Green Sheet interviews INETCO's Ugan Naidoo

As artificial intelligence rapidly reshapes the fraud landscape, financial institutions are under growing pressure to detect and stop increasingly sophisticated threats in real time. From AI-driven social engineering scams to evolving mule-account activity and instant payment fraud, traditional approaches to fraud prevention are being tested like never before.

In the following Q&A, Ugan Naidoo, CTO and co-founder of INETCO, discusses why transaction intelligence is becoming essential to modern fraud prevention, how “Know Your Transaction” strategies differ from traditional monitoring approaches, and what banks, processors and fintechs must do to prepare for a faster, more complex era of financial crime. INETCO’s payment fraud prevention platform, BullzAI, is designed to support these evolving transaction intelligence strategies.

Green Sheet: Fraud losses continue to rise globally despite growing investments in fraud prevention technologies. Why are existing approaches falling short, and how is AI changing the threat landscape for financial institutions?

Ugan Naidoo: The fundamental problem is that many fraud prevention systems were designed for a slower, more predictable era of banking. They look for known patterns, rely heavily on static rules and often analyze transactions after the fact. That creates a dangerous gap in a world where payments are instant, fraud is coordinated, and criminals can adapt faster than traditional systems can be updated.

AI widens that gap. It allows fraudsters to automate reconnaissance, test vulnerabilities, generate convincing phishing messages, impersonate customers and coordinate attacks across channels at much greater speed and scale. What used to require a network of skilled actors can now be assisted by widely available AI tools. That changes the economics of fraud by making it more accessible.

For financial institutions, the challenge is no longer simply identifying a suspicious transaction in isolation. It is understanding intent, context and behavior in real time. Banks need to know whether a payment fits the customer, the device, the merchant, the account history, the terminal, the geography and the broader network pattern. Without that level of transaction intelligence, fraud prevention remains reactive. Today, that approach is increasingly ineffective.

GS: You argue that banks must move beyond traditional KYC processes toward “Know Your Transaction” capabilities. What does effective transaction intelligence look like in practice, and how does it differ from conventional fraud monitoring?

UN:: KYC remains important, but it answers a relatively static question: Do we know who this customer is? KYT asks a more dynamic and operationally useful question: Do we understand what is happening in this transaction, right now?

Effective transaction intelligence means seeing and interpreting the full payment message as it moves through the network. That includes customer behavior, account history, device and channel data, merchant information, terminal identifiers, transaction amounts, timing, velocity, payment rails and field-level message details. The goal is to detect subtle changes that may indicate account takeover, mule activity, social engineering, rogue terminals or coordinated fraud.

Conventional fraud monitoring often depends on rules such as transaction thresholds, known bad actors or broad risk scores. KYT is more granular and adaptive. It looks at how each transaction compares with the customer’s normal behavior, the institution’s wider transaction patterns and known fraud typologies.

It also operates in real time, so institutions can stop suspicious activity before funds leave the system rather than investigating it later. In practice, that means moving from “flag and review” to “understand and act.” The best systems can decode payment messages, identify anomalies at the field level, apply machine learning to changing patterns and give fraud teams explainable intelligence they can use immediately.

GS: As scams increasingly involve legitimate customers being manipulated into authorizing payments themselves, how should banks and payment providers rethink responsibility for detecting and stopping fraud?

UN: Authorized push payment scams have changed the definition of fraud prevention. In many cases, the customer is not technically being hacked. Rather, they're being coached, pressured or deceived into making a payment that looks legitimate to a traditional system. That means banks cannot rely only on credentials, authentication and customer consent as proof that a transaction is safe.

Responsibility needs to shift toward shared protection. Customers still need education and secure habits, but financial institutions are the only parties with enough visibility to detect unusual behavior across accounts, channels and payment networks. They can see when a customer is suddenly moving funds in an unusual way, paying a new beneficiary, responding to high-pressure timing or interacting with an account that shows mule-like patterns.

The industry also needs to stop treating scam detection as purely a customer-service or reimbursement issue. It is a real-time intelligence problem. Payment providers should be able to intervene before money moves, whether through step-up authentication, transaction holds, warnings, beneficiary risk scoring or direct outreach when a payment pattern looks inconsistent with the customer’s normal behavior.

The key is to make intervention smarter, not simply more frequent. A generic warning that customers click through is not enough. Banks need contextual, targeted friction that appears when the transaction itself shows signs of manipulation.

GS: Governments are beginning to incorporate fraud prevention into broader national AI strategies. What kinds of regulatory or compliance expectations do you expect banks, processors and fintechs to face in the coming years?

UN: Fraud prevention is becoming part of the broader conversation about national resilience, AI governance and critical infrastructure. As payment systems become faster and more automated, regulators will expect financial institutions to prove that they can detect, explain and respond to fraud in real time.

We should expect stronger expectations around model governance, auditability, data quality and operational resilience. Banks, processors and fintechs will likely need to show not only that they use AI responsibly, but that their AI systems can be monitored, tested and explained. Regulators will also care about whether institutions can identify systemic threats, not just individual customer losses.

There will likely be more pressure to share fraud intelligence across institutions and sectors, especially around mule accounts, scam networks and AI-enabled attacks. Instant payments make isolated fraud prevention less effective. If one institution detects a pattern but the rest of the network cannot respond quickly, the system remains exposed.

Compliance will also become more outcome-oriented. It will not be enough to say that a customer passed KYC checks or that a transaction was reviewed after the fact. Institutions will be expected to demonstrate that they have real-time controls, effective monitoring, clear escalation processes and the ability to prevent harm before it spreads.

GS: Real-time fraud analysis requires institutions to evaluate large amounts of transaction and behavioral data instantly. How can organizations balance stronger fraud detection with concerns about privacy, customer friction and false positives?

UN: The balance starts with precision. More data does not automatically mean better fraud prevention. Institutions need the right data, used for the right purpose, with strong governance and clear limits. The goal should be to analyze the signals that are most relevant to transaction risk while minimizing unnecessary collection, exposure or retention of sensitive information.

Good transaction intelligence can actually reduce customer friction. When systems understand normal behavior more accurately, they can allow legitimate transactions to move quickly while applying friction only when the risk is meaningful. That is very different from blunt controls that block broad categories of activity or force every customer through the same extra steps.

False positives are also a design issue. Fraud teams need explainable alerts, not black-box scores that create operational noise. If an alert shows the specific reason for concern—a new device, unusual beneficiary, abnormal velocity, suspicious terminal or pattern linked to mule activity—analysts can act faster and with more confidence.

Privacy and fraud prevention should not be seen as opposing goals. Stronger real-time detection can protect customers from harm while reducing the need for invasive after-the-fact investigations. The institutions that get this right will combine encryption, access controls, data minimization, model governance and explainable AI with a clear focus on stopping only the transactions that truly appear risky.

GS: You’ve warned that AI could accelerate vulnerability discovery, exploit development and social engineering attacks. Which emerging AI-driven fraud threats concern you most, and where are financial institutions still unprepared?

UN: The most concerning threat is the combination of AI-driven social engineering with real-time payments. Criminals can use AI to create highly convincing messages, voice impersonations, fake documents and personalized scams at scale. When those tactics are paired with instant payment rails, institutions have very little time to detect and stop the movement of funds.

Another major concern is automated probing. AI can help criminals test systems, identify weak controls, refine attack scripts and adapt when an institution changes its defenses. That creates a more dynamic threat environment in which fraud patterns may evolve too quickly for static rules or manual investigation teams.

Mule networks are also becoming harder to detect. Fraudsters can use automation to distribute funds across accounts, geographies and institutions in ways that appear fragmented at the individual bank level. Without network-level intelligence and field-level transaction visibility, each institution may see only a small piece of the pattern.

Many financial institutions are still underprepared because their fraud, cybersecurity, AML and payments teams operate in silos. AI-enabled fraud does not respect those boundaries. It may begin as a phishing attack, become an account takeover, move through an instant payment rail and end as a money-laundering problem. Institutions need unified, real-time intelligence across the full transaction lifecycle.

The next generation of fraud prevention will not be defined by who has the most rules or the biggest investigation team. It will be defined by who can understand transaction behavior at machine speed and act before the money is gone.

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.