Sift Science

Overview

Sift Science (operating as Sift) is a digital trust and safety platform founded in 2011 and headquartered in San Francisco. It provides real-time fraud detection and prevention for e-commerce, marketplaces, financial services, and consumer applications. Sift's machine learning models process hundreds of behavioural and device signals per event to assign dynamic risk scores, enabling organisations to distinguish legitimate users from fraudsters attempting account takeover (ATO), payment fraud, promo abuse, and content spam. Major clients include Twitter, Airbnb, Twilio, and McDonald's. Sift processes over 1 trillion events per year across its customer network.

What This Script Does

The Sift JavaScript snippet loads from cdn.sift.com and initialises the Sift beacon on the page. It begins collecting device intelligence and behavioural telemetry immediately on page load, with no user interaction required.

Device intelligence collected:

• Browser fingerprint components: user agent string, screen resolution, colour depth, timezone offset, language settings, installed plugins (where accessible), canvas fingerprint hash, WebGL renderer identifier
• Hardware signals: device memory estimate, CPU core count, touch support, battery status (where API is available)
• Network metadata: connection type (4G, WiFi, broadband), IP address processed server-side
• JavaScript environment: headless browser detection signals, automation framework indicators (Selenium, Puppeteer, Playwright signatures), browser consistency checks

Behavioural biometrics:

• Keystroke timing dynamics within form fields (dwell time, flight time between keystrokes)
• Mouse movement velocity, acceleration, and trajectory patterns
• Scroll behaviour and page interaction cadence
• Copy-paste detection in sensitive fields (password, credit card)
• Form field focus and blur timing

Cookies and storage:

• sift_session — Session-scoped token linking telemetry events to the current page interaction; transmitted to Sift's scoring API with each event; expires at session end.
• sift_js_id — Device recognition cookie set to maintain device-level continuity for repeat fraud detection; expiry 1 year. Used to identify whether a device has been associated with fraudulent behaviour in previous sessions.
• Local storage key _sift — Stores device-level signals for correlation with server-side risk models; cleared per session or on explicit cache clearing.

Script filenames and CDN: sift.js or beacon.js loaded from cdn.sift.com. Events POST to api3.siftscience.com/v205/events with the host organisation's JavaScript snippet key. Risk score responses are returned synchronously for real-time decisioning.

Risk score model inputs: In addition to device and behavioural signals, Sift aggregates cross-network signals from its entire client base — meaning a device or IP that has committed fraud on one Sift customer's platform contributes to risk scoring on other platforms. This consortium-level intelligence is a core feature of Sift's fraud detection accuracy.

Consent & Compliance

Sift is classified under the essential category. Its function is security-critical fraud detection protecting the platform and its legitimate users from account takeover, payment fraud, and automated abuse. Under GDPR Recital 47, fraud prevention constitutes a legitimate interest of the data controller, and GDPR Article 6(1)(f) provides the lawful basis for this processing. The ePrivacy Directive's strictly necessary exemption applies to security measures that protect the integrity of a service explicitly requested by the user. While Sift collects device fingerprints and behavioural data, this processing is bounded to fraud risk scoring and is not used for advertising profiling or cross-site behavioural marketing. Sift participates in the EU-US Data Privacy Framework for compliant transatlantic data transfers and maintains SCCs for EU deployments.

Should You Block This Without Consent?

No. Sift is a security tool that protects against payment fraud, account takeover, and automated abuse. Blocking it degrades fraud protection. It should load as an essential script without requiring user consent.