By the end of this, you will have a working device-intelligence risk scoring layer in TypeScript, understand exactly why Webull Brazil jumped from 75.7% to 92.5% auto-approvals, and know where to plug this into your existing compliance stack without rebuilding everything from scratch.
The problem nobody wants to quantify
Last quarter, a crypto platform called Drift lost $285 million because their verification focused on identity documents rather than device access patterns. North Korean hackers used legitimate credentials on compromised devices. Perfect KYC. Catastrophic outcome.
Meanwhile, most compliance teams are still burning analyst hours confirming that obviously legitimate customers are, in fact, legitimate. When 19.2% of your onboarding flows require manual review, you are paying senior analysts to validate what algorithms already know. At £50 per review and 1,000 weekly applications, that is £435,000 annually in operational costs on cases that device intelligence could resolve in seconds.
Webull Brazil proved there is a better way. They cut manual verifications from 19.2% to 2.5% in three months. They flagged over 7,650 remote-access devices that traditional document checks missed entirely. And they did it whilst lifting their auto-approval rate by 16.8 percentage points.
Let me walk you through how.
What we are building
A progressive risk scoring system that layers device intelligence underneath your existing KYC checks. Instead of a binary approve-or-review decision, you get a continuous risk score that auto-approves the 90%+ of applications that are clearly legitimate and routes genuine edge cases to human analysts.
The architecture looks like this:
- Capture device signals at application time
- Score risk across device, location, and traditional KYC dimensions
- Route decisions automatically based on score thresholds
- Track persistent risk profiles over time
Prerequisites
- TypeScript 5.x
- A device intelligence provider (Incognia, or an orchestration layer like Zenoo that connects to multiple providers)
- Your existing KYC data pipeline
Step 1: Define your device intelligence types
Traditional KYC gives you a snapshot. Device intelligence gives you behaviour over time. Start by defining the data you are actually collecting:
interface DeviceProfile {
deviceFingerprint: string;
isEmulator: boolean;
hasRemoteAccess: boolean;
locationSpoofing: boolean;
deviceAge: number; // days since first seen
appIntegrity: {
isRooted: boolean;
hasVPN: boolean;
suspiciousApps: string[];
screenRecording: boolean;
};
}
interface LocationData {
gpsCoordinates: [number, number];
networkLocation: [number, number];
locationConsistency: number; // 0 to 1
velocityCheck: boolean; // true if location change is physically possible
geofenceStatus: 'inside' | 'outside' | 'unknown';
}
interface VerificationDecision {
applicationId: string;
autoApproved: boolean;
riskScore: number;
deviceFingerprint: string;
flaggedReasons?: string[];
reviewRequired: boolean;
}
The key shift here: you are no longer just asking "Is this person who they claim to be?" You are asking "Is this person behaving like a legitimate user from a trusted environment?"
Step 2: Build progressive risk scoring
Webull Brazil's 92.5% auto-approval rate came from weighted risk scoring across three dimensions. Here is the pattern:
function calculateRiskScore(
device: DeviceProfile,
location: LocationData,
kyc: { ocrConfidence: number; pepsStatus: boolean }
): number {
let risk = 0;
// Device integrity (40% weight)
if (device.isEmulator) risk += 40;
if (device.hasRemoteAccess) risk += 35;
if (device.appIntegrity.isRooted) risk += 15;
if (device.appIntegrity.screenRecording) risk += 10;
// Location consistency (30% weight)
if (location.locationConsistency < 0.7) risk += 30;
if (!location.velocityCheck) risk += 20;
if (location.geofenceStatus === 'outside') risk += 15;
// Traditional signals (30% weight)
if (kyc.pepsStatus) risk += 25;
if (kyc.ocrConfidence < 0.95) risk += 15;
return Math.min(risk, 100);
}
Notice the weighting. Device integrity carries 40% of the score. That is deliberate. Webull's 7,650 flagged devices were caught by device signals, not document checks. Remote-access tools, emulation software, and promotional abuse networks leave fingerprints that no passport photo can detect.
Step 3: Route decisions automatically
With a continuous risk score, you can set thresholds that match your risk appetite:
type DecisionAction = 'auto_approve' | 'enhanced_review' | 'reject';
interface Decision {
action: DecisionAction;
confidence: number;
flaggedSignals: string[];
}
function makeDecision(riskScore: number): Decision {
if (riskScore <= 15) {
return {
action: 'auto_approve',
confidence: 0.95,
flaggedSignals: [],
};
}
if (riskScore <= 45) {
return {
action: 'enhanced_review',
confidence: 0.75,
flaggedSignals: ['moderate_risk'],
};
}
return {
action: 'reject',
confidence: 0.90,
flaggedSignals: ['high_risk'],
};
}
Webull Brazil's results suggest that with well-calibrated thresholds, 92.5% of applications fall cleanly into the auto-approve band. Only 2.5% need manual review. The remaining cases are outright rejections or enhanced review.
This is exactly the workflow gap Zenoo was built to close. It orchestrates device intelligence checks across multiple providers so your team does not have to rebuild the entire compliance stack to get these results. Book a demo to see it with your own data.
Step 4: Add persistent risk profiles
The real advantage of device intelligence over document checks is that it compounds over time. A single KYC check is a snapshot. Persistent monitoring catches account takeover, behavioural drift, and coordinated fraud rings:
interface PersistentRiskProfile {
userId: string;
historicalDevices: DeviceProfile[];
riskTrend: 'increasing' | 'stable' | 'decreasing';
lastVerificationDate: Date;
cumulativeRiskScore: number;
}
interface ComplianceWorkflow {
processApplication: (data: DeviceProfile & LocationData) => VerificationDecision;
updateRiskProfile: (userId: string, newSignals: DeviceProfile[]) => void;
flagSuspiciousDevices: (threshold: number) => string[];
}
Track device switching frequency, location consistency patterns, and app usage anomalies. Deviations from baseline are far more informative than any single document check.
Step 5: Measure what matters
The compliance industry obsesses over false negatives (missing bad actors) and ignores operational cost. Track both:
| Metric | Before (Webull) | After (Webull) |
|---|---|---|
| Auto-approval rate | 75.7% | 92.5% |
| Manual review rate | 19.2% | 2.5% |
| Remote-access devices flagged | Not tracked | 7,650+ |
| Manual review reduction | Baseline | 87% |
That 87% drop in manual reviews is the number your CFO cares about. At scale, it is the difference between a compliance team that drowns in false positives and one that focuses on genuine threats.
Production tips
Start collecting device signals today, even if you are not scoring on them yet. The data becomes more valuable over time as behavioural patterns emerge. Instrument device fingerprints, location data, and network analysis during onboarding from day one.
Design for false positive optimisation. Traditional KYC optimises to avoid false negatives. Device intelligence lets you optimise for false positives (reducing manual review) without compromising security. Webull proved this: better automation and better fraud detection are not opposing forces.
Do not build this in-house unless you have to. Webull Brazil's 92.5% auto-approval rate took three months to achieve with a specialist provider, not three weeks of internal engineering. The SDK integration, real-time scoring APIs, fraud signal databases, and location verification services add up fast.
A Head of Compliance at a UK challenger bank told us recently: "We spent six months trying to build device intelligence internally. We got to 80% auto-approvals and hit a wall. The last 10 percentage points required fraud signal databases we simply did not have access to."
Measure operational metrics alongside security metrics. Track manual review rates, analyst hours per decision, and automated approval percentages. When we benchmarked onboarding workflows, the median KYB check took 3.2 hours including manual review. The fastest teams, the ones using orchestrated device intelligence, averaged 47 seconds.
The identity verification landscape is shifting from document theatre to behavioural analysis. Webull's results are not an outlier. They are the new baseline. Teams that instrument device behaviour early will compound their advantage. Those that cling to manual processes will find themselves overwhelmed by threats they cannot scale to meet.
Full docs and integration guides at zenoo.com.
Stuart Watkins is CEO of Zenoo, the compliance orchestration platform that connects identity, screening, and risk providers into a single configurable workflow. 30 minutes. Your data. No slides.
