API Reference
API ReferenceChangelogFAQDashboard

About Device Intelligence

Device Intelligence is a powerful yet simple tool that allows you to seamlessly integrate fraud detection capabilities into your applications using a combination of proprietary solutions and 3rd party providers (primarily Fingerprint).

With the Sumsub Device Intelligence solution, you can easily detect and prevent fraudulent activities within your system, providing a safer and more secure environment for your users.

How Device Intelligence works

Device Intelligence detects fraud attempts quickly and efficiently. The process is divided into two main stages:

  • Data Collection: Every time your applicants perform a critical action - such as opening the KYC check - Device Intelligence collects technical data from their devices.
  • Data analysis: The collected data is sent to a database and 3rd party providers. The data is then analyzed and assessed to determine whether the user is a suspected fraudster or not.

This process is especially critical for the SDK. If a user is flagged and blocked during the Device Intelligence check, it is entirely independent of the standard KYC verification process.

Fraud techniques Device Intelligence can prevent

With Sumsub Device Intelligence, you can prevent the following and not only methods of fraud.

Bots and automation tools

Device Intelligence makes it significantly harder for bots and automation tools to operate undetected. Unlike IP addresses or user agents - which are easily spoofed - Device Intelligence generates device fingerprints using a rich set of hardware, browser, and behavioral signals that are much more difficult to fake consistently.

By using Device Intelligence, you can:

  • Detect repeated automation attempts across sessions and accounts.
  • Identify suspicious patterns (e.g. identical environments across multiple “users”).
  • Block known device setups commonly used by headless browsers or bot frameworks.
  • Increase confidence in legitimate traffic by linking behavior to a unique device.

Device farms

Technically, device farms are extensive networks of physical devices or virtual environments. While they can serve legitimate purposes, such as testing tools, they are often exploited for fraudulent activities, including ad fraud, synthetic identity creation, or mass account takeovers.

Device Intelligence can detect:

  • Devices with environmental or interaction characteristics resembling those used in device farms, such as persistent motion models, similar device configurations, or unusual IP and network behavior.
  • Abnormal device characteristics that indicate a simulated environment. For example, discrepancies between a device's claimed performance and its actual performance may suggest the use of virtual machines or emulators.

Account takeover

Account Takeover (ATO) attacks occur when fraudsters gain unauthorized access to user accounts - often using stolen credentials or brute-force techniques. Device Intelligence helps detect and block these attacks by tying login behavior to a unique device fingerprint.

With Device Intelligence, you can:

  • Detect suspicious device behavior during authentication flows.
  • Correlate access patterns across multiple accounts to uncover credential stuffing.
  • Prevent access if a device exhibits signs of automation or bot activity.

Fake accounts creation

Fraudsters often create large volumes of fake accounts using automation tools, disposable emails, or device spoofing to abuse signup flows. Device Intelligence helps detect and block these attempts by generating a unique device fingerprint at the point of registration.

With Device Intelligence, you can:

  • Identify devices used to create multiple accounts.
  • Detect automation tools and headless browsers often used in fake signups.
  • Flag signups from devices with suspicious or inconsistent fingerprints.
  • Rate-limit or block repeated attempts from the same underlying environment.

Transaction and payment fraud

Fraudsters may use stolen cards, compromised accounts, or scripted tools to commit payment fraud. Device Intelligence strengthens your defenses by linking payment activity to a unique device fingerprint, helping you spot unusual or high-risk behavior in real time.

With Device Intelligence, you can:

  • Detect transactions from new or unrecognized devices.
  • Identify device sharing across multiple payment attempts or accounts.
  • Block payments from devices flagged for previous fraud or abuse.
  • Correlate device behavior with other signals (e.g., location, velocity) for smarter decisioning.

Unauthorized access and identity theft

Unauthorized access and identity theft often involve fraudsters impersonating legitimate users - through stolen credentials, social engineering, or synthetic identities. Device Intelligence helps detect these threats by associating activity with a consistent device fingerprint.

With Device Intelligence, you can:

  • Detect login attempts from devices never seen before.
  • Flag inconsistent behavior across sessions, devices, or accounts.
  • Identify imposters using legitimate credentials but unfamiliar environments.
  • Prevent account linking or updates from devices with risky or mismatched profiles.

Parameters Device Intelligence collects and analyzes

To detect fraudulent behavior based on user behavior, Device Intelligence typically collects a variety of parameters and data that capture the nuances of the user’s device.These data points can be then analyzed for anomalies or patterns indicative of fraudulent activity. Below is a detailed breakdown of the types of data and parameters collected.

📘

Note

Device Intelligence does not collect any personal and/or sensitive information, only technical parameters that help us analyze user behavior in the system.

Device and environmental data

These parameters identify the user's device and environment, which can signal anomalies.

  • Device metadata:
    • Device type (desktop, mobile, tablet).
    • Operating system and browser details.
  • Network information:
    • IP address and geolocation.
    • Proxy or VPN usage.
  • Language and timezone settings.

Data consistency and contextual parameters

These parameters assess the plausibility and consistency of user behavior.

  • Sudden changes in geographic location (e.g., logging in from different countries in a short span).
  • IP address mismatches with registered location.

By collecting and analyzing these parameters, Device Intelligence can detect fraudulent activities, such as bot attacks, account takeovers, or identity theft, while ensuring legitimate users have a seamless experience. The combination of interaction data, device information, provides a robust framework for fraud prevention.