Device data collector data may not be received on an order due to either a timeout-related issue or because the web browser settings on a user's device have been configured not to allow device information to be collected.
When the Device Data Collector successfully collects data (99.6% of the time) for non-phone orders, the 'Y" flag is set in the field called KAPT and displayed on the Transaction Details page with a Collector=Y flag in the Persona details.
There are a number of factors that can block the Device Data Collector when a standard web browser is used. Most of these are configuration-based. The following list (from simple to complex) is of known issues that could prevent the Device Data Collector from running:
- There is a mismatch on the session ID value used for the Device Data collector versus what was actually submitted in the Risk Inquiry (RIS) call made to Kount. When a mismatch occurs, the session ID from the RIS post cannot find associated device data.
- A bot/plugin submits the page too fast for the Device Data collector to fire.
- Incorrectly implemented Iframe/image combination not pointing to a 403 redirect from the host (merchant's) server. This can cause a XSS warning if the security level is set to medium or high, and the user may not allow the site hop. 403 Redirects are vital to keep the XSS issue from being a problem with data collection.
- The RISK assessment request (RIS call) comes in before the Device Collector runs. This can theoretically happen when the calls are received very close together and network routing gets fouled up. If this occurs often for a merchant, we generally suggest better placement of the Device Collector script farther ahead in the checkout process. This is EXTREMELY rare.
The following could also theoretically happen, but are less likely unless the fraudster was explicitly trying to block device data from being collected:
- The Developer Console stepping through a page. You can halt/stop/skip lines of code in the Developer Console.
- Outbound Firewall restrictions. Traffic to the kaptcha.com domain could be restricted at the network or machine firewall level, or from a proxy.
- Response spoofing. Requests could be captured, and replaced with another. This is not really blocking our detection, but rather replacing it with some fake data.
The latter situations are extremely rare and would likely result in a recurrence of Device Service/Collector being set to 'N'.