Implementing Advanced Fraud Detection with Browser Fingerprinting and Proxy Detection in .NET Core Applications.

---

Fraud detection is an increasingly important aspect of digital platforms, especially those handling user-generated content, financial transactions, or surveys. Detecting and preventing fraudulent activities often requires identifying users beyond traditional methods like IP addresses or cookies. In this blog, we’ll explore how to implement browser fingerprinting and VPN/Proxy detection using .NET Core and Javascript.

1. Introduction

Fraudulent activities like bot attacks, fake user accounts, and masked IPs via VPNs or proxies are a growing threat to online platforms. Traditional tracking methods like cookies and IP addresses are no longer enough to combat sophisticated attackers.

To address this challenge, browser fingerprinting and proxy detection offer a powerful solution. Browser fingerprinting collects unique attributes of a user’s device and browser, helping to identify bots and prevent fraudulent account creation. Proxy detection identifies users masking their IPs, crucial for stopping activities like account takeovers and fraudulent transactions.

By combining these techniques, businesses can enhance their fraud prevention strategy, safeguard sensitive data, and protect their brand reputation.

2. Understanding Browser Fingerprinting

Browser fingerprinting is a method of uniquely identifying a user's browser by collecting details like:

• User-Agent string
• Installed plugins
• Screen resolution
• Browser settings

Why Use Browser Fingerprinting?

Pros:

• Difficult to spoof or bypass compared to cookies.
• Useful for identifying repeat users without relying on IP addresses.

Cons:

• Privacy concerns; ensure compliance with GDPR or CCPA.
• Some fingerprints may change due to browser updates or extensions.

Using libraries like ClientJS and FingerprintJS, we can gather these details to create a unique identifier for each user.

Why Use Both ClientJS and FingerprintJS?

• ClientJS: Quick and lightweight for basic attribute collection (like user-agent, OS, etc.).
• FingerprintJS: Provides a more in-depth analysis, combining multiple attributes for higher accuracy and resilience against spoofing or emulated environments.

By combining both, we improve fraud detection accuracy while maintaining performance.

3. Combining ClientJS and FingerprintJS for Browser Fingerprinting

3.1 Integration of ClientJS

ClientJS is used to gather basic browser data like the user-agent, screen resolution, and operating system.

Here’s how to integrate ClientJS into your web page:

    
    <script src="https://cdnjs.cloudflare.com/ajax/libs/clientjs/0.1.11/client.min.js"></script>
    <script>
    const client = new ClientJS();
    const clientData = {
        userAgent: client.getUserAgent(),
        browser: client.getBrowser(),
        os: client.getOS(),
        screenPrint: client.getScreenPrint(),
        fingerprint: client.getFingerprint() // Basic fingerprint
    };
    console.log("ClientJS Data:", clientData);
    </script>
    

3.2 Integration of FingerprintJS

FingerprintJS provides more detailed data, including a unique visitor ID that combines numerous attributes.

    
    <script src="https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js"></script>
    <script>
    (async () => {
        const fp = await FingerprintJS.load();
        const result = await fp.get();
        const fingerprintJSData = {
            visitorId: result.visitorId, // Unique fingerprint
            components: result.components // Detailed breakdown
        };
        console.log("FingerprintJS Data:", fingerprintJSData);
    
        // Send combined data to the server
        fetch('/api/fingerprint', {
            method: 'POST',
            headers: { 'Content-Type': 'application/json' },
            body: JSON.stringify({ clientData, fingerprintJSData })
        });
    })();
    </script>
    

3.3 Combining the Results

Once the data from ClientJS and FingerprintJS is collected, it can be sent to the server to generate a composite identifier.

Backend API to Handle Fingerprint Data

Here’s how you can handle the combined fingerprint data in a .NET Core API:

    
    [ApiController]
    [Route("api/fingerprint")]
    public class FingerprintController : ControllerBase
    {
        [HttpPost]
        public IActionResult SaveFingerprint([FromBody] CombinedFingerprintData data)
        {
            // Combine and store fingerprints from ClientJS and FingerprintJS
            // Save to database for analysis
            return Ok(new { Message = "Fingerprint data received successfully." });
        }
    }
    
    public class CombinedFingerprintData
    {
        public Dictionary<string, object> ClientData { get; set; }
        public Dictionary<string, object> FingerprintJSData { get; set; }
    }
    

4. VPN/Proxy Detection in .NET Core

VPNs and proxies are commonly used for legitimate purposes, such as enhancing privacy or accessing geo-restricted content. However, they are also exploited by fraudsters to mask their true locations, circumvent bans, or create fake accounts. Detecting users who rely on VPNs or proxies is crucial in fraud prevention for several reasons:

• Preventing Location-Based Fraud: Many platforms rely on geolocation for providing localized services or compliance with regional laws. VPNs can fake locations, leading to policy violations or revenue loss.
• Blocking Repeat Offenders: Fraudsters often use proxies to bypass bans. Detecting proxy usage helps identify repeat offenders attempting to reaccess a platform.
• Enhancing Data Quality: In scenarios like surveys or research, proxies may indicate respondents who aren't genuine participants, degrading data quality.
• Mitigating Bot Traffic: Bots often use proxies to mask their origins. Identifying and blocking them reduces automated attacks, spam, or fake interactions.

Given these challenges, integrating VPN/Proxy detection into your system ensures better security and data integrity.

Step 1: Setting Up IP2Proxy

Install the IP2Proxy package and download the proxy database:

    
    dotnet add package IP2Proxy
    

Step 2: Proxy Detection Service

Create a service to analyze IP addresses:

    
    using IP2Proxy;
    
    public class ProxyDetectionService
    {
        private readonly string _dbPath;
    
        public ProxyDetectionService(string dbPath)
        {
            _dbPath = dbPath;
        }
    
        public bool IsProxy(string ipAddress)
        {
            using (var proxy = new PXDatabase())
            {
                proxy.Open(_dbPath);
                var result = proxy.GetAll(ipAddress);
                return result.IsProxy == 1; // 1 indicates a proxy
            }
        }
    }
    

Step 3: API Endpoint for Proxy Check

Expose an endpoint to check if an IP address is a proxy:

    
    [ApiController]
    [Route("api/proxy-check")]
    public class ProxyCheckController : ControllerBase
    {
        private readonly ProxyDetectionService _proxyService;
    
        public ProxyCheckController()
        {
            _proxyService = new ProxyDetectionService("path/to/IP2PROXY.BIN");
        }
    
        [HttpGet("{ipAddress}")]
        public IActionResult CheckProxy(string ipAddress)
        {
            var isProxy = _proxyService.IsProxy(ipAddress);
            return Ok(new { IpAddress = ipAddress, IsProxy = isProxy });
        }
    }
    

5. Combining Techniques for Robust Detection

By combining browser fingerprinting and proxy detection, you create a multi-layered fraud detection strategy that is more effective at identifying and blocking malicious users. Each technique brings its strengths to the table, and when used together, they significantly improve security.

How the Combined Approach Works:

• Identify Repeat Offenders: Fingerprinting allows you to track users even if they change their IP addresses or clear cookies. A unique fingerprint tied to a user can help identify them across different sessions, devices, or browsers. By leveraging FingerprintJS’s unique visitor IDs alongside ClientJS data, businesses can efficiently detect repeated fraud attempts and behavior anomalies.
• Detect Masked Users: Proxy detection works by identifying users who try to hide their real IP addresses through VPNs or proxies. Fraudsters often use these techniques to bypass security measures and conceal their location. By integrating ClientJS and FingerprintJS with IP2Proxy, you gain a dual defense: fingerprinting to track users across sessions and proxy detection to detect users trying to mask their identity.
• Prevent Fraudulent Activity: The combination of browser fingerprinting and proxy detection offers a more comprehensive view of the user. If a user consistently presents the same fingerprint but hides behind a proxy, you can flag the behavior as suspicious. Conversely, if a fingerprint is new, but the user’s IP is flagged as a proxy, it could indicate fraudulent intent, such as a bot trying to bypass a CAPTCHA or fraudulent account creation attempt.

By combining these technologies, businesses can prevent various forms of fraud, including account takeovers, payment fraud, and bots attempting to manipulate user accounts. The accuracy and resilience of the detection system are much higher than using any single technique alone.

6. Real-World Applications

The combination of fingerprinting and proxy detection has wide-ranging applications across various industries. Here’s how it can be leveraged in real-world scenarios:

Survey Platforms

In survey platforms, bots and low-quality submissions are a significant issue. Fraudulent users often use fake accounts or automated bots to flood platforms with low-value responses. By using browser fingerprinting, you can track repeat offenders across multiple sessions. If an unusual number of submissions come from a single fingerprint, or if the submission is coming from a proxy or VPN, it can be flagged for review. This ensures the integrity of survey data and helps businesses gather accurate feedback.

• E-commerce Sites: For e-commerce businesses, fraudulent transactions are a constant threat. Fraudsters may attempt to bypass geographical restrictions, create fake accounts for discounts, or use stolen payment methods. By detecting masked IPs with proxy detection and verifying the fingerprints of suspicious accounts, businesses can prevent fraudulent purchases and accounts. When the system identifies unusual behavior tied to a specific fingerprint or masked IP, it can trigger additional authentication steps or block the transaction entirely.

• Subscription Services: In subscription-based models (e.g., streaming services or digital platforms), fraudsters often exploit free trial periods and create multiple accounts to bypass subscription fees. Proxy detection helps identify users hiding behind VPNs or proxies to avoid geo-blocking, while browser fingerprinting can track users who are trying to create multiple fake accounts. Combining these tools allows businesses to enforce stricter anti-fraud measures, such as preventing the same user from accessing services multiple times using different identities.

• Online Gaming and Betting Platforms: Fraud is prevalent in online gaming, where players might use bots to manipulate games or create multiple fake accounts to claim bonuses. Fingerprinting can be used to link accounts and detect unusual patterns of behavior, such as rapid creation of new accounts from the same fingerprint. Proxy detection ensures that players aren’t hiding their locations to exploit geo-specific rules. Together, these techniques help ensure fair play and maintain the integrity of the platform.

7. Best Practices for Fraud Detection Systems

• Ensure Privacy Compliance: Always inform users about data collection practices and ensure your approach complies with privacy regulations like GDPR and CCPA. This builds trust and avoids legal issues.
• Optimize Performance: Implement fraud detection checks without impacting the user experience. Focus on lightweight data collection methods and avoid unnecessary checks that can slow down the platform.
• Regular Updates: Fraud tactics evolve quickly. Regularly update your fingerprinting and proxy detection strategies to stay ahead of attackers who may adapt their techniques.
• User-Friendly Experience: Make sure that legitimate users aren’t overly affected by fraud detection mechanisms. Strive for a balance between security and a seamless user experience, using techniques like risk-based authentication to minimize friction.

Conclusion

Combining browser fingerprinting with proxy detection creates a powerful defense against advanced fraud. These techniques offer a more accurate and comprehensive approach than traditional methods, helping businesses block malicious users and prevent fraudulent activities effectively.

By integrating these tools into your .NET Core application, you can safeguard your platform, enhance user security, and protect your brand's reputation from fraud. Stay proactive with regular updates and a user-friendly experience, and your fraud detection system will remain a strong line of defense.

Looking to implement these strategies in your applications? With Bluetick, start building a fraud-resistant system today!

Back To Blogs

---