Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Payout fraud and disbursement-time assurance: what teams must change


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9136
Topic starter  

TL;DR: Payout fraud often defeats onboarding-time KYC because the real failure occurs at disbursement, where account farming, trigger waiting, and burst execution converge, according to SumSub. The lesson is that identity assurance must extend to the money-moving moment, or fraud control remains structurally incomplete.

NHIMG editorial — based on content published by SumSub: payout fraud, account farming, and disbursement-time identity assurance

By the numbers:

Questions worth separating out

Q: What breaks when identity assurance stops at onboarding for payout fraud?

A: Onboarding-only assurance breaks because it verifies the account before the value event, not at the point where money actually leaves.

Q: When should organisations apply stronger checks for payout fraud?

A: Stronger checks belong at the moment of disbursement, especially when transaction value, timing, or behaviour changes from the account’s normal pattern.

Q: How do teams know whether payout-time identity controls are working?

A: They should look for reduced loss at the disbursement stage, fewer successful bursts, and more interventions before transfer completion.

Practitioner guidance

  • Map the payout decision path Identify every approval, policy check, and manual override between account creation and disbursement so you can see where fraud can wait for a trigger event.
  • Separate onboarding risk from disbursement risk Assign different assurance thresholds to account creation and to money movement.
  • Classify payout fraud as a fraud control failure Rework loss taxonomy so repeated cash-out incidents are not buried as generic operational loss.

What's in the full article

SumSub's full article covers the operational detail this post intentionally leaves for the source:

  • Apurva Shrivastava's explanation of how account farming, trigger events, and burst execution appear in live payment flows.
  • The practical shape of a disbursement-time identity assurance score and what signals it would need to consume.
  • Why payout fraud is often misclassified as an operational loss and how that affects ownership.
  • The guest discussion on why platforms have to be right every time while fraudsters only need one opening.

👉 Read SumSub's analysis of payout fraud and disbursement-time identity risk →

Payout fraud and disbursement-time assurance: what teams must change?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8575
 

Onboarding assurance is not the same as payout assurance. Fraud programmes that stop at KYC assume the identity problem is resolved once an account is approved. That assumption fails when the real abuse happens later, at the point of disbursement, because legitimacy at creation does not guarantee legitimacy at cash-out. Practitioners should treat payout-time identity as a separate control domain.

A few things that frame the scale:

  • 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to the Ultimate Guide to NHIs.
  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.

A question worth separating out:

Q: Why do fraud teams and identity teams need shared ownership of cash-out risk?

A: Because the attack crosses a governance boundary. Fraud builds the behavioural pattern, payments executes the transfer, and identity controls decide whether the account is still trustworthy at the moment of payout. If those teams work separately, the organisation can pass every individual check and still lose the money.

👉 Read our full editorial: Payout fraud exposes the limits of onboarding-time identity checks



   
ReplyQuote
Share: