ELF: The Persistent Signal Fraudsters Can't Erase

Fraudsters rarely give up after one offense, especially if they’re aiming to make a profit off of their abuses. Recurring fraud, meaning fraud that repeats the same exploitations and tactics, has increased 46% since 2024.

The increasing prevalence of Fraud-as-a-Service tools has made it easier than ever for fraudsters to craft a repeatable, scalable operation to take advantage of platforms and their users. 

Even when fraudsters get caught and banned, they often use ban evasion and multi-accounting to maintain their “in” to their victim platform. This means that stopping ban evasion should be a top priority in order to protect platforms from recurring fraud. 

In this post, we’ll look at the impact of ban evasion on recurring fraud, Incognia’s new anti-recurring fraud tool ELF, and why ELF works differently than current solutions that are popular in the gig economy and online marketplace spaces.

Ban evasion powers recurring fraud 

Here’s a question: what’s the most important signal you can think of for stopping ban evasion? For many platforms, the answer would lie in device-based protections.  

Unfortunately, fraudsters have known about these kinds of protections for years, and they’re constantly looking for new ways to outfox them. From app cloners that create new device IDs for each cloned app instance, to emulators, to simple device resets or changes, there are a lot of ways that fraudsters can exploit a fraud prevention solution that relies too much on data about the user’s device. 

But that doesn’t make the need for an anti-ban evasion signal any less prevalent. If you can’t detect or stop ban evasion on your platform, there’s a decent chance that a lot of your fraud prevention dollars are going to waste. When the same offenders keep finding new ways back onto your platform, it forces you to consume more time and resources fighting the same people instead of making a dent in the overall fraudster presence on your app. 

So this begs the question: if fraudsters are trying to find ways to fool device-based protections, how can you make sure you’re protected even if they succeed? 

Environments Linked to Fraud (ELF)

In January 2025, Incognia launched our new Environments Linked to Fraud (ELF) feature, which takes advantage of signals outside of what’s on the user’s device.  

ELF works by recognizing when a new device has a connection with an indoor location signal environment previously linked to confirmed fraud. Because the device shares such unique identifying features with a device we’ve seen before, we can say there’s a high risk that it’s the same person or group.

When we return a higher risk assessment for these devices, that enables platforms to make a more informed decision about whether to allow riskier accounts.

What makes ELF different

Instead of relying on device data that fraudsters can spoof or hide, ELF uses indoor positioning signals to map potential relationships between devices. 

Relying on a signal outside of the user’s device means that no matter what a fraudster does to try and break device-based protections—switching to a new device, factory resetting, reinstalling the app, using app cloners or emulators, etc.—as long as they’re in the same location as before, any new device they use will still be connected to their previous fraudulent devices.

As our CEO and co-founder Andre Ferraz says, "Fraud prevention is all about raising the barrier to entry. It’s easier to reset a device than it is to set up in a new location. Incognia's ELF technology makes it possible for companies to identify suspicious activity across accounts and devices by flagging indoor signal environments that are associated with previous instances of fraud."

Yesterday’s solutions aren’t enough to stop today’s fraudsters. Advancements like ELF help keep us a step ahead of the bad actors, without compromising the experience and safety of good users. 

To learn more about ELF, visit our landing page here or read the press release here.