What is fingerprinting?

Fingerprinting is the process of generating an identifier for a specific payment method, without revealing any sensitive information. Contrary to payment method tokens, fingerprints cannot be used to make payments, which makes them a secure representation of payment method details.

Fingerprints are extremely valuable to:

  • Check whether a particular card is used by multiple customers, which can be an indicator of fraud
  • Track if a user is using the same card for multiple customer-present payments, which is a signal that a vault could greatly improve the user experience
  • Save the preferred card of a customer

A payment method token is not a valid fingerprint since tokenizing or vaulting the same card multiple times yields different payment method tokens.

Fingerprinting with Analytics ID

Primer API exposes analyticsId to act as a fingerprint for all payment methods. You can find this value

analyticsId is unique per Primer account. Tokenizing the same card on multiple Primer accounts will generate different analyticsId

When Universal Checkout tokenizes the same payment method multiple times, a new single-used payment method token is generated each time, even if the payment method is part of your unified vault. On the other hands, the analyticsId attached to the payment method token remains the same.

As a result, we recommend storing the analyticsId when you want to save the preferred vaulted payment method.

How is Analytics ID created?

Although analyticsId is available for every payment method, its value heavily relies on how it is generated.

Check the following table to better understand how we create an analyticsId for each payment method:

Payment Instrument TypeAnalytics ID is created from...
Card
  • Primer Account ID
  • Card number
  • Expiry date
Google Pay
  • Primer Account ID
  • Card DPAN
  • Expiry date
Apple Pay
Agnostic processor
  • Primer Account ID
  • Card DPAN
  • Expiry date
Apple Pay
Tied to a processor
  • Primer Account ID
  • Apple Pay encrypted token (unique per payment attempt)
PayPal
Order (Single payment)
  • Primer Account ID
  • PayPal Order ID (unique per payment attempt)
PayPal
Billing Agreement (Recurring payments)
  • Primer Account ID
  • PayPal Billing Agreement ID (unique per agreement)
Klarna
Single payment
  • Primer Account ID
  • Klarna authorization token (unique per payment attempt)
Klarna
Recurring payments
  • Primer Account ID
  • Klarna authorization token (unique per agreement)
OtherRandom ID

Example: Blocking payments coming from a specific card

Let’s imagine you have identified a very specific card that you want to block from making any additional payments.

First, retrieve the analyticsId you want to block from the payment object.

Then, head to your card-processing workflow and add a route with a condition that checks if the Analytics ID of the payment matches the analyticsId you want to block.

Conditions with analyticsId

Finally, add a “Decline payment” action to this specific route so that payments with this analyticsId are automatically blocked.

Workflow

If you want to block an entire BIN, you can instead create a condition that checks the first 6 digits of the card.

Conditions with BIN