BioCatch Unveils DeviceIQ to Combat AI-Driven Bank Fraud

NEW YORK, NY – March 11, 2026 – As financial institutions grapple with an onslaught of AI-powered fraud, cybersecurity firm BioCatch today announced the launch of DeviceIQ, a new intelligence product designed to fundamentally redefine how banks assess the trustworthiness of devices in the digital banking ecosystem.

The move comes as traditional device identification methods, long a cornerstone of digital security, prove increasingly unreliable. Criminals are now armed with a sophisticated arsenal of evasion tools, from device emulators and spoofing to AI-powered deepfakes and automated agentic browsers, rendering legacy defenses obsolete and threatening to overwhelm banks with a tsunami of intelligent, automated attacks.

DeviceIQ aims to counter this threat by moving beyond simple device recognition. It provides banks with a real-time evaluation of a device's health and integrity for every session, determining whether a phone or computer can be trusted, regardless of whether it has been seen before.

The New Front Line in Financial Fraud

The landscape of financial crime has undergone a seismic shift. The era of the lone fraudster is being replaced by what experts call the “industrialization of fraud,” where organized criminal networks leverage Fraud-as-a-Service (FaaS) platforms and generative AI to launch attacks at unprecedented scale and speed. These tools enable the creation of hyper-realistic phishing campaigns, automated account takeover attempts, and convincing deepfakes.

Deepfake technology, which can create forged audio and video, has seen explosive growth, with some reports suggesting deepfake-enabled fraud losses could reach tens of billions annually by 2027. These forgeries are used to bypass biometric security checks and socially engineer both customers and bank employees.

Adding another layer of complexity is the rise of agentic AI. These automated agents can interact with banking platforms to perform tasks, blurring the line between legitimate user automation and malicious activity. With projections indicating agentic AI could handle a significant portion of e-commerce within the decade, banks face the challenge of monitoring a massive increase in machine-to-machine interactions that older security systems were never designed to handle.

This new reality renders traditional device fingerprinting—which relies on static attributes like browser version and screen size—dangerously outdated. Fraudsters can easily manipulate these identifiers, making a single malicious device appear as thousands of new, legitimate ones. Furthermore, social engineering scams often weaponize a victim's own trusted device, making device-centric security alone insufficient.

A New Paradigm for Device Trust

BioCatch's DeviceIQ is engineered to operate in this hostile environment by focusing on dynamic risk assessment rather than static identification. One of its core features is Persistent Recognition, which establishes a durable device identity that can recognize legitimate upgrades and app reinstalls. This reduces friction for genuine customers who might otherwise be locked out or forced through cumbersome re-verification processes when they get a new phone.

Simultaneously, this persistence helps spot bad actors attempting to mask their device's history. A pilot program at a large U.S. financial institution highlighted the system's effectiveness: in its first two weeks, DeviceIQ correctly identified nearly 60% of genuine device upgrades, enabling a seamless customer experience. More critically, the same pilot found that malicious devices detected by the platform were nearly 13 times more likely to have evaded the bank's previous device-focused defenses.

DeviceIQ also pushes security to the very beginning of the user journey. Before a customer even enters a password or scans their face, the system can detect high-risk device characteristics, such as evidence of jailbreaking, the presence of unauthorized code designed to intercept app activity, or missing core sensors that suggest the use of an emulator. This allows banks to either block compromised devices outright or flag the session for heightened scrutiny before any sensitive actions are taken.

The Power of the Network and Unified Intelligence

DeviceIQ's strategy extends beyond the individual institution by leveraging a powerful Network Effect. Unlike traditional consortiums that only share static lists of blocked devices, BioCatch's network draws on behavioral and device insights from across its entire suite of solutions. This provides banks with crucial context, such as whether a device has been previously associated with mule accounts, scams, or account takeover activity at another institution.

This “collective AI” approach creates a shared defensive layer, preventing a rogue device flagged at one bank from simply moving on to attack another. To navigate complex privacy regulations like GDPR and CCPA, all data is pseudonymized, ensuring user privacy and regulatory compliance across all geographies.

This capability is integrated directly into the BioCatch Connect platform, which aims to solve the widespread problem of security fragmentation. “Many financial institutions today rely on risk signals scattered across a patchwork of device and risk tools from multiple vendors,” said BioCatch Chief Product Officer Ayelet Eliezer. “That fragmentation not only drives up costs, complexity, and maintenance but also reduces efficacy, efficiency, and scalability. DeviceIQ is built directly into the BioCatch Connect platform, enabling banks to evaluate all risk signals in one place.”

Differentiating Man from Machine-Driven Fraud

Perhaps the most forward-looking component is DeviceIQai, an additional layer designed specifically to address the rise of AI-driven interactions. As both consumers and criminals adopt AI tools, banks must determine not only which device is connecting, but who or what is acting through it.

DeviceIQai gives banks that context by differentiating between various session types: a fully human-led session, a human-agent hybrid session, a legitimate AI agent automating tasks, and a fraudulent agentic session. This allows institutions to embrace the conveniences of AI for genuine customers while recognizing and stopping AI-driven attacks before they can escalate.

The system also directly targets deepfake attempts by detecting tell-tale signs of forgery, such as the use of a virtual camera or the injection of prerecorded audio and video during an authentication process.

This shift in focus to pre-authentication intelligence is critical, according to independent industry analysis. “The fraud prevention perimeter has moved,” noted Sam Abadir, research director of risk, financial crime, and compliance at IDC. “Institutions that rely solely on identity signals at login are missing an earlier and increasingly exploitable attack surface. Device-level intelligence collected before authentication gives risk teams a more complete picture of session context, which matters more as agentic AI blurs the line between legitimate automation and account takeover.”

By providing a more holistic and dynamic view of risk, BioCatch is positioning its solution not just as a defense against current threats, but as a necessary foundation for a future where the distinction between human and artificial intelligence in digital banking is increasingly fluid.