Fraud reduction intelligence platforms expose the limits of point controls

At a glance

What this is: This guide summarises KuppingerCole’s 2025 view of fraud reduction intelligence platforms and the capabilities it highlights for financial services fraud defence.

Why it matters: It matters to IAM practitioners because fraud detection, identity proofing, and access governance increasingly overlap across human identity, NHI, and account takeover risk.

👉 Read Sumsub's analysis of KuppingerCole's 2025 fraud prevention report

Context

Fraud reduction intelligence platforms sit at the intersection of identity verification, behavioural analytics, and transaction risk. In practice, they try to spot when a user, device, or session no longer matches the expected trust profile, especially in financial services where account takeover and payment abuse can move quickly.

The governance issue is broader than anti-fraud tooling alone. IAM, PAM, and lifecycle controls still need to answer who or what is entitled to act, while fraud tooling answers whether the behaviour looks legitimate in the moment. That split is useful, but only if organisations avoid treating fraud signals as a substitute for identity governance.

Key questions

Q: How should security teams use fraud signals in identity decisions?

A: Fraud signals should feed into identity decisions as one component of a broader risk model, not as a replacement for IAM controls. Teams should define which combinations of behavioural, device, and transaction signals trigger step-up verification, manual review, or denial, and they should audit those decisions so exceptions remain accountable.

Q: Why do account takeovers require both IAM and fraud controls?

A: Account takeover is an identity event and a fraud event at the same time. IAM controls govern authentication, entitlement, and lifecycle, while fraud controls detect whether the session behaves like the legitimate user. If either side works in isolation, attackers can reuse valid access to complete the monetisation step.

Q: How can teams reduce multi-accounting without blocking legitimate users?

A: Use relationship analysis across devices, payment methods, and behaviour so the platform can detect coordinated abuse without relying on a single brittle rule. Then calibrate thresholds against real customer journeys and review false positives regularly. The goal is targeted friction for risky patterns, not blanket restrictions.

Q: Who should own fraud governance when identity and transaction risk overlap?

A: Ownership should be shared, but accountability must be explicit. IAM should own identity assurance, fraud teams should own pattern detection, and operations should own override discipline. The control fails when these responsibilities blur, because neither access governance nor abuse prevention gets a complete view of the risk.

Technical breakdown

How fraud reduction intelligence platforms correlate identity and device signals

Fraud reduction intelligence platforms combine identity verification, device intelligence, behavioural telemetry, and network relationship data to infer whether a session is likely genuine. Instead of relying on a single control such as password strength or a one-time check, they score patterns across enrollment, login, transaction, and escalation events. This matters because modern fraud often crosses channels and identities, including synthetic identities, account takeovers, and multi-account abuse. The technical value lies in correlation: one weak signal may be ambiguous, but several aligned anomalies create a stronger decision point for challenge, step-up review, or decline.

Practical implication: connect fraud telemetry to identity workflows so high-risk sessions trigger review before payment or account changes complete.

Why behavioural intelligence matters more than static rules

Static rules catch known bad patterns, but fraud actors adapt fast enough to make simple thresholds brittle. Behavioural intelligence looks for deviations in typing cadence, navigation patterns, session flow, device posture, and interaction timing. In a fraud context, that is especially useful when the attacker uses legitimate credentials but behaves differently from the account’s historical baseline. The challenge is not only detection accuracy, but governance over false positives, challenge fatigue, and how exceptions are approved. A mature model uses behavioural risk as one input to an identity decision, not as a standalone verdict.

Practical implication: tune behavioural signals against real customer journeys so step-up controls do not damage legitimate conversion.

How fraud network detection changes the control model

Fraud network detection maps shared infrastructure, devices, payment instruments, and identity attributes to reveal coordinated abuse that looks isolated at the account level. This is important for bot-driven fraud, multi-accounting, and synthetic identity rings, where each individual event may appear normal until the network is analysed. The architectural shift is from point-in-time review to relationship analysis across many accounts and events. For IAM and security teams, the lesson is that identity trust can be abused at scale through reused infrastructure even when each account appears independently verified.

Practical implication: share fraud network indicators across fraud, IAM, and trust and safety teams so repeated abuse is blocked systemically.

Threat narrative

Attacker objective: The attacker aims to monetise trust by converting a believable identity or session into fraudulent access, payments, or account control.

1. Entry occurs through account takeover, bot-driven signup, or synthetic identity creation that passes initial checks and reaches a live session or transaction path.
2. Escalation happens when the actor reuses trusted credentials, devices, or payment references to move from basic access into higher-value fraud actions such as transfers, cash-out, or multi-account abuse.
3. Impact follows as fraudulent transactions, unauthorized account actions, or coordinated abuse patterns that bypass isolated controls and create financial and operational loss.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• Zacks Investment Research breach — Zacks breach exposed 12M customer records including credentials.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Fraud reduction intelligence is becoming an identity governance problem, not just a detection problem. Once fraud controls decide whether a session or transaction is trusted, they are already participating in access governance. That means IAM, fraud, and risk teams need shared definitions for assurance, escalation, and exception handling. The practitioner conclusion is that fraud tooling should be governed like an identity control surface, not a sidecar alerting layer.

Identity confidence now depends on correlated signals, not single-point checks. KuppingerCole’s framing reflects a market shift away from isolated verification toward layered assessment of device, behaviour, and network relationships. That aligns with how modern abuse works across account takeover, synthetic identity, and bot operations. The practitioner conclusion is that programmes built around one-off proofing or static rules will miss coordinated abuse patterns.

Multi-accounting prevention is a governance signal for digital business models. When a platform must prevent one actor from presenting as many, the issue is no longer just fraud volume. It becomes an entitlement and relationship problem across identities, devices, and payment paths. The practitioner conclusion is to treat multi-accounting as a policy design issue, not merely a monitoring issue.

Granular transactional risk analysis is the named concept that matters here. The real shift is from authenticating a user once to continuously judging whether each transaction still fits the expected trust envelope. That changes how teams think about challenge, approval, and denial in financial workflows. The practitioner conclusion is that transaction-level governance has to be part of the identity model.

Fraud defence in finance now sits at the boundary of identity assurance and customer experience. The more aggressively teams challenge users, the more they risk friction and abandonment. The more softly they treat anomalies, the more they create exposure to account takeover and payment fraud. The practitioner conclusion is that governance must explicitly balance assurance thresholds with business tolerance for friction.

From our research:

• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, with 46% confirmed and 26% suspected, according to The 2024 ESG Report: Managing Non-Human Identities.
• Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks, according to The 2024 ESG Report: Managing Non-Human Identities.
• For a deeper governance lens, see NHI Lifecycle Management Guide for lifecycle control patterns that help reduce hidden access exposure.

What this signals

Granular transactional risk analysis is becoming the practical bridge between fraud operations and identity governance. As platforms move from isolated checks to correlated judgement, security teams need a shared policy layer for step-up, deny, and exception handling. The real programme signal is that fraud intelligence is now part of identity control design, not just post-event detection.

With 72% of organisations already reporting or suspecting NHI compromise, the broader lesson is that hidden identities and hidden trust paths are becoming a default governance problem. For readers, that means lifecycle discipline and access visibility are no longer back-office hygiene. They are the precondition for making fraud decisions that can be defended.

Identity confidence debt: this is the growing gap between the trust a platform assumes and the evidence it can actually verify at runtime. When that debt rises, teams compensate with more friction, more reviews, or more losses. Readers should watch where their own verification stack still depends on static assumptions about who or what is acting.

For practitioners

• Map fraud signals to identity decisions Define which fraud outcomes trigger step-up verification, manual review, denial, or account restriction, and make those thresholds visible to IAM, fraud, and operations teams.
• Correlate device and identity telemetry Join device reputation, behavioural patterns, and account history so suspicious sessions are evaluated as a pattern rather than a single event.
• Review multi-accounting controls Inspect signup, login, and payment workflows for repeated devices, shared payment instruments, and recycled identity attributes that indicate coordinated abuse.
• Govern exception handling tightly Document who can override fraud decisions, what evidence is required, and how overrides are audited so challenge fatigue does not weaken policy discipline.

Key takeaways

• Fraud reduction intelligence platforms are not only detection tools, they are identity decision systems that shape access, challenge, and denial.
• The strongest fraud programmes correlate identity, device, behaviour, and network data because single controls rarely expose coordinated abuse.
• Practitioners should govern fraud exceptions, transaction risk thresholds, and lifecycle visibility with the same discipline they apply to identity controls.

Key terms

• Fraud Reduction Intelligence Platform: A fraud reduction intelligence platform combines identity, device, behavioural, and network signals to judge whether a session or transaction is trustworthy. It is not just a detection layer. It influences challenge, review, and denial decisions at the point where risk turns into action.
• Multi-accounting: Multi-accounting is the practice of one actor controlling many accounts to bypass platform rules, incentives, or limits. In identity governance terms, it is a relationship and entitlement problem, because the abuse often comes from reused devices, payment methods, or shared behavioural patterns rather than a single compromised login.
• Transaction Risk Analysis: Transaction risk analysis is the process of evaluating the likelihood that a payment or account action is fraudulent before allowing it to complete. It uses contextual signals such as device reputation, identity history, and behavioural anomalies to decide whether to proceed, challenge, or stop the action.
• Behavioural Intelligence: Behavioural intelligence is the use of interaction patterns, timing, and session dynamics to assess whether a user or actor is behaving like the expected identity. It is most useful when credentials look valid but the runtime behaviour suggests automation, takeover, or coordinated abuse.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or identity governance in your organisation, it is worth exploring.

This post draws on content published by Sumsub: Sumsub's Fraud Prevention is recognized as an Overall Leader by KuppingerCole Analysts. Read the original.