# Device Intelligence

### Device Intelligence Overview

The Device Intelligence check uses **device fingerprinting** and **device risk signals** to detect fraud. It inspects the device and network connection to identify tampering, automation, and suspicious behavior.

This service helps ensure that only **trusted and genuine devices** are used during customer onboarding.

It supports a range of device types, including:

* Mobile phones
* Tablets
* Laptops and desktop PCs
* Kiosks and POS terminals

{% hint style="info" %}
[Learn about the Device Intelligence Checks API.](/documentation/api-reference/check-types/device-intelligence-check.md)
{% endhint %}

### Common use cases

Use Device Intelligence to reduce fraud across key customer journeys:

* **KYC onboarding and account opening**: Spot high-risk devices early in your [Workflows](/documentation/product-guides/compliance-studio/workflows.md).
* **Account takeover (ATO)**: Detect unusual device fingerprints and network changes.
* **Bot protection**: Identify automated sessions and scripted sign-ups.
* **Promo and referral abuse**: Flag device reuse across multiple accounts.

### Analysis performed

The check performs device, network, and bot risk assessments. It also tracks signals over time to identify repeat fraud patterns.

**Detailed verification checks**

<table><thead><tr><th width="204.53515625">Analysis</th><th>Verifications Performed</th></tr></thead><tbody><tr><td><strong>Device Analysis</strong></td><td><ul><li><strong>Previously enrolled device</strong>: Flags devices reused across multiple customer accounts.</li><li><strong>Emulator detection</strong>: Flags attempts to use virtualized or emulated devices.</li><li><strong>Rooted/Jailbroken device</strong>: Detects compromised operating systems with escalated privileges.</li><li><strong>Cloned app</strong>: Identifies duplicate or cloned versions of applications.</li><li><strong>Browser tampering</strong>: Detects altered or suspicious browser setups.</li><li><strong>Virtual machine</strong>: Flags devices running inside virtual environments.</li><li><strong>Location spoofing</strong>: Detects falsified or masked geolocation signals.</li><li><strong>Frida detection</strong>: Detects mobile debugging and manipulation frameworks.</li></ul></td></tr><tr><td><strong>Network Analysis</strong></td><td><ul><li><strong>VPN detection</strong>: Identifies usage of Virtual Private Networks.</li><li><strong>Relay detection</strong>: Detects relay service providers.</li></ul></td></tr><tr><td><strong>Bot Analysis</strong></td><td><ul><li><strong>Bot detection</strong>: Detects whether sessions are automated or bot-driven.</li></ul></td></tr><tr><td><strong>Timeline Analysis</strong></td><td><ul><li><strong>Device timeline analysis</strong>: Monitors device behavior patterns across sessions.</li><li><strong>Network timeline analysis</strong>: Tracks network usage over time to spot anomalies.</li></ul></td></tr></tbody></table>

### Sample result

The example below shows a representative Device Intelligence result for device, network, and bot risk outcomes.

Use it to see how device signals, fraud indicators, and verification findings may appear in a Device Intelligence report.

<figure><img src="/files/Qkc8M73J3zgdUuTanudC" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
This example is illustrative. Exact fields, values, and layout may vary by workflow, configuration, and result.
{% endhint %}

### Check duration

A Device Intelligence Check takes an average of **2 seconds** to complete.

### Frequently asked questions

<details>

<summary>What is Device Intelligence in fraud prevention?</summary>

Device Intelligence uses **device fingerprinting** and **risk signals** to detect suspicious devices, networks, and sessions.

It helps identify fraud before or during onboarding.

</details>

<details>

<summary>What does device fingerprinting detect?</summary>

Device fingerprinting helps identify whether a device has been seen before and whether it shows signs of tampering or abuse.

It can surface patterns linked to repeated fraud, multi-accounting, and suspicious session behavior.

</details>

<details>

<summary>What fraud signals can Device Intelligence detect, such as VPNs, emulators, and rooted devices?</summary>

Yes.

Device Intelligence can detect signals such as **VPN usage**, **emulators**, **virtual machines**, **rooted or jailbroken devices**, **browser tampering**, and **location spoofing**.

</details>

<details>

<summary>Can Device Intelligence help prevent multi-account abuse?</summary>

Yes.

It helps flag **device reuse**, suspicious device changes, bot activity, and other signals linked to **account takeover**, **promo abuse**, and **duplicate accounts**.

</details>

<details>

<summary>Should I combine Device Intelligence with Email Intelligence and Mobile Intelligence checks?</summary>

Yes.

Device Intelligence works well with [Email Intelligence](/documentation/product-guides/digital-fraud-intelligence/email-intelligence-check.md) and [Mobile Intelligence](/documentation/product-guides/digital-fraud-intelligence/mobile-intelligence-check.md) when you want to assess **device**, **email**, and **phone number** risk together.

You can also combine them with checks such as [Document Check](/documentation/product-guides/identity-verification/document-check.md), [Identity Check](/documentation/product-guides/biometric-and-liveness-verification/identity-check.md), and [AML Screening Check](/documentation/product-guides/watchlist-pep-and-adverse-media/aml-screening-check.md) for broader fraud and compliance coverage.

</details>

### Related checks

Combine Device Intelligence with other fraud intelligence signals:

* [Email Intelligence](/documentation/product-guides/digital-fraud-intelligence/email-intelligence-check.md) for email reputation and threat signals, including disposable email detection and breach exposure.
* [Mobile Intelligence](/documentation/product-guides/digital-fraud-intelligence/mobile-intelligence-check.md) for phone number risk scoring and reputation signals.

### Related topics <a href="#related-topics" id="related-topics"></a>

Use these to run Device Intelligence Check inside a broader KYC orchestration and decisioning:

* [Workflows](/documentation/product-guides/compliance-studio/workflows.md) to orchestrate verification checks into a unified customer journey.
* [Policies](/documentation/product-guides/compliance-studio/policies.md) to enforce consistent decision logic across different journeys.
* [Advanced Case Management](/documentation/product-guides/due-diligence-tools/advanced-case-management.md) to handle exceptions, assign tasks, and manage reviewer decisions.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.complycube.com/documentation/product-guides/digital-fraud-intelligence/device-intelligence-check.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.