BioCatch has launched a new device intelligence solution called DeviceIQ, designed to help financial institutions assess the trustworthiness of devices accessing digital banking platforms.
The company developed the product in response to the growing complexity of digital fraud. Traditional device identification methods are becoming less reliable as criminals deploy advanced evasion techniques such as device spoofing, emulators, cloaked browsers, jailbroken devices and data-wiping tools.
The rapid emergence of AI technologies, including agentic browsers and deepfakes, is further complicating the ability of banks to distinguish legitimate users from malicious actors while still meeting strict privacy and data protection expectations.
BioCatch focuses on behavioural biometrics and digital fraud prevention technology, helping financial institutions detect and stop financial crime by analysing the subtle patterns in how users interact with digital services. Its technology is widely used by banks and financial services providers to identify suspicious activity in real time and prevent scams, mule accounts and account takeovers.
DeviceIQ aims to address weaknesses in traditional device identification by enabling banks to recognise devices more reliably and evaluate their security health during every digital banking session. The solution assesses whether a device can be trusted even if it has not previously been recognised, helping institutions detect fraud risks earlier in the customer journey.
The platform includes several capabilities designed to strengthen device intelligence. These include persistent device recognition across web and mobile channels, allowing legitimate device upgrades or banking app reinstalls to be recognised without forcing users through unnecessary revalidation steps. This approach is intended to reduce friction for genuine customers while identifying attempts by criminals to disguise or manipulate device identities.
Another key element is what BioCatch describes as a network effect. Rather than relying solely on blocklists, DeviceIQ draws intelligence from across the BioCatch platform to determine whether a device has previously been associated with scams, mule activity or account takeover attempts.
This broader intelligence allows fraud teams to understand the risk context of a session more quickly and prevent devices linked to fraud at one institution from being used successfully at another.
DeviceIQ can also detect suspicious device activity before a user even attempts to log in. The platform identifies indicators such as jailbroken devices, missing sensors or unauthorised code attempting to intercept or modify mobile banking activity. This enables banks to either block compromised devices outright or flag high-risk sessions before authentication begins.
The product has also been designed with privacy and regulatory compliance in mind. Device identities assigned by the system do not include personally identifiable information such as names, addresses or social security numbers, and user and account data are pseudonymised to protect privacy across different jurisdictions.
Early results from a large financial institution in the US suggest the technology could significantly improve both security and customer experience. During its first two weeks of deployment, DeviceIQ detected nearly 60% of genuine device upgrades, enabling seamless transitions between devices without introducing fraud. At the same time, devices identified as malicious were almost 13 times more likely than trusted devices to have bypassed the institution’s previous device-based defences.
DeviceIQ integrates with the BioCatch Connect platform through a single SDK, combining behavioural, device, transactional and application intelligence into a unified system that provides banks with a more complete view of risk.
BioCatch chief product officer Ayelet Eliezer said, “Many financial institutions today rely on risk signals scattered across a patchwork of device and risk tools from multiple vendors. That fragmentation not only drives up costs, complexity, and maintenance but also reduces efficacy, efficiency, and scalability. DeviceIQ is built directly into the BioCatch Connect platform, enabling banks to evaluate all risk signals in one place, giving them the clarity they need to stop fraud earlier, reduce friction for genuine customers, and prepare for a rapidly approaching AI-driven future.”
The launch also introduces DeviceIQai, an additional security layer designed to help banks understand who or what is operating through a device. The capability differentiates between human-led sessions, hybrid human-agent interactions, legitimate AI automation and fraudulent agentic activity. It can also identify signs of deepfake attacks by detecting the use of virtual cameras, prerecorded media and other tools designed to bypass authentication systems.
IDC research director of risk, financial crime and compliance Sam Abadir said, “The fraud prevention perimeter has moved. Institutions that rely solely on identity signals at login are missing an earlier and increasingly exploitable attack surface. Device-level intelligence collected before authentication gives risk teams a more complete picture of session context, which matters more as agentic AI blurs the line between legitimate automation and account takeover.”
Keep up with all the latest RegTech news here
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
