It’s getting harder and harder to tell the difference between a fake visitor to your website or app and a real one. Using multi-accounting browsers, fraudsters can pretend to be many different people. And for just $150 per month, fraudsters can subscribe to AI-powered fraud-as-a-service tools like AtlantisIO, getting access to millions of stolen credentials on over 140 online services. They can then use these credentials together with VPNs and residential proxies to carry out a host of fraud schemes, including one of the most devastating: account takeovers (ATO).
ATO affected 83% of businesses and cost consumers $13 billion in 2023. As AI tools make these attacks easier to scale with minimal technical knowledge, businesses need to better understand the whole picture of an attacker, including their behavior, their profiles, and the very devices they use.
What Is Device Intelligence?
In order to be more effective in their fight against fraud, companies need the ability to look beyond digital identities to the devices using them. Like body language and vocal inflection add context to face-to-face conversations, devices transmit signals in order to effectively power browser-server interactions. Device intelligence captures and analyzes these hardware and software configuration signals, including:
- Browser type and version
- Operating system
- IP address
- Keyboard layout
- Installed fonts
- Screen resolution
- VPN or incognito mode usage
- Browser encryption methods
- Audio processing characteristics
- Graphics rendering capabilities
Effective signals must be both consistent (stable over time for individual devices) and variable (different enough across devices to be distinguishing). While no single signal is sufficient, combining over 100 signals creates a unique device profile; essentially, a digital fingerprint that can identify one device among billions.
Device intelligence is not spyware. It doesn’t access personal files, messages, photos, search history, or contact information. It simply recognizes device signal combinations to differentiate one device from another, often with additional privacy measures like hashed IP addresses.
The Evolution of Device Intelligence
Device fingerprinting emerged in the late 2000s as browser APIs (a web-based tool that allows users to explore and test data without needing to write code) exposed more device-specific information. Two trends drove its development:
1. Cookie limitations: Privacy concerns led to cookie blocking and private browsing modes, rendering cookies less effective for identification and necessitating solutions based on device characteristics rather than stored data.
2. Browser complexity: HTML5 (2008) introduced sophisticated browser-website interactions requiring more information about device hardware capabilities, creating additional signals for device differentiation.
Paradoxically, the increasingly complex internet has made device identification easier through richer device signals. These JavaScript-based signals create stable identifiers lasting months or years and are more resilient than single-source identification methods like IP recognition, which can be easily masked.
Applications of Device Intelligence
Device intelligence enables two key capabilities:
1. Device behavior profiling: Detects suspicious activities like logging into multiple accounts from one device or testing numerous credit cards.
2. Signal-based risk assessment: Identify users who may not be who or where they claim to be, using combinations of signals such as VPN usage or browser tampering.
These capabilities help prevent many different fraud types, including account takeovers, multi-accounting fraud, regional pricing abuse, account sharing, return policy fraud, coupon and promo abuse, SMS pumping schemes, brute force attacks, bot attacks, and location spoofing. Conversely, device intelligence can enhance user experience by recognizing returning legitimate customers and reducing unnecessary security steps.
Building Effective Device Intelligence
Good device intelligence isn’t just about adding more signals. It’s about learning how to balance them so the identifier assigned to each device will persist over time while remaining resilient when individual signals change. For instance, using every available signal maximizes certainty but makes profiling vulnerable to any signal change. In contrast, using fewer, more stable signals improves profiling but may reduce uniqueness.
So the real challenge lies in creating identifiers that maintain their resilience even as browsers update, hardware configurations change, or users modify their settings. This requires research, trial and error, and a determination to continuously refine the approach.
A good device intelligence solution can be a powerful tool, enabling organizations to carefully balance security with user experience, and minimize false alarms. This balance requires sophisticated engineering approaches. Device intelligence solutions often begin with browser fingerprinting techniques and, increasingly, incorporate server-side analysis, which can improve accuracy and resilience to changes in device behavior.
Many organizations developing device intelligence solutions rely on cross-disciplinary teams that include diverse experts: academic researchers, reverse engineering specialists, security professionals, and hardware specialists who meticulously study browser and device behavior. To emphasize, device intelligence focuses on security rather than advertising purposes. These teams work on the following:
1. Technical innovation: Browsers and mobile OSes are constantly evolving. When these browser updates happen, engineers develop mathematical techniques to stabilize signals despite the changes.
2. Pattern detection: Analyzing millions of daily device identifications to spot unusual patterns that might indicate new attack techniques.
The Growing Need for Device Intelligence
With malicious bots accounting for one-third of all internet traffic and online fraud projected to grow 141% from 2024 to 2029, device intelligence offers a critical defense against rapidly evolving threats. As AI-driven scams fuel synthetic identity theft, account takeovers, and credit card fraud, the ability to identify devices through their unique digital DNA has become an essential weapon in the cybersecurity arsenal. Security teams should evaluate device intelligence as part of a layered defense strategy, continuously adapting to emerging fraud patterns.
Join our LinkedIn group Information Security Community!
