Senior Fraud Executives Sound the Alarm on Device Intelligence Gaps

New survey data from MRC and Identiverse reveals critical vulnerabilities in current fraud prevention strategies

The fraud prevention landscape is reaching a tipping point. As merchants gathered at this year's MRC conference in Las Vegas and security leaders convened at Identiverse, a consistent theme emerged from conversations with senior executives: Traditional device identification methods are no longer keeping pace with sophisticated fraud tactics.

To quantify these challenges, we surveyed 216 merchants at MRC and 178 attendees at Identiverse, focusing on their device intelligence strategies and pain points. The results reveal significant gaps in how businesses identify and track devices…gaps that fraudsters are increasingly exploiting.

The Growing Sophistication of Device-Based Fraud

Today's fraudsters have moved far beyond simple stolen credit cards. They're using residential proxies to mask locations, advanced emulation software to spoof device fingerprints, and coordinated fraud rings that share credentials across global networks.

"When a device logs in from multiple continents within minutes, or when identical device signatures appear across dozens of accounts, you're likely looking at organized fraud," explains one survey respondent, a VP of fraud prevention at a major retailer. "But catching these patterns requires intelligence that most current solutions simply don't provide."

The challenge is compounded by the need to maintain a seamless experience for legitimate customers. A new customer with limited online history might look identical to a fraudster using fresh credentials. Travel, VPN usage and shared family devices create additional complexity.

Survey Findings Highlight Critical Challenges

The survey data underscores the severity of these challenges. When asked about their primary fraud prevention priorities, respondents identified two dominant concerns: stopping chargebacks and preventing account takeover (ATO) attacks.

At MRC, 42% of respondents cited detecting devices used by fraud rings as a key challenge. The Identiverse survey revealed additional pain points, with over a third of respondents struggling with inconsistent or outdated device recognition capabilities.

Perhaps most concerning is the current state of device intelligence adoption. Among MRC respondents, 33% reported using in-house solutions that are often cobbled together from various data points without comprehensive correlation capabilities. Another 18% admitted they have no device intelligence solution in place at all. 

Device intelligence was top of mind for attendees at MRC Vegas.

At Identiverse, 15% said their current solution isn't performing adequately. This finding reveals a material security blind spot for B2C global enterprises with millions of consumers/users. This finding reveals that 15% of companies today, right now, are essentially operating with compromised visibility into who and what is accessing their systems.

Here's a powerful metaphor for you to think about: Imagine 15% of today’s hospitals had broken patient ID systems. Nurses couldn't reliably match patients to their medical records. The consequences would be immediate and severe: wrong medications, incorrect procedures and potential fatalities. Similarly, when device identification fails, big companies risk giving the wrong access to the wrong entities, potentially exposing sensitive data, financial systems or critical infrastructure.

The downstream impact compounds quickly. A single unidentified device that gains unauthorized access can become a pivot point for lateral movement through networks, data exfiltration or ransomware deployment. What starts as a "performance issue" with device identification rapidly escalates into business-critical security incidents that can cost you millions and damage your brand’s reputation permanently.

The Hidden Costs of Inadequate Device Intelligence

These gaps translate directly into financial losses and operational inefficiencies. Survey respondents at MRC identified lack of comprehensive device tracking and historical behavior insights as their top pain point, with 37.5% citing this issue. Without rich historical data, fraud teams are essentially flying blind, unable to distinguish between legitimate customers and sophisticated fraud attempts.

The operational burden is equally significant. Identiverse respondents overwhelmingly identified heavy reliance on manual review as the leading gap in their current approaches. Fraud analysts spend countless hours investigating flagged transactions, often with incomplete information, leading to decision fatigue and inconsistent outcomes.

Account sharing emerged as another growing concern, with more than a quarter of Identiverse respondents using device identification specifically to address this issue. As subscription-based business models proliferate, unauthorized account sharing represents billions of dollars in lost revenue—yet detecting it requires sophisticated device tracking that many big businesses lack.

The Evolution of Device Intelligence

The limitations of current approaches stem partly from their reliance on static device fingerprinting, which is a traditional method that worked when fraudsters were less sophisticated but now proves inadequate. Today, modern fraud rings know how to spoof these fingerprints, rendering legacy detection methods obsolete.

Next-generation device intelligence requires a more nuanced approach. Rather than relying solely on device characteristics that can be faked, advanced solutions analyze behavioral patterns, network characteristics and historical correlations to build a comprehensive risk profile.

This evolution is particularly critical given the rise of synthetic identity fraud and today’s automated attacks in the form of bots and gen AI and tomorrow’s in the form of agentic AI. When fraudsters can generate thousands of fake identities and test them across multiple merchants simultaneously, only dynamic, learning-based systems can keep pace.

Both sets of survey respondents struggle with detecting fraud rings. 

Industry Response and Innovation

The survey results have sparked important conversations about the future of device intelligence. At MRC, several panels focused on the need for more sophisticated approaches to device identification, with particular emphasis on balancing security with customer experience.

One promising approach is dual identification methods that provide both deterministic and probabilistic device identifiers. Probabilistic methods analyze devices in real time without storing personal data, addressing privacy concerns. Deterministic device identifiers, operating in real time, recognize if the device has been seen before based on artifacts placed on the device.

Using both of these identifiers allows for mapping historical behavior analysis, enabling detection of patterns that indicate fraud rings or account compromise.

Leading merchants are also exploring collaborative approaches, sharing anonymized device intelligence in a consortia-like manner to identify fraud patterns across the ecosystem. This network effect dramatically improves detection and decisioning capabilities while maintaining individual privacy.

We need a fundamental rethinking of how we identify and track devices. The old methods simply aren't working anymore.

Looking Ahead: The Path to Better Device Intelligence

The survey results make clear that incremental improvements won't suffice. As one Identiverse respondent noted, "We need a fundamental rethinking of how we identify and track devices. The old methods simply aren't working anymore."

For global businesses that operate with complex infrastructures and sophisticated architectures and are evaluating their device intelligence strategies, the surveys suggest several key considerations:

1. Comprehensive tracking capabilities are essential. Solutions must capture not just device characteristics but behavioral patterns, network attributes, and historical correlations.
2. Automated decision-making must be balanced with human insight. While manual review creates bottlenecks, complete automation without transparency can miss nuanced fraud patterns.
3. Privacy considerations cannot be an afterthought. As regulations tighten globally, device intelligence solutions must provide robust fraud prevention while respecting user privacy.

Taking Action

The message from senior fraud executives is clear: the status quo is unsustainable and today’s biggest weakness. With fraud losses mounting and consumer/user expectations rising, global enterprises need device intelligence solutions that can adapt to evolving threats while maintaining seamless user experiences.

For enterprises recognizing these challenges in their own operations, the first step is assessment. Understanding current gaps and vulnerabilities provides the foundation for improvement. From there, evaluating next-generation solutions that address the specific pain points identified in these surveys becomes critical. This is an “attend to today” issue.

As the fraud landscape continues to evolve, one thing remains certain: device intelligence will play an increasingly central role in distinguishing legitimate customers from bad actors. The question isn't whether to upgrade these capabilities, but how quickly businesses can adapt to stay ahead of increasingly sophisticated threats.

Want to learn how Arkose Labs can help with your device intelligence strategy? Contact us today to see how our device identification solution, Arkose Device ID, can help protect your business and customers.