Device Intelligence
Leverage Device Intelligence to identify anomalous device behavior and strengthen risk-based decision-making.
Device Intelligence is a powerful set of tools that enables the detection and analysis of device-based signals during verification, financial transactions and user interactions with the platform (sign-ups, logins, resetting passwords, and other significant actions). By identifying the specific devices interacting with your platform, it uncovers risky patterns that may indicate fraudulent behavior. These patterns include:
- Account takeover
- Multi-accounting schemes
- Bot activity
- Account sharing
Device Intelligence is particularly effective at identifying sophisticated fraud attempts such as using spoofed or emulated devices, operating in incognito or privacy modes, running on rooted/jailbroken devices, using VPN applications, or attempting to spoof location. By flagging anomalies early, organizations can respond proactively, blocking high-risk activity before it escalates, and allow genuine users to proceed without unnecessary friction.
Device Intelligence serves two core purposes:
- Reliable device identification. This service generates stable, unique device identifiers that persist across sessions and, for mobile devices, across app reinstallation.
- Suspicious environment detection. Device Intelligence identifies signs of tampered, emulated, or manipulated device environments that may indicate fraud attempts.
When integrated with verification procedures, Transaction Monitoring, and other Fraud Prevention controls, Device Intelligence delivers a balance of security and usability, empowering businesses to protect their platforms without compromising the experience of legitimate users.
How Device Intelligence works
Device Intelligence is powered by Fingerprint, a leading provider of advanced device identification technology. The system uses techniques for capturing low-level browser and device signals – for instance, device fingerprinting, which is one of the many techniques used in Device Intelligence. These methods work together with the goal of generating a stable, unique device identifier and detecting suspicious device activity such as:
- Bot activity detection
- VPN and proxy usage
- Device spoofing and emulation
- Privacy-focused software and incognito modes
- Rooted/jailbroken devices
- Location spoofing
This identifier remains consistent even if the user changes browser settings, clears cookies, or uses incognito mode.
The entire process of collecting device information happens immediately upon device access and does not require continuous tracking of user interactions with the platform. Importantly, this operates without requiring user permissions, meaning no intrusive prompts or interruptions for your users.
Web and mobile Device Intelligence
Device Intelligence works differently depending on the platform. Understanding these differences will help you interpret device data correctly and tailor your risk response accordingly.
In the following table, you can find a comparison of Web Device Intelligence and Mobile Device Intelligence across its key aspects.
| Aspect | Web Device Intelligence | Mobile Device Intelligence |
|---|---|---|
| Device ID representation | Browser instance | Physical device |
| Identification method | Probabilistic (fingerprinting) | Deterministic (hardware-level signals) |
| ID persistence | Stable identifier even when cookies are cleared or browser storage is reset | Persists across app reinstall and data clear |
| Multiple browsers/apps | Different browsers -> Different IDs | Same device -> Same ID regardless of app |
| Collision probability | Low but non-zero | No practical collisions |
| Accuracy | High | Very high (no false positives) |
Web Device Intelligence works via:
- WebSDK – for verification flows.
- JS SDK – for pre-KYC/sign-up pre-screening and Behavior Monitoring.
It works in desktop and mobile browsers, and WebViews inside mobile apps.
Mobile Device Intelligence works via native SDKs:
Note
Device Intelligence requires MobileSDK integration in your app. Also, its module has to be enabled for Android and iOS.
Benefits of device ID
Device IDs provide a more stable and precise way to identify returning devices than IP addresses, enabling more reliable risk decisions even when networks change or traffic is routed through VPNs or proxies.
IP addresses are unreliable for device identification because they:
- Change frequently (mobile networks, ISP reassignment).
- Are shared across multiple users and devices (NAT, corporate networks).
- Can be easily masked using VPNs or proxies.
Device Intelligence device IDs overcome these limitations as they are:
- Stable across network changes.
- Device-specific (not shared).
- Independent of IP rotation or VPN usage.
They also provide much higher precision and lower collision rates.
Where Device Intelligence works
Device Intelligence integration operates across key touchpoints in both verification flow and Transaction Monitoring processes, ensuring risk detection throughout the user journey.
It operates across three stages: capturing device data, assessing risk, and taking decisions.
Capturing device data
At this stage, Device Intelligence workflow depends on the verification stage or service you use:
| Stage | Method | SDK |
|---|---|---|
| Verification | Automatically during verification flow | WebSDK 2.0, MobileSDK |
| Pre-KYC onboarding/sign-up pre-screening | Via JS SDK and Sumsub API | JS SDK, MobileSDK (experimental) |
| Behavior Monitoring | Linked to user activity (logins, password changes) | JS SDK, MobileSDK (experimental) |
| Transaction Monitoring | Linked to financial transactions | JS SDK, MobileSDK (experimental) |
Assessing risk
Device data feeds into multiple risk assessment mechanisms:
- Behavior Monitoring – links devices to user activity patterns to detect anomalies.
- Transaction Monitoring – links devices to financial transactions for fraud detection.
- Applicant Risk Scoring – calculates comprehensive risk scores using device signals combined with other factors.
Tip
When applying Applicant Risk Scoring, combine other risk sources like email/phone risk assessment, risk labels, custom transaction monitoring and verification rules, with device signals for comprehensive risk assessment. You can use the following device signals:
- Device risk labels
- Reused devices
- New devices
- Multiple devices per session
Based on risk scores, trigger appropriate responses:
- Enable step-up checks.
- Route a case to Case Management for manual review.
- Enable enhanced monitoring by flagging a case for ongoing observation.
Taking decision
Based on risk assessment, decisions can be made through:
- Workflow Builder – automate verification decisions based on device signals.
- Transaction Monitoring rules engine – define rules that trigger actions based on device risk.
- Case Management – route flagged applicants for manual review.
- Applicant actions – apply actions directly to applicants based on device data.
- Blocklists – block high-risk applicants from future interactions.
How to enable Device Intelligence
To enable Device Intelligence for your account, contact your Customer Success Manager or enable it yourself if you are a self-service client.
Tip
You can test your Device Intelligence integration by using Simulation. For more instructions on how to enable it, see this article.
Enable Device Intelligence for verification
Complete the following actions to enable Device Intelligence during the onboarding process. The enablement process is the same for both WebSDK and MobileSDK verification flows.
- Enable Device Intelligence module (MobileSDK integration):
- In the Dashboard, go to Integrations and select the level of interest.
- Open the Verification Level settings.
- In the Configurations section, open the Fraud prevention tab and select the Capture devices checkbox.
This enables the system to automatically collect device signals when users begin the verification process.
Note that device capture is:
- Invisible to the end user.
- Does not affect user experience.
- Does not introduce noticeable latency.
Important
The system collects device data only when both of the following conditions are met:
- The device capture is enabled for the verification level.
- The verification session is completed.
Enable Device Intelligence for Behavior Monitoring and Transaction Monitoring
You can leverage Device Intelligence for Ongoing Monitoring by linking device data to specific events, such as logins, password changes, and financial transactions.
- To enable web Device Intelligence for Behavior Monitoring and Transaction Monitoring, integrate the JS SDK and Sumsub API on your application frontend to collect device data and link it to behavioral events.
For more information on how to integrate with Device Intelligence, see this article. - To enable mobile Device Intelligence for Behavior Monitoring and Transaction Monitoring, contact your Customer Success Manager about native SDK integration options for mobile Behavior Monitoring.
Device Intelligence data and signals
Device analytics can help identify patterns of suspicious activity, such as device re-use, high-risk configurations, or abnormal login behavior, across your user base. These insights support manual investigations and inform risk-based decisions without disrupting legitimate users.
View devices and device analytics
You can view both the Devices and Device analytics in the Device Intelligence section in the Dashboard:
- Devices section contains a list of all detected devices with their general information and risk labels.
- Device analytics displays graphs showing the total number of devices, login attempts, and the number of risk labels, as well as a world map showing the device geolocation.
View device data
Device data is collected and available in real time. You can access it from multiple locations:
- In the Dashboard, go to the Device Intelligence section to view all devices and analytics. To monitor monitor device-specific activity, select the device of interest.
- When viewing verification, a Device Check block appears in completed verifications, showing device information and any detected risk labels.
- On the applicant profile, the Devices tab lists:
- All devices associated with the applicant.
- Suspicious labels highlighting device risks.
- From the Overview on the applicant page. In the Dashboard, navigate to the Applicants section and select the applicant of interest. On the Overview tab, scroll down to the Devices section.
- From the Transactions page. In the Dashboard, go to the Transactions and Travel Rule and select the transaction of interest. Scroll down to the Transaction antifraud section and click View device details in the Device info.
Interpret device signals
Device signals are risk indicators, not definitive proof of fraud. You should use it as part of a broader risk assessment strategy.
Device reuse
When the same Device ID appears across multiple applicants, it may indicate:
|
Risk scenarios |
|
|
Legitimate scenarios |
|
Note
Device reuse is a risk signal, not proof of fraud. Risk increases with the number of applicants sharing the device and speed/velocity of reuse (many accounts in a short time).
New devices and multiple devices
When new device IDs appear for an applicant, or multiple device IDs are observed within a single session, it may indicate:
|
Risk scenarios |
|
|
Legitimate scenarios |
|
Note
Apply automated blocking or rejection only in high-confidence and high-risk scenarios:
- Large-scale fraud attacks
- Clear policy violations with multiple confirming signals
Prefer setting up additional verification steps rather than outright blocking. Enable the following checks to secure your verification flow:
Risk labels
Device Intelligence supports risk labels across web and mobile platforms.
Device Intelligence also includes all signals from the Advanced IP Check module. For the complete list of IP-based signals, refer to this article.
Updated 2 days ago