For years, banks have invested heavily in device recognition and reputation scoring. These tools were built to answer a familiar set of questions: Is this device yours? Is the network risky? What does the device look like? Has it been linked to fraud before?
For a long time, that was enough. In earlier digital banking environments, devices were relatively stable, harder to manipulate at scale, and more closely tied to a single user. Fraudsters typically operated from new or unfamiliar environments, which made anomalies easier to detect. If a login came from a recognized device with a clean history, it was a strong and reliable signal of legitimacy.
In the past, fraudsters tried to avoid detection by operating from obviously different environments, new devices, unfamiliar locations, or inconsistent configurations. Those differences were the very signals banks used to flag risk.
Today, the strategy has flipped. Instead of appearing different, fraudsters work to appear identical. They replicate known devices by stealing cookies, mimic trusted environments, and reuse or fabricate the same attributes banks associate with legitimate users. The goal is no longer to evade signals, but to pass them and to look indistinguishable from a real customer at the device level.
Today’s fraudsters log in from devices that, at first glance, appear legitimate. Banks recognize a familiar phone, a consistent browser, and a checklist of the same signals they’ve trained their systems to trust.
Unfortunately, fraudsters have learned to manipulate and convincingly fabricate those signals. Emulators, device spoofing, cloaked browsers, jailbroken devices, and data-wiping allow bad actors to commit fraud repeatedly from the same physical devices. New technologies like agentic browsers introduce a new challenge by distancing user intent from the device-level signals banks have traditionally used to interpret behavior. At the same time, financial institutions face tighter privacy requirements and growing customer scrutiny over how data is collected and used.
Taken together, these shifts point to a near-future surge of agents, deepfakes, and other AI-driven tools interacting with digital banking platforms at massive scale, testing the limits of all traditional fraud detection and prevention strategies — legacy device identification layers very much included.
When “known device” stops meaning “trusted”
Device recognition is typically treated as a front-door control. It happens at onboarding or login and assumes a known device is a reliable proxy for trust, which, as we’ve already covered, it stopped being years ago.
Take remote access fraud as an example. A fraudster convinces a victim to install a tool “to fix an issue.” From that point on, the fraudster is effectively operating the customer’s device. The device ID matches, the location is consistent, and the fingerprint looks clean. By traditional standards, it’s a trusted session, but in reality, it’s compromised.
Unfortunately, these scenarios are no longer rare. BioCatch’s mid-market customers reported a 55% increase in fraud involving remote access Trojans in 2025, accounting for 15% of total fraud. The FTC reported $15.9 billion in U.S. consumer fraud losses in 2025, more than a 27% increase from the year before.
Device reliability
The issue here is not a lack of device data. Rather, it’s how the data is used. Instead of asking, “Do we recognize this device?” banks need to ask, “Who or what is actually in control of it?” Answering that requires a deeper look at the device itself.
The next step is device reliability. I think of it as a shift from static recognition to continuous validation, combining persistent identification with real-time signals about device integrity, environment, and behavior. Instead of relying on a one-time check at login, banks continuously assess what’s happening on the device throughout every millisecond of every digital banking transaction session: Has anything changed mid-session? Are there signs of remote control, automation, or tampering? Do interaction patterns still align with a human user?
I’ve seen how quickly that context can change. In one case, a customer logged in from a known, trusted device — everything about the session looked normal and low risk. But shortly after login, new signals emerged: a remote access tool was activated, followed by the opening of developer tools and manipulation of the page itself. The scammer altered on-screen content in real time, attempting to convince the customer to initiate a large wire transfer under false pretenses. The device hadn’t changed, but control clearly had. Because those shifts were detected as they happened, the session risk was reevaluated immediately, and the transaction was stopped before funds were sent. That’s the difference — not just recognizing the device at the start, but continuously validating what’s happening on it as the session unfolds.
That balance is what matters, reducing fraud exposure while minimizing step-ups, re-enrollment, and customer friction. Because recognizing the device is no longer the hard part. Trusting what’s happening on it — and who or what is initiating that happening — is.
—
Key takeaways:
- Device recognition is no longer enough: With consumer fraud losses surpassing $12.5 billion in 2024, device recognition and reputation scoring are no longer enough.
- AI is blurring the lines of trust: As AI-driven interactions rise, it’s becoming harder to distinguish human from non-human activity, while remote access fraud and manipulated environments allow compromised sessions to appear legitimate.
- Device reliability is the next step: Combining real-time context, behavior, and integrity signals helps reduce fraud while minimizing friction for legitimate users.
Resources:
- Blog: Three reasons banks must go beyond device identity for fraud detection
- Solution: DeviceIQ
- Report: 2025 Digital Banking Fraud Trends in the United States
- Federal Trade Commission: New FTC Data Show a Big Jump in Reported Losses to Fraud to $12.5 Billion in 2024
- Blog: The value of precision in device intelligence
- Blog: From OTPs to dynamic 2FA: Rethinking device intelligence for Asia’s scamverse
