Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Payout fraud and velocity blindness: what IAM teams should notice


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9136
Topic starter  

TL;DR: Payout fraud is most dangerous at the disbursement stage, where onboarding-only controls lose sight of identity drift, beneficiary risk, and cross-team signal loss, according to Sumsub’s podcast with Amazon’s Apurva Shrivastava. The central lesson is that risk decisions must travel with the identity lifecycle, or fraudsters will wait for the cash-out moment to exploit the gap.

NHIMG editorial — based on content published by Sumsub: Cash Out: Fraud's Final Act | "What The Fraud?" Podcast

Questions worth separating out

Q: What breaks when fraud controls stop at onboarding and ignore payout time?

A: The organisation loses sight of identity drift between account creation and cash-out, which lets dormant or lightly active accounts be used for fraud later.

Q: Why do payout fraud patterns often evade upstream verification models?

A: Upstream models usually score limited early-life data, while payout fraud often depends on waiting, trigger events, and burst execution.

Q: What do security teams get wrong about disbursement-time identity assurance?

A: They often assume it is just another fraud rule, when it is really a lifecycle control.

Practitioner guidance

  • Add identity checks to the payout path Evaluate the beneficiary again at disbursement, using current account state, payout history, and payment-method changes rather than relying only on onboarding verification.
  • Propagate upstream fraud signals into payments Feed onboarding, dormancy, account-farming, and trigger-event indicators into the payout engine so risk follows the identity across the lifecycle.
  • Create a shared fraud and payments decision model Align fraud, payments, and product teams on one set of risk thresholds for cash-out events, with clear ownership for holds, reviews, and escalation.

What's in the full article

Sumsub's full podcast covers the operational detail this post intentionally leaves for the source:

  • The full discussion of account farming, trigger events, and burst execution as a fraud lifecycle model.
  • The practical examples of beneficiary-side blind spots in marketplaces and payout systems.
  • The explanation of cumulative identity state ideas for measuring drift across the account lifecycle.
  • The conversation on how payments teams and fraud teams can share risk ownership without adding unnecessary checkout friction.

👉 Read Sumsub's podcast discussion on payout fraud and disbursement-time identity assurance →

Payout fraud and velocity blindness: what IAM teams should notice?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8575
 

Onboarding-first fraud governance is now an incomplete identity model. The article shows that organisations still treat the identity at creation time as if it remains stable until payout. That assumption fails because the beneficiary can drift, the payment path can change, and the attacker can wait for a system trigger before cashing out. The implication is that governance must follow the identity lifecycle, not stop at verification.

A few things that frame the scale:

  • 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to the Ultimate Guide to NHIs.
  • Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.

A question worth separating out:

Q: Who is accountable when cash-out fraud is booked as an operational loss?

A: Accountability should sit across fraud, payments, and identity governance, because the failure spans all three functions. If the loss is treated only as an operational cost, the organisation hides the control failure and weakens remediation. The right response is to assign shared ownership for disbursement risk and the signals that inform it.

👉 Read our full editorial: Payout fraud exposes the blind spot in onboarding-first risk models



   
ReplyQuote
Share: