Detecting suspicious environments is a paradigm shift Featured Image

Detecting suspicious environments is a paradigm shift

Discover how detecting suspicious environments reveals new connections between fraudulent activity and allows you to stop fraud before it happens.

Most of us use online platforms and services every day without even thinking about it–banking apps, ecommerce platforms, email services, and more. 

Unfortunately, online services and commerce platforms that create convenience and opportunity for the average person also create a virtual treasure trove of attack vectors for fraudsters and other bad actors. 

While legacy fraud prevention solutions like password authentication and device fingerprinting were yesterday’s favorite solutions, it’s clear that we need to evolve to keep pace with developing technology and the threat actors who wield it to take advantage. 

Used effectively, location technology is a great example of this evolution in action. Location has the power to bridge the gap between convenience and fraud defense. Specifically, the ability to detect and protect against suspicious locations opens the door for an exciting shift in fraud prevention strategy.

Suspicious environments: targeting how fraudsters operate 

Weeding out fraudsters often feels like a giant game of Whack-a-Mole. Many fraudsters are repeat offenders: they might have dozens of devices in addition to app cloners and tampering tools. They might operate on multiple different platforms at a time. The fraudster’s game plan is all about maximum profit for minimum time and resource investment.

So, what kind of footholds does this M.O. give us as fraud fighters? Put simply, it makes fraudsters more predictable. It means that their behavioral patterns give fraud fighters a useful way to leverage signals like location and device intelligence. 

We know that many fraudsters operate with multiple devices. So let’s imagine a scenario where a single bad actor has a dozen devices. On each device, they’re running a food delivery app and taking advantage of promotions, new sign-up codes, and other credits. They might also be running multiple instances of the app on each of their devices. Whenever fraud detection algorithms find and delete one of their accounts, they evade the ban by factory resetting the device and getting right back down to business.

Legacy device fingerprinting solutions don’t offer a solution to these challenges.

With the added context of location environments, however, the power dynamic shifts.

Imagine that you see a cluster of devices in a specific location environment. One iPhone 12 commits fraud and is banned from transacting on your app. Then a short time later, a brand new, squeaky clean iPhone 12 attempts to register a new account from the same location environment where the previous iPhone 12 was blocked.

It doesn’t take a rocket scientist to figure out what’s happening. Not only should the device be blocked, but the entire location could be blocked to save you time and resources that might have otherwise been spent cutting off Hydra heads. 

The same principle still applies if you add more people and devices. For example, in the iGaming space, fraud rings and collusion are a concern for online poker operators. Players spoof their location, pretend to be strangers, and join an online poker game, only to collude behind the scenes and tip the game in their favor. This is unfair to the other legitimate players, but also to the app, which relies on user trust to stay in business. 

Tamper-resistant, highly accurate location technology like what Incognia provides can detect that these users’ devices are related and in the same location, allowing the fraud ring to be blocked before any fair players get scammed out of their chips. 

That’s the idea behind a suspicious environment: using location to reveal relationships between devices, users, and app instances. Using this approach, you don’t have to wait until a device commits fraud to take action—you can stay far ahead of the curve. 

Why detecting suspicious environments is valuable

Being able to detect and classify locations as suspicious (and automatically categorize the devices within them as higher-risk) comes with three main benefits to consider. 


Being able to detect suspicious environments and locations helps reveal the connections between accounts, users, and devices. For example, what may seem like many different individuals using a promo code may actually turn out to be one individual with a dozen devices. This distinction is a lot easier to make when you can see all dozen devices operating within the same apartment-sized location environment. 

Using an environment mapping approach also means lower false positives through higher accuracy. If you attempted to use GPS to block a suspicious location that happened to be in an apartment or office building, you’d have no choice but to block the entire building, creating dozens or even hundreds of false positives. But with place-level precision, blocking individual locations is both possible and incredibly useful. 


The best type of fraud will always be the fraud that doesn’t happen. If a new device suddenly appears in a location associated with several other high-risk devices, the probability of that device also engaging in fraud or abuse is pretty high. When you can preemptively decide to block or impose additional challenges on devices in these high-risk environments, you put a major damper on a fraudster’s ability to take advantage of the platform at scale. 


Fraudsters evolve and change tactics incredibly quickly, which means that fraud prevention professionals are often playing catch-up as they try to manage new and existing threats. When you can see hotspots of fraudulent or high-risk activity—”fraud headquarters” as I like to call them—you can take action sooner and act more quickly in the face of new attack vectors. This gives fraud fighters a critical upper hand. 

Fraud fighting is a game of cat and mouse, so it requires constant consideration of new, innovative solutions like suspicious environments in order to keep fraudsters on the defensive.

Incognia’s technology is already taking advantage of these innovations to support our customers: for example, with our Suspicious Locations feature, we have the power to assess risk not only based on location and device integrity checks, but also on the relationship between devices, users, and locations. 

Put simply, if a new sign up comes from a device connected to the same WiFi router as a dozen high-risk devices, it’s safe to assume that the new device is also high risk. Armed with this perspective, fraud prevention decision makers don’t have to sit and wait around for fraud to happen before acting. 

Detecting suspicious environments and identifying related devices gives you new powers for fighting digital fraud. By analyzing the physical proximity of high-risk devices, you can uncover the hidden connections between fraud activities, take preemptive actions, and stop fraud from scaling on your platform.