Why False Positives Are Costing Banks More Than Fraud - with Suvaleena Paul of Bank of America

Deep dive into sophisticated fraud tactics including synthetic identity creation using mixed real/fake data to pass KYC checks, and romance scams where fraudsters build relationships over months before requesting money. Includes a case study of an $800,000 account takeover where a known person added their fingerprint to the victim's device and suppressed all alerts over six months.

• •Synthetic identities combine real and fake data to create personas that pass traditional KYC verification
• •Romance scams involve 4-5 month relationship building before requesting credentials or money transfers
• •Real-world case: $800K drained over 6 months via fingerprint spoofing and alert suppression with no traditional red flags
• •Banks now send alerts for suspicious patterns, but customers often override warnings due to emotional investment
• •Future threat: 'clean fraud' where everything appears legitimate on surface with only subtle mismatches revealing issues

Bank of America's transformation from quarterly rule reviews to rapid response models capable of deploying countermeasures within hours. The team now receives hourly alerts for spikes and pattern changes, with recent example of controlling a Friday 6PM incident within 5 hours through overnight team mobilization.

• •Moved from quarterly fraud rule reviews to real-time pattern detection with hours to respond
• •Hourly email alerts track spikes and behavioral pattern changes across systems
• •Case study: Friday 6PM fraud pattern controlled within 5 hours via overnight team response
• •Success measured by both fraud dollars stopped AND friction added to customer experience
• •False positives that block legitimate accounts create significant customer escalations and trust issues

Technical breakdown of enriched risk scoring that goes beyond transaction data to include email age, phone number usage patterns, digital footprints, and biometric data like cursor movement and typing patterns. The system creates customer clusters with different algorithms running for each behavioral pattern group.

• •Biometric tracking captures cursor movement, page dwell time, password typing patterns and backspace frequency
• •Risk scoring incorporates email age, phone number reuse across accounts, and complete digital footprints
• •Customer behaviors are clustered into groups with tailored algorithms for each cluster type
• •Device fingerprinting, login behavior, and network velocity analyzed within milliseconds
• •Feedback loops from approved good transactions continuously improve detection architecture

Introduction to graph theory as an emerging technology in fraud prevention, used to map fraud networks and identify unwitting 'mules' in multi-party fraud schemes. This approach clusters fraud sources across multiple degrees of separation to reveal organized fraud rings.

• •Graph theory clusters fraud sources by first-party, second-line, and third-line connections
• •Identifies 'mules' - intermediaries who unknowingly carry out fraudulent transactions under direction
• •Maps relationships between multiple parties to reveal organized fraud networks
• •Described as 'upcoming space that's gonna blow up' in financial fraud prevention
• •Bank of America currently leveraging graph theory with plans to expand usage over time

Shift away from rigid rules like 'three logins in five minutes equals fraud' to layered signal architectures that personalize detection based on individual user behavior, transaction context, and device intelligence. The goal is to 'let good customers fly and bad ones crash' through behavioral personalization.

• •Abandoned rigid threshold rules (e.g., '3 logins in 5 minutes = fraud') as too blunt for modern threats
• •Layered signal architecture combines behavior, transaction context, device intelligence, and biometrics
• •Personalized fraud detection based on individual user patterns and operating context
• •Detection decisions made within milliseconds using network velocity and device fingerprinting
• •Success measured by approving more good transactions while improving fraud catch rates

Strategic approach to AI adoption in highly regulated banking environment, emphasizing internal closed-loop AI systems over external vendors. Discusses the asymmetry between banks (high stakes, much to lose) and fraudsters (nothing to lose), requiring careful governance and continuous model performance monitoring.

• •Cannot simply 'plug in external AI model' in regulated environment - requires tight governance
• •Internal closed-loop AI systems preferred; external vendors kept at arm's length unless fully vetted
• •AI becomes vulnerability if not built and controlled correctly - stakes too high for banks
• •Weekly or monthly model performance reviews based on function importance level
• •Governance is foundation, not checkbox - common approach across major financial institutions
• •Continuous monitoring of fraud catch rates and false positive rates to maintain compliance