Fraud Prevention Insights

Let's build a Real Time ML System to fraud. Step by step 🧵↓ 𝗧𝗵𝗲 𝗯𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗽𝗿𝗼𝗯𝗹𝗲𝗺 💼 Every time your credit card is used online by someone (hopefully you), your card issuer (for example Visa, Mastercard or PayPal) has to verify if it is you the person trying to pay with the card. Otherwise, the transaction is blocked. Now the question is: ““𝗛𝗼𝘄 𝗱𝗼𝗲𝘀 𝗩𝗶𝘀𝗮 𝗱𝗼 𝘁𝗵𝗮𝘁?”” And the answer is… a real time ML system! 𝗦𝘆𝘀𝘁𝗲𝗺 𝗱𝗲𝘀𝗶𝗴𝗻 📐 As any ML system that has existed, exists and will exist, this one can be broken down into 3 types pipelines 1️⃣ Feature pipelines 2️⃣ Training pipeline 3️⃣ Inference pipeline Let's go one by one 1️⃣ 𝗙𝗲𝗮𝘁𝘂𝗿𝗲 𝗣𝗶𝗽𝗲𝗹𝗶𝗻𝗲𝘀 💾  The feature pipelines are the Python services that produce the inputs (aka features) our ML model needs to generate its predictions. In our case, we have (and I bet Visa has) at least 3 feature pipelines: ▣ 𝗥𝗲𝗮𝗹-𝘁𝗶𝗺𝗲 feature pipeline from recent transactional data. - runs 24/7 - consumes incoming data from an internal message bus (like Kafka, Redpanda) - transforms this data on-the-fly using a real-time data processing engine - saves the the final features in a feature store, like Hopsworks. ▣ 𝗕𝗮𝘁𝗰𝗵 pipeline from historical features in the data warehouse. - runs daily - reads data from the data warehouse/lake, and - saves it into another feature group in our feature store, so it can be consumed by our ML model really fast. ▣ 𝗟𝗮𝗯𝗲𝗹𝘀 𝗽𝗶𝗽𝗲𝗹𝗶𝗻𝗲, so the ML model can be trained with supervised ML. Each completed transaction that is not claimed by the card owner within 6 months can be safely called non-fraudulent (class=0). We call it fraudulent (class=1) otherwise. Once we have these 3 feature pipelines up and running, we will start collecting valuable data, that we can use to train ML models. 2️⃣ 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗽𝗶𝗽𝗲𝗹𝗶𝗻𝗲 🏋🏽 We can use a supervised ML model (a boosting tree model like XGBoost does the job in most cases) to uncover any patterns between > the features available in your Feature Store, and > the transaction class: 0 = non-fraudulent, 1 = fraudulent. The final model is pushed to the model registry (like MLflow, Comet or Weights & Biases), so it can be loaded and used by our deployed model. And this is precisely what the last pipeline in our design does. 3️⃣ 𝗜𝗻𝗳𝗲𝗿𝗲𝗻𝗰𝗲 𝗽𝗶𝗽𝗲𝗹𝗶𝗻𝗲 🔮 The inference pipeline is a Python streaming application, that at start up loads the model from the registry into memory and for every incoming transaction > loads the freshest features from the store for that card_id, > feeds them to the model, and > outputs the predictions to another Kafka topic. These fraud scores can be then consumed by downstream services, to > Block the card, and > Send an SMS alert to the card owner, for example. BOOM! No dark magic. Just Real World ML. Follow Pau Labarta Bajo for more Real World ML

Banking is facing a massive fraud crisis and some leaders are finally starting to say it out loud. Sam Altman recently warned U.S. financial leaders about how crazy it is that some financial institutions will still accept a voice print to move a lot of money.  He’s not wrong. That warning should be a wake-up call. AI deepfakes and voice cloning are already bypassing traditional authentication methods. Voiceprints are no longer secure. Fully realistic video impersonations aren’t far behind. What felt safe yesterday is vulnerable today. This isn’t a future threat. It’s the new operating environment. The stakes are clear: 🔒 Identity verification fails: anyone with the right tools can pass. 🧾 Transaction authorization fails:  the wrong person approves. 📉 Audit trails fail: there’s no proof who actually acted. For financial institutions: legacy systems won’t hold. Next-gen solutions with just liveness detection, advanced biometrics, and continuous behavioral risk scoring are no longer optional. For consumers: fraudsters can now impersonate you in a way that’s nearly impossible to detect. And for the industry at large: this isn’t just about fraud. It’s about trust in digital banking, systemic risk, and the credibility of compliance. The Fed is paying attention. But the window to get ahead of this is closing, and incremental fixes won’t be enough. This demands a full rethink of how we prove identity in a world where anyone, or anything, can sound exactly like you. #DigitalIdentity #KYC #FraudPrevention 

This week, several Sophos employees received WhatsApp messages and emails claiming to be from me. Thankfully, their training and instincts kicked in, and they reported them. In response, I emailed everyone on the Sophos team to raise their awareness of the recent impersonation attempts and remind them how to complement technological controls in defending against social engineering attacks like these. CEO fraud isn't new. But it's getting more convincing. This comes at a time when threat groups like Scattered Spider and Shiny Hunters (tracked by CTU as GOLD HARVEST: https://lnkd.in/g82Bs4Su) are becoming increasingly adept at using AI and other novel social engineering attacks to gain access to otherwise well-defended organizations. The tactic is usually the same: reach someone outside of corporate IT systems, create urgency, impersonate a senior executive, IT, or other variants of authority, and push for action (e.g. “I need gift cards now for this partner event”). A few reminders we shared with our team, useful for the broader public: 1️⃣ Be skeptical of unexpected messages from colleagues via WhatsApp, Signal, SMS, LinkedIn, etc. 2️⃣ Always redirect to a verified internal channel: Teams, Outlook, Slack, etc.  3️⃣ Don’t engage. Report it through proper internal channels And for leaders, no matter the size of your organization: ✔️ Raise awareness of these tactics across your teams so they know when - and when not - to trust messages from their leaders and colleagues ✔️ Make it easy for them to report or verify those attempts ✔️ Establish formal and robust financial processes for fund transfers ✔️ Avoid corporate behaviors that enable this type of fraud (e.g. pressuring employees to conduct any business outside of clearly approved tools and processes) Stay safe!

Tech is changing everything-  including how we get scammed. I’ve spent years preaching the power of technology to uplift lives. But here’s the side we don’t talk about enough: Tech is also making fraud faster, smarter, and frighteningly believable. A few weeks ago, someone impersonated me, same name, same display picture, same texting style. They messaged a team member in Germany asking for money. It almost worked. But thankfully, he paused, verified, and picked up the phone. Crisis averted. But this isn’t my first run-in. Even at upGrad, we saw our fair share. We all know big companies are vulnerable to this. But what’s alarming is how younger startups are too. The modus operandi is simple but smart: Scan for recent press or LinkedIn buzz, then impersonate a leader and reach out with just enough familiarity to bypass doubt. Voice clones, AI-written bios, deepfakes, spoofed numbers. Scammers don’t need your passwords now. They just need your LinkedIn profile and five minutes of your voice. So how do we deal with it? Here’s what I’ve learned: 1. Always verify on another channel (Call > Text) If something feels off, pick up the phone. Scammers rely on staying in the same thread. 2. Urgency is a red flag, not a call to action “Act now” is fraud’s favorite tactic. Pressure is their playbook. 3. Normalize double-checking. Even with leadership. Especially with leadership. Team members might hesitate to question a senior's message. Empower them to pause and check. It’s not awkward. It’s smart. Trust grows through clarity. Have you faced something similar? How are you staying one step ahead? Let’s learn from each other.

Insurance Fraud For over last 15 years, I have been highlighting two aspects of Insurance Fraud 1. Fraudulent activities are getting more organized year on year 2. Next decade or so will see more fraud in Critical Illness and Personal Accident/ disability The case below is a live example of both: The appended ECG surfaced as evidence of heart attack in a critical illness claim of first heart attack - in 3 different claims. This ECG was, allegedly, taken in 3 different hospitals on 3 different patients in 3 different districts of two states. Why is it the same ECG? One may counter the allegation that 2 different persons can have the same ECG. Answer to this: - The flat line in V5 (highlighted with a box) is an artifact due to machine error and accepting that 3 different machines will have same artifact is ignoring the fraud (known as leakage in an organization) - Two independent, senior cardiologists have opined that these three ECGs belong to the same person. An ECG is akin to one's finger prints - no two persons can have EXACT same ECGs. Fortunately (unfortunately for the fraudsters) these attempts were made on the same insurer, hence were identified. In our 20 year+ journey in risk management, we have come across same ECG and same TMT being used for different proposals at policy inception stage but 3 cases, 3 districts, 3 hospitals - is first even for us. Insurers have to be more vigilant for critical illness and personal accident claims. Sanjiv Dwivedi Bhaskar Nerurkar Sweetie Salve Rajat Goyal Namrata Jain (Kumar) Manish Dodeja Priya Deshmukh-Gilbile Siddhartha Kansal Dr Sushma Jaiswal Dr Satish Kanojia Imtiaz Shaikh Preeti Desai Vishal Dubhashi #insurancefraud #organisedfraud #criticalillness #fraud management

The Financial Action Task Force (FATF) has released its Updated Recommendations (February 2025), reinforcing international standards on AML, CFT, and Combating the Financing of Proliferation (CFP). Key Highlights: ✅ Risk-Based Approach (RBA) Strengthened • Countries and financial institutions must continuously assess ML/TF risks. • Proliferation financing risks (linked to WMDs) must now be explicitly assessed and mitigated. • Greater emphasis on data-driven decision-making in risk management. ✅ Stronger Financial Crime Enforcement & Asset Recovery • Enhanced measures to identify, freeze, and confiscate illicit assets, even without conviction-based legal proceedings. • Countries must cooperate more effectively on cross-border investigations related to ML, terrorism, and sanctions evasion. • Expanded legal mandates for regulators to seize cryptocurrency-related assets used for illicit activities. ✅ Enhanced Corporate Transparency & Beneficial Ownership Regulations • Stricter disclosure requirements for companies and trusts to prevent anonymous ownership structures facilitating financial crime. • Introduction of centralized registries for beneficial ownership information, accessible by regulators and FIUs. • Bearer shares and nominee shareholder arrangements are further restricted due to their role in obfuscating ownership. ✅ New Standards for Virtual Assets & Emerging Technologies • FATF mandates stronger oversight on VASPs, aligning AML rules for crypto-assets with traditional financial institutions. • New tech-based compliance controls (including AI-driven monitoring) recommended to enhance financial crime detection. • Stricter regulations for cross-border virtual asset transactions to combat illicit financing and crypto-enabled ML. ✅ Expanded Measures Against Terrorist Financing & Sanctions Evasion • Countries must implement targeted financial sanctions to prevent terrorism and WMD proliferation financing. • NPOS are now required to assess their terrorist financing risks while ensuring legitimate operations are not disrupted. • Greater scrutiny on correspondent banking relationships to prevent facilitation of illicit transactions. ✅ Increased International Cooperation & Mutual Legal Assistance • FATF calls for faster cross-border financial intelligence sharing to prevent criminals from exploiting jurisdictional gaps. • Countries must align with UNSCRs on CTF and sanctions enforcement. Recommandations: 🔹 Implement advanced transaction monitoring using AI to detect suspicious financial activities more effectively. 🔹 Reinforce beneficial ownership compliance 🔹 Strengthen cross-border AML/CFT coordination by fostering partnerships between FIs, regulators, and law enforcement agencies. 🔹 Ensure robust oversight on virtual assets by applying FATF’s Travel Rule to cryptocurrency transactions and monitoring DeFi risks. #AML #FATF #FinancialCrime #Compliance #CryptoRegulation

Subscription fraud is often invisible - but its impact is significant. Fake free trials and recurring payment abuse rarely appear fraudulent at the start. They typically mimic legitimate user behavior, making detection challenging. Common fraud patterns in subscription businesses • Multiple accounts created by the same user • Use of temporary emails and shared or stolen cards • Abnormal usage during trial periods • Intentional chargebacks after extensive consumption Business impact • Revenue leakage • Increased chargeback ratios • Payment gateway penalties • Distorted growth and retention metrics • Higher customer acquisition costs How fraud is detected effectively • Device and IP intelligence • Behavioral signal analysis • Payment reuse and failure patterns • Usage anomalies during trials and renewals Prevention strategies that scale • Limit free trials per device and payment method • Apply step-up verification for high-risk users • Monitor usage prior to renewals • Block bots and high-risk IP ranges • Leverage AI models to identify evolving fraud patterns Outcomes of a strong fraud strategy • Reduced fake users • Lower chargebacks • Accurate business metrics • Protected recurring revenue • Improved trust with genuine customers Fraud prevention is not friction. It is a safeguard for legitimate users and sustainable growth.

Someone just lost £50,000 to scammers pretending to be us. The fake site: cur8 pro .com - they've stolen hundreds of thousands from our community. This is unacceptable. And you need to know this now. Here's how the scam works: They DM you. They promise guaranteed returns. They pressure you to "act fast" before the "opportunity closes." They ask you to wire money directly via a crypto wallet. Every single one of those things? We would NEVER do. Let me be crystal clear about how Cur8 Capital actually operates: ❌ We will never DM you first asking for money ❌ We will never guarantee returns on investments ❌ We will never ask you to wire funds through WhatsApp or DMs ❌ We will never pressure you with "limited time" tactics ✅ We are regulated by the FCA ✅ We provide extensive risk warnings ✅ We are only open to qualified investors ✅ We follow strict marketing regulations If someone's guaranteeing you returns, run. Nothing in investing is guaranteed. Ever. Any legitimate investment firm operates under these same rules. But these scammers? They'll promise you the moon. 200% guaranteed returns. 50%. Whatever number makes you bite. They're destroying families and stealing life savings. and using our name to do it. If you see anyone falsely claiming to be from Cur8 in your DMs: 1. Screenshot everything 2. Block immediately 3. Report 4. Warn others Our only official website is cur8.capital (no variations) Please share this. Someone in your network might need to see this. Have you seen these scams? Comment below.

AML Case Study: Unusual Customer Behavior – No Transactional Activity Context: A bank’s AML system generates an alert for a long-time customer, Ms. Y, not due to financial transactions but due to behavioral and documentation anomalies. The alert is triggered based on inconsistencies in identity verification and unusual account access patterns. Scenario: Ms. Y, a private banking client, has maintained a dormant account for years with no recent transactions. However, the following red flags prompt an internal review: Multiple Login Attempts from Different Locations: Unsuccessful login attempts are detected from three different countries within a short period. Inconsistent KYC Information: During an account update request, the newly submitted identification documents differ from those previously provided. Third-Party Inquiry: A person claiming to be Ms. Y’s “legal representative” calls the bank requesting changes to account details but fails security verification. Investigation Steps: Identity Verification Review Cross-checked new ID documents against original records. Contacted the customer directly using the on-file communication channels. Device & IP Analysis Confirmed that login attempts originated from high-risk jurisdictions known for cyber fraud. Identified a mismatch in registered and recently used devices. Customer Interaction & Due Diligence Ms. Y was contacted via a secure channel, and she confirmed she had not attempted to access the account or authorize changes. Reported potential identity theft to compliance teams for further escalation. Outcome & Actions Taken: The account was flagged and temporarily frozen to prevent unauthorized access. Enhanced due diligence (EDD) was applied, requiring in-person verification before any account modifications. The case was escalated to law enforcement for potential fraud and identity theft. Key Takeaways: AML is not solely about financial transactions—behavioral anomalies can be strong indicators of financial crime. Continuous monitoring of customer activity, login behaviors, and identity verification is crucial for fraud prevention. Collaboration between compliance, fraud teams, and law enforcement helps mitigate risks effectively. How can financial institutions detect and mitigate AML risks when no transactions are involved? What key behavioral red flags should investigators look for? #AML #FinancialCrime #RiskManagement #FraudDetection #Compliance #KYC #DueDiligence #AMLInvestigations #SuspiciousActivity #FinancialSecurity

Welcome to 𝐓𝐡𝐞 𝐏𝐚𝐲𝐦𝐞𝐧𝐭𝐬 𝐀𝐜𝐚𝐝𝐞𝐦𝐲 by Checkout.com — Episode 6 👋 𝐓𝐡𝐞 𝐓𝐲𝐩𝐞𝐬 𝐨𝐟 𝐅𝐫𝐚𝐮𝐝 𝐢𝐧 𝐏𝐚𝐲𝐦𝐞𝐧𝐭𝐬: ► Fraud in payments is a growing challenge for merchants, issuers, and payment processors. Fraudulent transactions not only cause financial losses but also damage a merchant’s reputation ► To combat fraud effectively, businesses must leverage fraud detection tools, authentication techniques, and dispute management strategies to stay ahead of bad actors while maintaining a seamless customer experience — 𝐓𝐡𝐞 𝐓𝐲𝐩𝐞𝐬 𝐨𝐟 𝐅𝐫𝐚𝐮𝐝 & 𝐄𝐱𝐚𝐦𝐩𝐥𝐞𝐬 ► 3-𝐏𝐚𝐫𝐭𝐲 𝐅𝐫𝐚𝐮𝐝 – This occurs when a fraudster uses stolen card details to make purchases. ► 𝐅𝐫𝐢𝐞𝐧𝐝𝐥𝐲 𝐅𝐫𝐚𝐮𝐝 – A cardholder disputes a legitimate transaction, either by mistake or to reverse a purchase. ► 𝐆𝐨𝐨𝐝 𝐅𝐚𝐢𝐭𝐡 𝐏𝐚𝐲𝐦𝐞𝐧𝐭 𝐃𝐢𝐬𝐩𝐮𝐭𝐞𝐬 – The customer disputes a payment due to issues with product quality or fulfillment. Fraud prevention strategies must be tailored to identify, assess, and respond to these types of fraud in real time. — 𝐓𝐡𝐞 𝐏𝐫𝐨𝐜𝐞𝐬𝐬: 𝐂𝐮𝐭𝐭𝐢𝐧𝐠 𝐃𝐨𝐰𝐧 𝐨𝐧 𝐂𝐚𝐫𝐝 𝐅𝐫𝐚𝐮𝐝 1️⃣ 𝐅𝐫𝐚𝐮𝐝 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐄𝐧𝐠𝐢𝐧𝐞𝐬 – These tools analyze transaction data (e.g., IP addresses, device data...) to assess fraud risks. 2️⃣ 3𝐃 𝐒𝐞𝐜𝐮𝐫𝐞 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐢𝐨𝐧 – Adds an extra layer of protection by requiring customer verification for high-risk transactions. 3️⃣ 𝐌𝐚𝐜𝐡𝐢𝐧𝐞 𝐋𝐞𝐚𝐫𝐧𝐢𝐧𝐠 & 𝐀𝐈 – Predicts fraud patterns based on historical transactions and behavioral analytics. 4️⃣ 𝐓𝐨𝐤𝐞𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧 – Converts sensitive payment data into tokens, reducing the risk of stolen card details being misused. 5️⃣ 𝐂𝐡𝐚𝐫𝐠𝐞𝐛𝐚𝐜𝐤 𝐏𝐫𝐞𝐯𝐞𝐧𝐭𝐢𝐨𝐧 – Strategies like real-time alerts and clear billing descriptors — 𝐓𝐡𝐞 𝐃𝐚𝐭𝐚: 𝐊𝐞𝐲 𝐃𝐚𝐭𝐚 𝐏𝐨𝐢𝐧𝐭𝐬 𝐭𝐨 𝐑𝐞𝐝𝐮𝐜𝐞 𝐅𝐫𝐚𝐮𝐝 Fraud detection relies on rich transaction data to identify suspicious activity and block fraudulent payments: ► Customer Name – Verifies the cardholder’s identity and checks for patterns of fraudulent behavior (e.g., fake names...). ► IP Address – Flags transactions from high-risk regions or locations inconsistent with the customer’s normal behavior. ► Billing Address – Used for Address Verification System (AVS) checks to confirm that the billing address matches the cardholder’s bank records. ► Delivery Address – Helps detect fraudulent transactions by assessing mismatched shipping details. ► Email Address – Identifies fraud patterns, such as disposable email addresses or emails associated with prior chargebacks. Providing complete and accurate data in payment requests enhances fraud detection and reduces false declines, improving both security and conversion rates. —— Source: Checkout.com x Connecting the dots in payments... ► Sign up to 𝐓𝐡𝐞 𝐏𝐚𝐲𝐦𝐞𝐧𝐭𝐬 𝐁𝐫𝐞𝐰𝐬 : https://lnkd.in/g5cDhnjC ► Connecting the dots in payments... and Marcel van Oost