In addition to identifying an access device from the signal emitted by its operating system or a tracking cookie, fraud-detection providers can help merchants spot another red flag: that the user of the access device has turned off such applications as Flash and JavaScript, which are critical to properly rendering a web page.