> ## Documentation Index
> Fetch the complete documentation index at: https://primer.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Fingerprinting

## What is fingerprinting?

Fingerprinting is the process of generating an identifier for a specific payment method, without revealing any sensitive information. Contrary to payment method tokens, fingerprints cannot be used to make payments, which makes them a secure representation of payment method details.

Fingerprints are extremely valuable to:

* Check whether a particular card is used by multiple customers, which can be an indicator of fraud
* Track if a user is using the same card for multiple customer-present payments, which is a signal that a vault could greatly improve the user experience
* Save the preferred card of a customer

A payment method token is not a valid fingerprint since tokenizing or vaulting the same card multiple times yields different payment method tokens.

## Fingerprinting with Analytics ID

Primer API exposes [`analyticsId`](/api-reference/v2.4/api-reference/payments-api/get-a-payment#response.body.paymentMethod.analyticsId) to act as a fingerprint for all payment methods. You can find this value

* in the Payment object, in the [API](/api-reference/v2.4/api-reference/payments-api/get-a-payment#response.body.paymentMethod.analyticsId) and in the Workflow
* attached to a [saved payment method token](/api-reference/v2.4/api-reference/payment-methods-api/list-saved-payment-methods#response.body.data.analyticsId)

`analyticsId` is unique per Primer account. Tokenizing the same card on multiple Primer accounts will generate different `analyticsId`

<Note>
  When Universal Checkout tokenizes the same payment method multiple times, a new single-used payment method token is generated each time, even if the payment method is part of your unified vault. On the other hands, the `analyticsId` attached to the payment method token remains the same.

  As a result, we recommend storing the `analyticsId` when you want to save the preferred vaulted payment method.
</Note>

## How is Analytics ID created?

Although `analyticsId` is available for every payment method, its value heavily relies on how it is generated.

Check the following table to better understand how we create an `analyticsId` for each payment method:

| Payment Instrument Type                                    | Analytics ID is created from...                                                                     |
| ---------------------------------------------------------- | --------------------------------------------------------------------------------------------------- |
| Card                                                       | <ul><li>Primer Account ID</li><li>Card number</li><li>Expiry date</li></ul>                         |
| Google Pay                                                 | <ul><li>Primer Account ID</li><li>Card DPAN</li><li>Expiry date</li></ul>                           |
| Apple Pay <br /><i>Agnostic processor</i>                  | <ul><li>Primer Account ID</li><li>Card DPAN</li><li>Expiry date</li></ul>                           |
| Apple Pay <br /><i>Tied to a processor</i>                 | <ul><li>Primer Account ID</li><li>Apple Pay encrypted token (unique per payment attempt)</li></ul>  |
| PayPal <br /><i>Order (Single payment)</i>                 | <ul><li>Primer Account ID</li><li>PayPal Order ID (unique per payment attempt)</li></ul>            |
| PayPal <br /><i>Billing Agreement (Recurring payments)</i> | <ul><li>Primer Account ID</li><li>PayPal Billing Agreement ID (unique per agreement)</li></ul>      |
| Klarna <br /><i>Single payment</i>                         | <ul><li>Primer Account ID</li><li>Klarna authorization token (unique per payment attempt)</li></ul> |
| Klarna <br /><i>Recurring payments</i>                     | <ul><li>Primer Account ID</li><li>Klarna authorization token (unique per agreement)</li></ul>       |
| <i>Other</i>                                               | *Random ID*                                                                                         |

## Example: Blocking payments coming from a specific card

Let’s imagine you have identified a very specific card that you want to block from making any additional payments.

First, retrieve the `analyticsId` you want to block from the payment object.

Then, head to your card-processing workflow and add a route with a condition that checks if the Analytics ID of the payment matches the `analyticsId` you want to block.

<Frame caption="Conditions with analyticsId">
  <img src="https://goat-assets.production.core.primer.io/marketing/payment-capabilities/external-docs/fingerprinting/condition-analyticsid.png" />
</Frame>

Finally, add a "Decline payment" action to this specific route so that payments with this `analyticsId` are automatically blocked.

<Frame caption="Workflow">
  <img src="https://goat-assets.production.core.primer.io/marketing/payment-capabilities/external-docs/fingerprinting/fingerprinting-workflow.png" />
</Frame>

<Note>
  If you want to block an entire BIN, you can instead create a condition that checks the first 6 digits of the card.

  <Frame caption="Conditions with BIN">
    <img src="https://goat-assets.production.core.primer.io/marketing/payment-capabilities/external-docs/fingerprinting/condition-bin.png" />
  </Frame>
</Note>