Skip to main content

Big Tech’s Data Privacy Controls Impact on Fraud Detection Performance

Email phone verification

If you’re a proponent of the data privacy controls Big Tech rolled out over the past few years enabling you to decide what data is shared with different websites and apps — avoiding annoying ad tracking — you’re not alone. Most (78%) consumers said they prefer organizations that provide online experiences protecting personal data, according to TransUnion’s 2023 State of Omnichannel Fraud report

But, if you’re a fraud prevention specialist, these privacy controls might keep you up at night. Your fraud detection platform that assesses device risk may rely on some of the data consumers restrict or hide, impacting its ability to more accurately predict device fraud risk. 

Not all fraud detection solutions are created equal. Device recognition quality depends on how data is collected and how it’s used. Some platforms rely on data signals that aren’t designed for fraud detection, and so they could be at risk of reduced accuracy. 

For consumers, while these data privacy controls provide a sense of data protection, they do so at the risk of convenience. With limited data to interrogate a device, fraud detection systems will simply assess them as greater risk, potentially resulting in rejected transactions or increased levels of disruptive authentication, negatively impacting the customer experience

Big Tech strives to give consumers control of their data

Technology companies, like Apple® and Google™, introduced new privacy features that enable consumers to control how websites and apps use personal data. Specifically, these features cover advertising, location, third-party access transparency and permission authorization. These changes align with regulations (both existing and proposed) aimed at stopping companies from capturing and using consumer data without their knowledge or consent. 

Ad tracking abuse leads to regulation and data privacy controls

The simple cookie was a foundational element of the Internet browser, enabling developers to improve the user experience by maintaining small pieces of information on their computers. Then, the ad tech world turned those cookies, along with other personal data, into a multibillion-dollar commodity to power ad targeting and measurement. 

With the advent of the mobile phone, cookie-based ad targeting exploded. In addition, tech companies developed identifiers allowing mobile app developers to track users across apps and devices:

  • Mobile ad ID (MAID) — Mobile device ID shared with all apps by the operating system (OS) for both Apple and Android™ devices
  • Identifier for Advertisers (IDFA) —  Random number assigned by Apple to a user’s device for mobile advertising
  • Android Advertising ID (AAID) —  Number assigned to Android devices

Subsequently, governments stepped in with consumer data privacy regulations, like Europe’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA). Many Big Tech companies moved to limit the use of cookies in browsers and mobile devices. At the same time, Big Tech’s media giants shifted to different identity frameworks to support their ad businesses.

Consumer data privacy control milestones



Apple releases Intelligent Tracking Prevention for Safari® and IOS® to prevent cross-site tracking


European Commission

GDPR takes effect in Europe



Firefox™ introduces Enhanced Tracking Protection as default setting for all users



State of California

CCPA takes effect in California



Google announces plan to phase out third-party cookies and introduces The Privacy Sandbox, an initiative designed to limit user data sharing in digital advertising and the impact of cross-app identifiers



Apple introduces App Tracking Transparency, forcing app developers to request permission to access users’ data, and Mail Privacy Protection to stop senders from using invisible pixels to collect information about users




Google introduces data privacy features in Android and Chrome™ to protect photos, browsing history and location data




Apple introduces data privacy features in Safari, iCloud® and Mail to protect users’ email and location information



Google rolls out The Privacy Sandbox for Android

Data privacy controls are essential to the customer experience

Customers demand personal experiences but want privacy — a conflict that can be difficult for brands to navigate. A high-quality, safeguarded digital experience is important to consumers, 59% of whom reported they’d switch companies to get a better digital experience, according to TransUnion 2023 State of Omnichannel Fraud report.

Unfortunately, a privacy-concerned individual using tools provided by Big Tech looks a lot like a fraudster. Providing minimum data online is a hallmark of fraudulent behavior. However, consumers appear to understand the tradeoffs between security and convenience by expecting some friction in their customer experiences. In fact, 63% of consumers indicated they want to be explicitly authenticated to access their online accounts, according to TransUnion 2023 State of Omnichannel Fraud report.

What’s the impact of consumer data privacy fraud detection solutions?

To a certain extent, fraud detection systems must navigate the shifting regulatory environment and Big Tech consumer data privacy controls. Most systems will use various data signals to assess the risk of devices and networks. Any system overly reliant on device signals used for advertising, such as cookies or ad identifiers, are at risk of reduced performance.

Adopt fraud prevention that honors consumer data privacy

Big tech’s investments in consumer data privacy protection better enables consumer trust through transparency and control. Fraud detection solutions should aspire to these same goals. Fraud prevention focuses not just on how to stop bad actors, but also on better authenticating (with appropriate friction) whether the person on the other end is who they claim to be.

While device reputation-based solutions can help fraud teams apply known risks based on previously reported fraud, fraudsters often cycle through real or emulated devices to thwart the tracking of previously seen devices.

The technique of device proofing — combining the linkage of online and offline consumer data with device data, device intelligence and user behavioral signals — provides comprehensive signals to help determine if the device is in the hands of its rightful owner. This helps provide a smoother online customer experience while simultaneously reducing the risk of fraud, giving organizations the authoritative identity signals to more confidently assess risk and extend trust in digital interactions.

By leveraging generic device data and the data consumers consent to share with brands they do business with, organizations can better identify good customers while reducing false positives, unnecessary escalation friction and manual reviews.


Mozilla and FireFox are trademarks of Mozilla Foundation, in the US and other countries.

Apple, Safari, iCloud are trademarks of Apple Inc., registered in the US and other countries and regions.

Google, Android and Chrome are trademarks of Google LLC

IOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license by Apple, Inc.

Do you have questions? Our team is ready to help.