André Ferraz

Zero fraud cases. +70% increase in onboarding conversion rates. A leading LATAM bank was losing the battle against mule accounts. The challenge is that the fraud is invisible at onboarding. The real person opens the account, passes every check. By the time the fraud happens, onboarding is long over. When we integrated with this bank, we started looking at where devices were actually being used—not just GPS or IP, which are too imprecise to be actionable. Incognia's location technology locates a device within 10 feet. Enough to differentiate between floors and apartments in the same building. That's when the pattern became obvious. 📍 One apartment. A high concentration of devices opening and accessing accounts from the exact same location. A fraud farm. So, we blocked it. But the same signal that caught the fraud farm also cleared the path for legitimate users. By matching users' stated addresses to their real device location behavior, we gave the bank the confidence to approve more legitimate accounts faster. The result after several months: every account we flagged as low risk had zero reported fraud cases. Not a single one. Full case study: hubs.li/Q047JRs10

Just wrapped MRC 2026: Incognia’s best yet, by far. Booth packed with enterprise buyers, calendar full of strategic meetings, energy = urgency, not curiosity. AI fraud is here now. Digital signals faked at scale. Market urgently seeking new trust foundation. That’s why they’re coming to us. Incognia is grounded in physical reality—AI can’t fake it. Market response: → 200%+ rev growth 2025 → 180% NRR, 99% GRR → 100% conversion from live POV to customer → 57% cumulative conversion from the 1st meeting to closed deal → 12x avg ROI → 7:1 LTV/CAC → Breakeven <10 salespeople → Undefeated in head-to-heads Competitors had billboards everywhere. We had zero. No big brand spend, no brute-force GTM—just strong pull, efficient sales, winning product. Most scale by burning cash. We’re scaling via demand, retention, efficiency & win rate. Lean team, no billboards, these numbers? Imagine what’s next. Proud of the team. Grateful to customers/partners betting on us. Excited for what’s ahead.

Every step-up challenge asks: is this really you? When a user is socially engineered, the answer is yes, it really is them. And that's the problem. The challenge can't tell the difference between a user who understands what they're approving, and one who's been deceived into it. A fraudster sends a phishing message, the victim approves the step-up challenge on their mobile device, and access to their web session is granted—through the exact flow that was supposed to stop it. But here's what's not being looked at: location validation. Is the mobile device approving the challenge in the same physical location as the web session being authorized? If they’re not, something is off. That's the check Cross Device Authentication adds—inside the existing step-up flow, with no additional action required from the user. Location validation runs across two signals: 1️⃣ Network comparison: are both devices on the same network? 2️⃣ When that's not conclusive, Incognia's proprietary IP-to-location mapping takes over. Built from tamper-proof location data across millions of mobile devices, it estimates the physical location of the web session without relying on browser permissions and unreliable IP-location databases. That estimate is compared against the GPS-verified location of the mobile device. If the distance exceeds a certain threshold, the session is flagged as high-risk. We're already live with a major financial institution, with more deployments underway. The physical distance between an attacker's web session and a victim's mobile device has always been a signal. Cross Device Authentication makes it actionable. More info: hubs.li/Q0478M6w0

$1 a day. Passes Google Play Integrity Checks. This is VMOS Magic Box. A virtual Android service that mimics real devices—201 models to choose from—and passes Google's tamper detection completely undetected. Google Play Integrity is a legitimate tool. It's free, it's built into Android, and developers should use it. Apple offers something similar on iOS. But here's the irony. These tamper detection features themselves are vulnerable to tampering. Fraudsters often move faster than operating systems. By the time a technique is being patched at the OS level, its vulnerability is already being sold as a subscription. This is why OS-level signals alone are not sufficient. Not for tamper detection. Not for device security. Not for fraud prevention in general. Incognia uses these signals, by the way. But we know they're not 100% reliable. Which is why they can't be the only layer.

Incognia is partnering with Cabify, a leading mobility platform operating across 6 countries and over 40 cities 👏 79% of Cabify users choose the platform because it offers additional security guarantees. When safety is a core value proposition, fraud doesn't just cost money. It costs users. As attacks become more sophisticated and harder to detect with traditional tools, we’re working together to address fraud vectors hitting mobility platforms hardest: → Advanced location spoofing → Promo and coupon abuse → Ban evasion → Driver account sharing Trust and safety are foundational to the mobility experience. We're proud to be part of protecting it. Full press release: hubs.li/Q046CxRl0

A device farm kit costs about $100 per box. Plug in the phones, run the scripts, factory reset in 30 seconds—brand new device, brand new identity. Repeat. 100+ accounts on a platform. In minutes. There are thousands of videos like this on TikTok. This one has over 12 million views. This isn't niche anymore. And many platforms are feeling the impact—promo abuse, fake accounts, collusion rings. The instinct is to reach for IP clustering. But sophisticated fraudsters bypassed that years ago with VPNs and residential proxies. GPS seems like the next answer. It isn't. It's easier to spoof than most teams assume. And even real GPS data lacks the precision to matter. If a farm is running out of one apartment in a high-rise, GPS sees the building. Not the unit. Block the building, you've blocked 100 legitimate families to catch one fraudster. The false positive rate makes it unusable. What actually works is knowing where a device physically lives and behaves over time—with precision down to the floor, down to the unit. That's what we've built at Incognia. In one case, we identified 13 devices operating from the same location that had collectively accessed 108 accounts on a single food delivery platform—driver and diner side—running collusion at scale. Apartment-level precision made that possible. The tools fraudsters use are scaling fast. The question is whether your detection is keeping up.

What if you could describe a fraud problem and get back a fully-formed rule, ready to review? That's what Incognia’s AI Rule Builder does. Our signal library has grown to 500+ signals because fraud complexity demands it. That depth is what makes precise detection possible. AI Rule Builder makes that depth more accessible. Here’s how it works: 1️⃣ Describe the threat. Something like, "block devices associated with account takeover attempts.” 2️⃣ The engine finds the right signals from our library 3️⃣ Get back the complete rule logic, reason codes included, ready to review This isn't a generic AI layer attached to a rule editor. It’s trained on Incognia's signal library, policy connectors, and reason code structure. It understands what signals mean and how they interact, not just what they're called. This means that senior analysts spend less time on signal lookup and more on the threats that need their attention. Newer analysts can deploy sophisticated logic from day one. The library's full depth, accessible to the whole team. AI Rule Builder opens to a select group of partners in Q2 beta. More info: hubs.li/Q046dRpy0

📣 Incognia is partnering with Upwork! Upwork is committed to building the world's most trusted work marketplace. We’re helping them get there with a layered approach: → Tamper detection → Device intelligence → Apartment-level location precision Together, these give their team the intelligence they need to understand how users actually operate in the real world—keeping bad actors off the platform without disrupting the experience for legitimate users. Upwork is joining a growing list of leading marketplaces adopting next-generation device and location intelligence to protect their ecosystems at scale. Looking forward to what we'll achieve together. Full press release: hubs.li/Q045T8Jg0

25% improvement in web re-identification rates. That's what we just achieved with Incognia's latest AI-Powered Browser ID model. Standard device fingerprinting was designed for a more stable internet. But today's web is volatile: → Privacy-first browser updates → Cookie restrictions → Hidden IP addresses Checklist-based matching degrades in this environment. So since our initial versions we moved beyond checklists. We constantly train new models. And recently, we optimized our architecture to train larger models given the bigger size of our current network. Our latest AI-native model identifies a browser ID across hundreds of signals—using transformer architecture that understands the semantic relationship between signals, not just similarity scoring. This allows recognition to persist even when individual attributes change. The result: a 25% lift over our previous generation. For fraud and risk teams, that translates directly to: → More legitimate returning users recognized → Fewer unnecessary re-auth flows → Stronger persistence against resets Higher approvals. Lower fraud losses. In fraud, small gains compound. A 25% lift isn't incremental. It meaningfully shifts approval rates, friction, and repeat abuse exposure. Browser identity persistence isn't a new concept. Doing it this way is. As the web evolves, identity has to evolve with it. This is what that evolution looks like. Learn more: hubs.li/Q045q6Vl0

Most device fingerprinting solutions are only catching amateurs. The ones grabbing a few extra promo coupons aren't the ones costing you millions. It's the professional, repeat fraudsters running device farms, resetting devices, and cycling identities at scale. If your solution can’t help you do that, you're only catching the low-hanging fruit.

Social engineering can feel impossible to catch, but it isn't. The problem is that most of these attacks look normal to traditional fraud systems. Right user. Right device. Right credential. The manipulation often happens outside the system, which is why so many teams feel like it's out of their control. But it isn't invisible. These attacks leave behavioral and contextual signals—if you know what to look for. I’m looking forward to joining The Paypers next week alongside Alin Becheanu and Sune Gabelgård. We'll get into: → How social engineering enables APP fraud, RAT scams, ATO, and mule activity → Why it’s not invisible or unavoidable, and how the right tools surface it early → How fraud teams can identify and stop it earlier by looking at intent, context, and continuity Link to register: hubs.li/Q044HHH60

92% of instant payments authenticated with zero friction. ⬆️ Results from a neobank with 15M users using Incognia. They were adding too much friction by requesting users to do facial recognition for every payment. False positive rates were high and good customers were paying the price. So we looked at the data. The vast majority of transactions were happening from the user’s trusted locations—home, office, daily routines. The likelihood of a fraudster being at those exact locations while moving money from the stolen account? Extremely low. By using precise location as an authentication signal, this bank was able to authenticate users and transactions with less friction while also reducing fraud. Fewer fraud losses, better user experience.

Lots of people are talking about how AI helps fraudsters scale. What’s discussed less is how AI combines with the rapidly expanding hardware stack, making large device farms easier to run than ever. The setup has become shockingly powerful and accessible. AI can generate scripts, content, and workflows. Device farms provide real devices at scale to execute them. Together, the impact is enormous: higher throughput, faster iteration, and much greater difficulty separating real users from industrialized fraud. Worth checking how turnkey this has become: some3c.com

Today, I encountered a familiar issue: “Please verify you’re a human… Something went wrong loading the human challenge.” It seems the system has decided I’m a bot. This highlights significant flaws in many bot detection systems. They often rely on fragile, one-time challenges that fail for reasons unrelated to actual risk—network issues, JavaScript quirks, browser extensions, or privacy settings. When this happens, the security layer becomes a barrier to conversion without providing meaningful protection. Fraudsters adapt to bypass these challenges, while legitimate users suffer false positives and disrupted flows. Teams are forced into a false tradeoff between risk management and growth. The core problem is that most defenses still operate as point-in-time tests: a single snapshot, a single check, a single prompt. Identity, however, is about continuity, not a snapshot. A more effective approach shifts the focus from “Can you pass a puzzle?” to “Does this behavior make sense?” over time—across sessions, devices, and locations—while prioritizing privacy and minimizing friction for legitimate users. Effective security should feel invisible to genuine users. False positives hinder growth, and a single script error can block customers, cause drop-offs, and create frustration.

This is why we do what we do. A payments fintech just shared their experience with Incognia on G2. They called out two things we hear a lot: reducing facial biometric costs, and the speed and quality of our support team. Proud of our team for continuing to deliver at this level.

Chargeback guarantees sound great on paper. Someone else covers your fraud losses. What's not to like? But here's the problem: The vendor's incentive is to be conservative. They're on the hook for losses, so they decline more transactions than they should. That means higher false decline rates. Lost revenue. Frustrated customers. Here's a better approach: 1️⃣ Use persistent device and location intelligence to evaluate transactions first. Is this a device that's transacted on your platform before? Is it operating from a location or environment linked to previous fraud? This should cover 80-90% of your volume with high approval rates and low false declines. 2️⃣ Clearly fraudulent transactions? Block them immediately. Don't pay a vendor to tell you what you already know. 3️⃣ For gray area transactions where you don't have enough signal to decide, send those to your chargeback guarantee vendor. If they turn out to be fraud, you're covered. If they get approved, you capture revenue you might have otherwise lost. This approach protects your approval rates, reduces unnecessary costs, and keeps the guarantee model where it actually adds value. Don't send everything through the guarantee. Be strategic about it.

People always talk about how GenAI is enabling fraudsters. What’s not usually talked about is how to stop it. Take deepfakes as an example. Detecting the deepfake is just one layer. But you also need: 📱 Device intelligence, so that if a device has ever used fraud tools such as those that enable image/video injection attacks, you can identify and block it 📍 Location intelligence, so the same fraud operation can’t just reappear from the same place on a new device It's not just about detecting the deepfake. It's also about making sure that fraudsters can't use the same method again. That’s how you go from reacting to attacks to actually shutting them down.

In 2025, I hosted a 2-month “ops war room” from my home with 6 of our core operators. Not a retreat. A high-velocity execution sprint: put the decision-makers in the same room surfaced bottlenecks fast shipped fixes weekly It gave me real clarity on what was actually constraining growth, and a repeatable cadence to unlock it. Since then, we’ve been systematically removing those constraints. 2025 results: ~1B users reached 200% ARR growth 180% NRR Breakeven Growth is usually a systems problem, not an ideas problem.

A lot of marketplaces have a common fraud problem: A disjointed fraud stack. One solution for seller or driver fraud. A completely different solution for consumer fraud. These tools don’t talk to each other. As a result, signals aren’t integrated across the business. You can’t get a clear view of what’s happening across the ecosystem. That’s where coordinated abuse starts to hide, like collusion—which our research shows is a top challenge for gig economy platforms specifically in 2026. That’s why platforms need to think beyond siloed tools. Every marketplace should be looking at integrating device and location intelligence across their entire business.