Device Intelligence

SEON's Device Intelligence module provides a powerful toolkit for detecting and preventing fraud in real-time across web and mobile applications. This guide will walk you through integrating our three SDKs—JavaScript, iOS, and Android—and connecting them with the Fraud API for seamless fraud detection. You'll also learn about the configurable data points and how the SDKs enhance decision-making via device fingerprinting.

How SEON’s Device Intelligence Works

SEON’s Device Intelligence integrates at critical stages of the user journey—such as registration, login, checkout, and general usage—to detect and block fraudulent activities. By leveraging device fingerprinting, geolocation, behavioral biometrics, and advanced fraud detection techniques, SEON ensures robust protection against a wide range of fraud threats.

Key Features

• Device Identification & Fingerprinting: Accurately identify and track devices across multiple sessions with unique device identifiers.
  • TrueDevice ID: Persistent device identification across interactions.
  • Device Identification Hashes: Unique cryptographic fingerprints for robust device recognition.
• Device Risk Assessment: Uncover security threats and high-risk behaviors associated with each device. 
  • Behavioural Biometrics: Analyze user interactions to detect suspicious behavior patterns and inconsistencies.
  • Rooted/Jailbroken Detection: Identify compromised environments.
  • Emulator & App Cloning Detection: Flag fake or tampered device setups.
  • System Integrity Checks: Spot environmental anomalies and unauthorized apps.
  • Audio status and volume
  • Remote Access Detection: Prevent fraud facilitated by third-party control tools. Detect Remote Access Tools (RATs), screen sharing, active calls, and signs of unauthorized access.
• Network & Location Analysis: Assess network conditions and geographic indicators to flag risky behavior.
  • Geolocation Analysis: Uses precise geolocation data to detect suspicious access patterns and anomalies with long-lat, zip, city, state, country information. 
  • Network Risk Assessment: Detect VPNs, proxies, and anonymized traffic sources.
• User & Device Preferences: Gain deeper insight into user environment
  • Keyboard layout & timezone settings, cookies & incognito
  • Display settings, brightness, battery level and charging status
• System & Environment: Ensure device authenticity and flag non-standard setups that may indicate fraud.
  • Browser and OS version tracking.
  • Detection of ad blockers, privacy-focused extensions, and other interfering apps.

SDK Integration Overview

JavaScript SDK (Web)

The JavaScript SDK captures real-time device and behavioral data from web platforms.

• Integration Steps
  • Include the SDK in your website using the provided snippet. Check our SDK configuration parameters for customized data collection.
  • Collect the location permissions from the user. (Optional)
  • Initialize the SDK with seon.init() during page load or right after page load for extended data collection. (Optional)
  • Capture sessions with getSession() at critical events (e.g., form submission) to collect Device Fingerprinting Session data, which should be passed to the backend and sent to SEON via the Fraud API or Geofence API.
• Key Data Points
  • Device identifiers: True Device ID, Cookie Hash, Browser Hash, Device Hash
  • Browser fingerprinting: screen resolution, fonts, WebGL, and Canvas fingerprints.
  • Network data: IP address, ISP, connection type and VPN or Proxy analysis.
  • Behavioral data: mouse movements, clicks, and keystrokes analysis.
  • Fraud browser and privacy tools analysis.

Dive into our detailed integration guide JavaScript SDK API Docs and our GitHub integration guide for detailed methods and configurations.

Android SDK

The Android SDK collects in-depth device and network data while seamlessly integrating with native mobile apps.

• Integration Steps
  • Add the SDK to your Native Java or Kotlin project via Gradle. For your React Native or Flutter projects install our plugins with npm for React Native projects and use pub for Flutter apps.
  • Initialize the SDK and create the SDK config object.
  • Collect the necessary permissions from the User for extended data collection.
  • Generate the device fingerprint session.
    • Use startBehaviourMonitoring and stopBehaviourMonitoring to generate sessions with behavior monitoring.
    • Use getFingerprintBase64 method for device fingerprint data without behavior monitoring.
• Key Data Points
  • Device Identifier
  • Device characteristics: OS version, hardware details.
  • Network insights: IP address, geolocation.
  • Device integrity: rooted or tampered devices.
  • Device Risk: screen is being mirrored, active call and RAT detection, emulator detection
  • Behavior data collection for device farm, automation, remote access, vhising and possible on-call detection without READ_PHONE_STATE permission granted. 
  • Geolocation data collection from GPS and location services.
  • Signals of emulated devices or simulated environments.

Dive into our detailed integration guide Android SDK API Docs, and GitHub integration guide for more details.

iOS SDK

The iOS SDK provides comprehensive device data while maintaining optimal app performance.

• Integration Steps
  • Install the SDK via Swift Package Manger, CocoaPods or React Native and Flutter plugin.
  • Configure the SDK.
  • Collect the necessary permissions from the User for extended data collection.
  • Generate the device fingerprint session.
    • Use startBehaviourMonitoring and stopBehaviourMonitoring to generate sessions with behavior monitoring.
    • Use getFingerprintBase64 method for device fingerprint data without Behavior monitoring.
• Key Data Points
  • Device Identifier
  • Device characteristics: OS version, hardware details.
  • Network insights: IP address, geolocation.
  • Device Risk: screen is being mirrored, active call and emulator detection
  • Device integrity: Jailbroken or tampered devices.
  • Behavior data collection for device farm, automation, and vhising detection
  • Geolocation data collection for location data
  • Signals of emulated or simulated environments

Dive in our detailed integration guide iOS SDK API Doc, and our GitHub integration guide for detailed implementation guidance.

Advanced Data Collection

1. Geolocation

• Available: JS, Android and iOS SDK
• Configuration:
  • Enable geolocation in the SDK initialization parameters
  • For Web: Ensure the browser permissions allow geolocation access.
  • For Mobile: Ensure that your application prompts the user to collect the necessary permissions on each platform.
• Use Cases:
  • Geofencing rules for location-based fraud detection.
  • Verifying user-provided location data.
  • Detecting geolocation anomalies and restricted geolocations
• Learn more about geolocation data collection.

Tip: Requesting user permission to collect advanced geolocation data (e.g., via a prompt) supports compliance with Google Play and Apple App Store policies. This is especially important for apps distributed through these platforms, as they require explicit user consent for accessing certain types of location information. Enabling this option can help ensure your app meets store requirements and avoids potential rejections.

2. Behavioral Biometrics

• Available: JS, Android and iOS SDK
• Configuration:
  • Use the related methods in the SDK integration for extended data collection.
  • For web: Target specific UI elements to track user interactions.
  • For mobile: Use startBehaviourMonitoring and stopBehaviourMonitoring around high-value user flows.
• Use Cases:
  • Detect automated or non-human interactions.
  • Identify bot and automation activity and device farms.
• Check out our detailed Knowledge Base for a deep understanding of our Behavior Analysis capabilities Detailed behavioral signals guide.

3. Remote Access Tool (RAT) Detection

• Configuration:
  • Enable Behavior Biometrics Data Collection within the SEON SDK settings to ensure seamless integration and accurate functionality throughout the user flow.
  • On Web SDK configuration, disable silent_mode for more precise results
  • Reach out to our customer success team for a customized solution support@seon.io
  • Ensure all SDK components are up-to-date to utilize the latest RAT detection capabilities.
• Use Cases:
  • Flag sessions initiated from remote access tools.
  • Detect high-risk environments for additional verification.
• Check out our detailed Knowledge Base article for RAT detection.

4. Suspicious Flags

• Configuration:
  • Use the Fraud API response to access suspicious signals and risk flags under the suspicious_flags response array. Behavior monitoring will give access to even more suspicious flags related to device farm, remote access and suspicious user interaction signals.
• Use Cases:
  • Customize rules to block or flag suspicious activity.

Learn more about the available suspicious flags in our Fraud API documentation.

Understanding Sessions

Device Fingerprinting Sessions encapsulate all collected data points (e.g., device, network, behavioral) and serve as the primary input for SEON’s Fraud API. A session ID is a unique identifier generated(web) or set(native) in the SDKs to represent a user’s interaction with your application or website.

How to Generate and Use Sessions

1. Generating Session ID
   • JS SDK unique session ID is generated by SEON in the JS SDK
   • Android and iOS SDK unique session IDs that should be generated on the user’s side upon initialization. 
2. Session Initialization:
   • Web: Use getSession() to generate fingerprint session, optional extended seon.init() before session generation for Behavior data collection.
   • Mobile (Android/iOS):  getFingerprintBase64() optional extended Behaviour data collection before session generation.
3. Sending Sessions to the Fraud API:
   • Pass the resulting Base64 session to the backend to trigger a server-side Fraud API call.
   • Include the Session in the API request payload under the session parameter.
   • Fraud API documentation for additional details.
   • Example payload:

{  //Fraud API request
"config": {
    "user_id": "00ab11-as2233",
    "device_fingerprinting": true
    "device_fingerprinting": {
            "include": "extended_device_location"
        }
  },
  "session": "encyrpted session data generated by seon"
}

4. Session Lifecycle:

• A session remains valid as long as the user’s environment remains unchanged. For legitimate users, sessions typically persist unless there is a software update, a browser change, or presence of privacy tools. 
• However, fraud prevention requires capturing the most up-to-date data, especially before critical actions such as login or money transfers. 
• Fraudsters may alter their environment dynamically—such as initiating a remote control session right before a transaction—making previously collected session data outdated. To mitigate this, it is recommended to refresh session data before high-risk interactions.

How Device Intelligence SDKs Work with the Fraud API

SEON's Proprietary API unifies email, phone number, IP, AML, and device intelligence into a single endpoint, enabling streamlined requests and delivering enriched data, custom rules, and fraud scores in one API call.Refer to the Fraud API documentation for API details.

Data Collection: Each SDK collects a rich set of device, network, and behavioral data. This data is encrypted and sent to SEON in a server-side request to theFraud API.

Real-Time Analysis:

• Fraud API processes the data, identifying anomalies and patterns.
• Flags suspicious activity (e.g., use of VPNs or emulators).

Risk Scoring:

• Data is evaluated against default and custom rules in the scoring engine.
• Generates a risk score for each session, aiding real-time decisions.

Results and Action:

• Clients receive the response with risk scores and flags.
• Actions such as approving, blocking, or requesting additional verification can be automated.

How can I view Fraud API transactions with Device Intelligence sessions?

Platform:

• Visualize and analyze device sessions effortlessly.
• Find connected accounts or unseen devices used under the same account
• Adjust geofencing and behavioral rules based on session insights.
• Monitor suspicious patterns to strengthen fraud prevention.
• Learn more about the Admin Device Widget here.

Scoring Engine:

• Build custom rules leveraging geolocation, behavioral data, or suspicious flags.
• Applied rule names and IDs are returned in the API response.
• Refine rules to adapt to evolving fraud tactics.
• Explore the Rule Engine here.

How Device Intelligence SDKs Work with the Geofence API

SEON’s Geofence API integrates with Device Intelligence SDKs to provide real-time geolocation analysis, customizable geofences, and compliance-ready location data.

Key Features

• Cross-Platform Support: Compatible with the latest Device Intelligence SDKs.
• Real-Time Monitoring: Analyze device locations relative to predefined geofences.
• Customizable Geofences: Define geofences by country, city, or radius-based zones.

How It Works

1. Integration: Add the Device Intelligence SDK to your app.
2. API Call: Similarly to Fraud API, send the encrypted session including the geolocation data to the Geofence API for server-side analysis.Include the session in the server-side API request payload under the session parameter.
3. Response Handling: Act on API responses to manage geofence interactions.

Geofence API integration overview

The standalone Geofence API integrates effortlessly with SEON’s Device Intelligence SDKs to analyze device geolocation against predefined geofences. It provides accurate, compliance-ready location data and insights into location behavior, enabling businesses to enhance security, manage geofence interactions, and improve operational efficiency.

Refer to the Geofence API documentation for API details.

Did you know: The API supports compliance with Brazil’s Ordinance No. 722/2024 and adapts to global geofencing needs. Contact support@seon.io for tailored configurations or visit our documentation for integration details.

For more information, explore the Device Fingerprinting Overview documentation.