Notifications
Clear all
Topic starter
10/06/2026 10:42 pm
TL;DR: Fraudsters can rotate email, IP, phone, and payment details in seconds, while 44% use developer tools to simulate device behavior and synthetic identity fraud rose 300% in the US in a single year, according to SumSub. Device intelligence matters because it helps fraud teams make earlier, more proportionate decisions without over-relying on signals that attackers can easily spoof.
NHIMG editorial — based on content published by SumSub: Device Intelligence guide for fraud teams
By the numbers:
- In 2025, 44% of fraudsters used developer tools to simulate device behavior.
- Synthetic identity fraud in the US rose 300% in a single year.
Questions worth separating out
Q: How should fraud teams use device intelligence in signup and login decisions?
A: Use device intelligence as one part of a layered decision model.
Q: Why do device signals matter when fraudsters can rotate other identifiers quickly?
A: Device signals matter because email addresses, IPs, phone numbers, and payment details can change quickly, but device behaviour is harder to fake consistently across a full journey.
Q: What do fraud teams get wrong about device data?
A: The biggest mistake is treating device data as a standalone truth source.
Practitioner guidance
- Map device signals to lifecycle stages Define which device indicators matter at signup, login, account recovery, payment, payout, refund, and investigation.
- Combine signals before making hard decisions Require alignment between device, identity, behavioural, and payment evidence before blocking a user.
- Calibrate friction to the abuse pattern Use step-up or manual review for ambiguous cases, and reserve block actions for clear multi-signal abuse.
What's in the full article
SumSub's full guide covers the operational detail this post intentionally leaves for the source:
- A practical playbook for interpreting device data in context across signup, login, recovery, payout, and investigation workflows.
- The six most common mistakes fraud teams make with device data, useful if you are tuning controls and reducing false positives.
- A full fraud lifecycle map showing how device signals should change from registration through refunds and investigations.
- Decision guidance on when to approve, monitor, step up, review, or block based on combined signals.
👉 Read SumSub's guide to device intelligence for fraud decisions →
Device intelligence for fraud teams: are your controls acting early enough?
Explore further
11/06/2026 2:50 am
Device intelligence is now a governance layer, not just a detection layer. The article shows that fraud teams are using device data earlier in the lifecycle because identifiers that used to anchor decisions are easy to rotate. That shifts the control problem from after-the-fact investigation to pre-transaction decisioning. For identity programmes, the practical conclusion is that device context must sit inside access and transaction governance, not beside it.
A few things that frame the scale:
- 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why identity signals become unreliable when governance is fragmented, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: How can teams reduce false positives without missing fraud?
A: Set different thresholds for different lifecycle stages and transaction types. A low-risk login, a new account, and a payout request should not trigger the same response. Good programmes use graduated controls, so only aligned evidence triggers the strongest friction.
👉 Read our full editorial: Device intelligence and fraud decisions across the user lifecycle
