Cambio Partners
Research NoteJuly 2026
Module 02Continuous loop — runs across the customer lifecycle
Deviceintelligence
Bind the device to the identity — then watch the pairing. A verified identity on an unfamiliar or compromised device is a risk event.
Device–identity pairing
Fingerprint the device and bind it to the verified identity. One identity across many devices — or one device across many identities — is the classic fraud signature. A device burned at one institution is flagged across every consortium participant.
Behavioural signals
Typing cadence, navigation flow, form-fill patterns. Bots and remote-access fraud don't move like humans; a coached scam victim doesn't move like themselves.
SIM & phone ownership
Has the number just been ported to a new SIM? SIM swap is the standard precursor to account takeover — the phone number is an identity anchor, so its integrity is monitored continuously.
Network & geolocation risk
IP reputation, VPN / proxy / emulator detection, impossible-travel checks. An identity claiming Reading on a datacentre IP in another jurisdiction changes the score.
Who plays here
LexisNexis ThreatMetrix (device-first incumbent — 9bn devices in network), Socure (Digital Intelligence), BioCatch (behavioural), SEON, Sift, TransUnion (Neustar)