Every year, millions of users upgrade their devices. Banks treat many of those upgraded devices as unknown users. The new device goes unrecognized, triggering step-ups, re-enrollment, and unnecessary friction. Fraudsters exploit the same ambiguity, masking their identity behind a new device to appear like a genuine upgrading customer. Telling the two apart is where most device-based controls fall short.
The challenge
When a user upgrades their device, traditional device identification breaks. The new device has no history, no prior binding, and no recognition, so banks respond with enforced re-enrollment, one-time password requests, and manual reviews. This creates friction for genuine customers who have simply bought a new device, while fraudsters rotating or cloning devices exploit the same ambiguity to appear legitimate. Each false positive increases re-verification costs and customer service burden. Each false negative increases loss exposure.


How we solve for it
BioCatch recognizes genuine device upgrades by comparing signals from old and new devices, device intelligence, and device age and history. When these signals align, the customer is recognized on their new device without re-enrollment or step-ups. When a device change does not align with genuine upgrade patterns, BioCatch checks for integrity signals including active VPN, tampered applications, and compromised device environments. Genuine customers move through on their first login without unnecessary friction. Fraudulent device registrations are flagged before any access is granted.
How intent reveals itself
Device upgrade recognition
A new device carrying signals consistent with the account holder's previous device indicates a genuine upgrade rather than an attempt to establish fraudulent access under a new identifier.
Established
device trust
A known device with established age at both the user and bank level handing off to a new one indicates a legitimate transition, while an unknown device appearing without prior history indicates elevated risk.
Pre-login device
verification
A device environment free of jailbroken systems, emulated environments, remote access tools, and spoofing attempts before the session begins indicates a genuine customer on an uncompromised device.
Synthesized intelligence:
Unified Collection. Continuous Telemetry. Behavioral Sequencing. Predictive Analysis. Real-time Decisioning.
No vendor has ever deployed behavioral intelligence at the scale we've proven possible. We continuously analyze more user sessions (16 billion and counting), collect more signals (3,000 plus), deliver more trusted insights, and protect more digital banking customers (more than half a billion) than any other behavior-centric digital-fraud-prevention solution provider. And we do it in the context of their device, the applications they use, and their transactional tendencies to deliver a trusted and accurate signal for a frictionless and secure customer experience.




