👉 Read Arkose Labs' analysis of why device fingerprinting breaks →

Device ID fingerprinting: what changes when signals keep moving?

Explore further

View Full Forum →  |  NHI Foundation Course →