1 van 16

February 2023

Capabilities Gathering Survey Results

2 van 16



  • Ensure completeness of capabilities inventory
  • Prioritize capabilities needed by the anti-fraud ecosystem Anonymity of information: Gathering: Key terms to know Capabilities:

Anonymity of information

  • Only company region, industry, and size (number of employees) were collected
  • Company name is optional
  • Consolidated results (not individual responses) shared within W3C's Anti-Fraud Community Group Capabilities

What are capabilities?

  • Capabilities are the high-level functional requirements for a given set of anti-fraud use cases, and are not specific to any sources of truth or technologies. Capabilities are aligned to specific use cases. For capabilities, please focus on capabilities that a browser can communicate about a device


  • Survey was open November 7 2022 - January 31 2023
  • The survey was distributed via the AFCG and 1:1 conversations between Google and members of anti-fraud ecosystem

3 van 16

Responding Company Demographics

4 van 16

Key Use Cases

Other use cases:

  • Financial Transactions
  • Login
  • Fraudulent activity using the platform
  • Malicious Download Compromised Landing Site/Pages
  • Payments
  • Browser compromise Auto-Redirect
  • Scam Ads Cryptojacking

5 van 16

Key Use Cases

6 van 16

Key Capabilities Across All Use Cases

7 van 16

Account Takeover: Key Capabilities

Recognize the same device

Geo Attestation


Token Binding

Device & Boot Attestation

User Presence


App / Site Attestation

Element Visibility

Post-Boot Attestation

Token Binding

Recognize the same device


Geo Attestation

User Presence

Device & Boot Attestation


Post-Boot Attestation

App / Site Attestation

Element Visibility

Most commonly selected capabilities

Importance of capabilities

8 van 16

Account Takeover: Other Capabilities

  • Identity Verification
  • Unique Identifier: Provide ability to uniquely identify and track users across the industry.
  • A way to technologically enforce a "1 per person" limit
  • Detect automatic connection from a bot
  • Whether the device is being controlled by automation software
  • Campaign Binding: With user consent, bind a credential (such as a cookie) to a campaign and or image to ensure it is not compromised at any stage after scanning.
  • Whether the browser has been modified in some way

9 van 16

Account Creation: Key Capabilities

Geo Attestation

Recognize the same device

User Presence


Token Binding

Device & Boot Attestation

App / Site Attestation


Post-Boot Attestation

Element Visibility

Recognize the same device

Token Binding


Geo Attestation

Device & Boot Attestation

User Presence

App / Site Attestation

Post-Boot Attestation


Element Visibility

Most commonly selected capabilities

Importance of capabilities

10 van 16

Account Creation: Other Capabilities

  • Unique Identifier: Provide ability to uniquely identify and track users across the industry.
  • Detect automatic account creation
  • Device fingerprinting/inspection to determine if a device is typical of an active fraud ring
  • Identity Verification
  • Whether the device is being controlled by automation software
  • A way to technologically enforce a "1 per person" limit
  • Campaign Binding: With user consent, bind a credential (such as a cookie) to a campaign and or image to ensure it is not compromised at any stage after scanning.
  • Inspect device IP and compare to IP ranges of known bad actors, or VPN/proxy services
  • Whether the browser has been modified in some way

11 van 16

Payment Fraud: Key Capabilities

Token Binding


Recognize the same device

Geo Attestation

User Presence

Device & Boot Attestation


App / Site Attestation

Post-Boot Attestation

Element Visibility

Most commonly selected capabilities

Importance of capabilities

Recognize the same device

Geo Attestation

Token Binding


User Presence

Device & Boot Attestation

Post-Boot Attestation

App / Site Attestation


Element Visibility

12 van 16

Payment Fraud: Other Capabilities

  • Identity Verification
  • A way to technologically enforce a "1 per person" limit
  • Inspect device IP and compare to IP ranges of known bad actors, or VPN/proxy services
  • Whether the device is being controlled by automation software
  • Device fingerprinting/inspection to determine if a device is typical of an active fraud ring
  • Whether the browser has been modified in some way

13 van 16

eCommerce Fraud: Key Capabilities

Token Binding


Recognize the same device

Geo Attestation

Device & Boot Attestation

User Presence


App / Site Attestation

Element Visibility

Post-Boot Attestation

Most commonly selected capabilities

Importance of capabilities

Geo Attestation

Recognize the same device


Token Binding

Device & Boot Attestation

User Presence

Post-Boot Attestation

App / Site Attestation


Element Visibility

14 van 16

eCommerce Fraud: Other Capabilities

  • Identity Verification
  • A way to technologically enforce a "1 per person" limit
  • Device fingerprinting/inspection to determine if a device is typical of an active fraud ring
  • Whether the device is being controlled by automation software
  • Inspect device IP and compare to IP ranges of known bad actors, or VPN/proxy services
  • Whether the browser has been modified in some way

15 van 16

IVT in Advertising: Key Capabilities

App / Site Attestation

Element Visibility


Device & Boot Attestation

Token Binding

Geo Attestation

User Presence

Recognize the same device

Post-Boot Attestation


Most commonly selected capabilities

Importance of capabilities

Geo Attestation


Token Binding

Recognize the same device

App / Site Attestation

Element Visibility

User Presence


Device & Boot Attestation

Post-Boot Attestation

16 van 16

Out-of-band Feedback Mechanism