BioCatch has announced the launch of DeviceIQ, a comprehensive new device identification and intelligence product that transforms how financial institutions evaluate the trustworthiness of devices used for digital banking.
Traditional device identification has grown increasingly unreliable. Criminals utilize sophisticated evasion techniques (emulators, device spoofing, cloaked browsers, jailbroken devices, and data-wiping) to commit fraud repeatedly from the same physical devices. New technologies like agentic browsers add another layer of complexity by separating a user’s actions from the device signals on which banks rely to understand that activity.
At the same time, financial institutions must comply with increasingly stringent privacy protections and customer expectations around data usage. Together, these forces combine to create an incoming tsunami of agents, deepfakes, and other AI tools poised to very soon start interacting with digital banking platforms at unprecedented scale, testing the limits of traditional fraud detection and prevention strategies.
DeviceIQ includes a series of capabilities designed to help banks not only reliably recognize devices in this environment but also evaluate real-time device health, re-determining for every digital banking session whether a device, recognized or not, can be trusted. The depth and richness of these device insights allow banks to more accurately detect fraud risk earlier in every digital banking journey.
Key capabilities:
- Persistent recognition: DeviceIQ establishes a persistent device identity across web and mobile environments, recognizing legitimate device upgrades and banking app reinstalls without unnecessarily prompting users to re‑validate their devices. This minimizes friction for genuine users while also identifying attempts by bad actors to manipulate or mask the identity of their devices to gain unauthorized access to user accounts.
- The network effect: Unlike traditional device networks that share only lists of blocked devices with member institutions, DeviceIQ draws on insights from across BioCatch’s entire suite of solutions. This gives financial institutions context on whether a device has previously been used for mule, scams, or account takeover activity, preventing rogue devices seen at one bank from accessing accounts at another and enabling fraud teams to make more confident decisions by understanding more quickly why a session is risky.
- Stopping criminals before login: Before a user can even scan their face or manually enter a password, DeviceIQ detects jailbroken devices, missing core sensors, unauthorized code attempting to intercept, monitor, or modify digital banking app activity, and other indicators suggesting a high likelihood of fraud. This enables financial institutions to either deny compromised devices from ever accessing their digital banking platforms or flag a session as suspicious before it even starts.
- Full compliance: Assigned device identities meet regulatory, security, and privacy requirements in all geographies. DeviceIQ doesn’t collect any names, addresses, or social security numbers. Both user and account data are pseudonymized to guarantee and maintain user privacy.
At one large financial institution in the U.S., DeviceIQ detected nearly 60% of device upgrades for genuine users in just its first two weeks of deployment, enabling a seamless transfer from old to new devices with zero fraud allowed. At that same institution, bad devices detected by DeviceIQ were nearly 13 times more likely than good devices to have evaded the institution’s previous device-focused defenses.
A single SDK connects DeviceIQ to the BioCatch Connect platform, unifying behavioral, device, transactional, and application intelligence in one place to provide banks with a more holistic view of risk.
“Many financial institutions today rely on risk signals scattered across a patchwork of device and risk tools from multiple vendors,” BioCatch Chief Product Officer Ayelet Eliezer said. “That fragmentation not only drives up costs, complexity, and maintenance but also reduces efficacy, efficiency, and scalability. DeviceIQ is built directly into the BioCatch Connect platform, enabling banks to evaluate all risk signals in one place, giving them the clarity they need to stop fraud earlier, reduce friction for genuine customers, and prepare for a rapidly approaching AI-driven future.”
With consumers and criminals increasingly using AI-powered tools to assist or automate digital interactions, banks must determine not only which devices access their services but also who or what is acting through those devices. DeviceIQai adds an additional layer of protection to give banks that context:
- Differentiating between human-led sessions, human-agent hybrid sessions, genuine agentic AI sessions, and fraudulent agentic sessions, allowing banks to recognize AI-driven activities before they escalate into fraud, while allowing genuine users to take advantage of agentic AI tools for automating their digital banking
- Flagging potential deepfakes by recognizing the use of a virtual camera, prerecorded audio, video, or images, and other criminal efforts to overcome an institution’s methods of user authentication
“The fraud prevention perimeter has moved,” said Sam Abadir, research director of risk, financial crime, and compliance at IDC. “Institutions that rely solely on identity signals at login are missing an earlier and increasingly exploitable attack surface. Device-level intelligence collected before authentication gives risk teams a more complete picture of session context, which matters more as agentic AI blurs the line between legitimate automation and account takeover.”
