Booking.com processes hundreds of millions of transactions per year. Their fraud team had to defend against account takeover, payment fraud, and fake property listings simultaneously.

Their previous stack relied primarily on cookie-based session tracking and IP reputation scoring. When bad actors used VPNs or cleared their browsers between attempts, that stack saw them as new users every time. A fraud ring could open hundreds of new accounts from the same handful of devices, and the system had no way to connect the dots.

After adding Fingerprint, the picture changed. Device IDs persisted across cookie clears, VPN rotations, and browser changes. The same fraudulent device profile that had registered 12 accounts now showed up as what it was: one device, twelve accounts, a clear fraud signal. Account takeover attempts dropped because Fingerprint could recognize returning bad actors before they ever submitted a credential.

Andreas Zodhiates, Head of Payment Fraud at Booking.com, described the outcome plainly: "It acts as fraud detector and a trust enabler." The same signal that catches bad actors also confirms good ones, allowing Booking.com to reduce friction for legitimate customers.

From a developer's perspective, the integration was a single SDK install. The Fingerprint JavaScript agent runs in the browser, generates a stable visitor ID, and passes that ID to your backend for analysis. Booking.com's engineers connected it to their existing risk engine without rebuilding their fraud infrastructure.

The same approach works for any platform handling logins, payments, or account creation at scale.

Or start building: dashboard.fingerprint.com/signup

Fingerprint, Inc.  |  Unsubscribe