Device intelligence gaps and account takeover risk in fraud teams

TL;DR: A survey of 216 merchants and 178 Identiverse attendees found that fraud teams are struggling with outdated device recognition, manual review overload, and limited historical tracking as fraud rings use proxies, emulation, and coordinated identities to evade detection, according to Arkose Labs. The governance issue is not just detection quality, but whether device intelligence can still distinguish legitimate behaviour from adversarial activity at scale.

NHIMG editorial — based on content published by Arkose Labs: Device ID Senior Fraud Executives Sound the Alarm on Device Intelligence Gaps

By the numbers:

• 216 merchants at MRC and 178 attendees at Identiverse were surveyed on device intelligence strategies and pain points.
• At MRC, 42% of respondents cited detecting devices used by fraud rings as a key challenge.
• Among MRC respondents, 33% reported using in-house solutions that are often cobbled together from various data points without comprehensive correlation capabilities.

Questions worth separating out

Q: How should fraud teams improve device intelligence for account takeover defence?

A: Fraud teams should combine deterministic identifiers, probabilistic signals, behavioural context, and historical correlation before making a decision.

Q: Why do static device fingerprints fail against modern fraud rings?

A: Static fingerprints fail because attackers can spoof device attributes, rotate proxies, and reuse infrastructure across many accounts while appearing consistent enough to bypass simple matching.

Q: When should organisations move beyond manual review for device-based fraud?

A: Organisations should move beyond manual review when analysts are spending most of their time cleaning up weak signals instead of resolving genuinely ambiguous cases.

Practitioner guidance

• Replace single-signal fingerprinting Correlate device, network, behavioural, and historical signals before assigning trust so spoofed fingerprints do not dominate decisions.
• Reduce dependence on manual review Reserve analysts for exceptions that have strong supporting evidence, rather than using human review as the primary decision layer for every flagged session.
• Build fraud-ring detection into device policy Look for the same device signature across many accounts, sudden geography shifts, and repeated credential sharing patterns that indicate coordinated abuse.

What's in the full article

Arkose Labs' full analysis covers the operational detail this post intentionally leaves for the source:

• Survey breakouts from MRC and Identiverse on how merchants and security leaders prioritise fraud detection challenges.
• Discussion of deterministic versus probabilistic device identifiers and how each supports real-time decisioning.
• Examples of how collaborative device intelligence sharing can improve detection across the ecosystem while preserving privacy.
• Additional detail on the survey respondents' biggest operational pain points, including historical tracking and manual review load.

👉 Read Arkose Labs' analysis of device intelligence gaps and fraud risk →

Device intelligence gaps and account takeover risk in fraud teams?

Explore further

View Full Forum →  |  NHI Foundation Course →