Device Intelligence
Leverage Device Intelligence to identify anomalous device behaviour and strengthen risk-based decision-making.
Device Intelligence is a powerful set of tools that enables the detection and analysis of device-based signals during KYC processes and user interactions with the platform (sign-ups, logins, transactions, etc). By identifying the specific devices interacting with your platform, it uncovers risky patterns that may indicate fraudulent behavior. These patterns include:
- Account takeover
- Multi-accounting schemes
- Bot activity
- Account Sharing
Device Intelligence is particularly effective at identifying sophisticated fraud attempts such as employing automation tools or remote access software, using spoofed devices, and operating in incognito or privacy modes. By flagging anomalies early, organizations can respond proactively, blocking high-risk activity before it escalates, and allow genuine users to proceed without unnecessary friction.
In addition to fraud prevention, Device Intelligence enhances user experience. It supports dynamic, device-based risk assessments that help streamline authentication and filter out suspicious behavior early in the process. It leads to a more efficient and cost-effective decision-making.
For example, high-assurance checks like Liveness can be expensive. With Device Intelligence, we can identify potential bad actors earlier in the flow. This not only reduces operational costs but also minimizes unnecessary friction for trusted users, resulting in a more seamless user journey.
When integrated with KYC procedures, Transaction Monitoring, and other anti-fraud controls, Device Intelligence delivers a balance of security and usability, empowering businesses to protect their platforms without compromising the experience of legitimate users.
How does Device Intelligence work
Device Intelligence is powered by Fingerprint, a leading provider of advanced device identification technology. The system uses a comprehensive approach that combines browser and device fingerprinting with sophisticated server-side techniques. These methods work together with the goal of generating a stable, unique device identifier and detecting suspicious device activity such as:
- Bot or VPN usage.
- Remote access and virtualization software.
- Device spoofing.
- Privacy-focused software.
This identifier remains consistent even if the user changes browser settings, clears cookies, or uses incognito mode.
The entire process of collecting device information happens immediately upon device access and does not require continuous tracking of user interactions with the platform. Importantly, this operates without requiring user permissions, meaning no intrusive prompts or interruptions for your users.
Where does Device Intelligence work
Device Intelligence is integrated across key touchpoints in both KYC and Transaction Monitoring processes, ensuring risk detection throughout the user journey.
Currently, Device Intelligence is available in the following implementations:
- KYC via WebSDK 2.0 and Workflows. Device data is captured automatically during the KYC flow, allowing for risk assessment and decision-making directly within KYC Workflows.
- KYC via WebSDK 2.0 and KYC transactions. Device Intelligence links captured signals with individual KYC transactions, enhancing the accuracy of fraud detection for each applicant.
- Transaction Monitoring via KYC transactions and user platform events. Beyond KYC, Device Intelligence extends to behavioral monitoring during key platform activities, such as logins, password changes, or financial transactions. These are tracked as user platform events and treated as transactions for device risk assessment.
What risk labels Device Intelligence can detect
Currently, Device Intelligence supports risk labels listed in the following table.
| Label | API name | Description |
|---|---|---|
App tampering |
tampering |
Indicates the usage of anti-detect browser or tampering with the browser default behaviour. |
Developer tools detected |
developerTools |
Informs whether developer tools were manually opened in Chrome or Firefox browsers. |
Incognito mode |
incognito |
Detects whether incognito or private modes are being used. |
Known bot |
goodBot |
Indicates that the bot is a well-known web crawler or other search engine bot. |
Malicious bot |
badBot |
Indicates that the bot is an automated tool that does not have legitimate uses and assumes fraudulent activity. |
Privacy settings enabled |
privacySettingsMode |
Privacy settings that have the ability to randomize and obfuscate signal output are enabled. |
Remote control detected |
remoteControl |
Indicates whether the request originated from a device being remotely controlled or remotely controlling another device. |
Virtual machine |
virtualMachine |
Detects whether the browser is running inside a virtualization software by examining the browser configuration. |
How to enable Device Intelligence
Device Intelligence should be enabled separately for the KYC flow and user platform events.
Tip
You can test your Device Intelligence integration by using Simulation. For more instructions on how to enable it, see this article.
Enable Device Intelligence for KYC flow
Complete the following actions to enable Device Intelligence during the KYC onboarding process:
- In the Dashboard, go to the Integrations and select the level of interest.
- Open the Verification Level settings.
- In the Configurations section, select the Enable device fingerprinting during onboarding checkbox.
This enables the system to automatically collect device signals when users begin the KYC process via the WebSDK 2.0.
Note
Instead of pre-KYC checks during sign-ups, you can also create applicants with the Device Intelligence enabled using Sumsub API and JS SDK. For more information, see this article.
Enable Device Intelligence for user platform events
Device Intelligence can also be leveraged for ongoing Transaction Monitoring by linking device data to specific events, such as logins, password changes, and financial transactions.
To enable Device Intelligence for such events, on your application frontend, integrate the JS SDK and Sumsub API to collect device data and link it to events in transaction monitoring. For more information on how to integrate with Device Intelligence, see this article.
View devices and device analytics
Device analytics can help identify patterns of suspicious activity, such as device re-use, high-risk configurations, or abnormal login behaviours, across your user base. These insights support manual investigations and inform risk-based decisions without disrupting legitimate users.
You can view both the Devices and Device analytics in the Device Intelligence section in the Dashboard:
- Devices section contains a list of all detected devices with their general information and risk labels.
- Device analytics displays graphs showing the total number of devices, login attempts, and the number of risk labels, as well as a world map showing the device geolocation.
View specific device activity
Device-specific activity can be monitored from several key areas within the platform, enabling flexible and context-aware investigation of certain cases:
- From the Device page. In the Dashboard, navigate to the Device Intelligence section, open Devices, and select the device of interest.
- From the Applicant page. In the Dashboard, navigate to the Applicants section, select the applicant of interest, and open Devices tab.
- From the Overview on the applicant page. In the Dashboard, navigate to the Applicants section in the Dashboard and select the applicant of interest. On the Overview tab, scroll down to the Devices section.
- From the Transactions page. In the Dashboard, go to the Transactions and Travel Rule and select the transaction of interest. Scroll down to the Transaction antifraud section and click View device details in the Device info.
Updated 1 day ago