AI 扩展计划 / Playbooks
AI Authorized Push Payment / Scam Intervention Playbook
核心判断:
910 行AI_AUTHORIZED_PUSH_PAYMENT_SCAM_INTERVENTION_PLAYBOOK.md
AI Authorized Push Payment / Scam Intervention Architecture Playbook
定位: 面向 Advanced AI PM、CBAP Senior BA、AI Product Architect、Enterprise Architect、Fraud/Scam Operations、Payments Product、Branch and Contact Center Operations、Model Risk、Conduct Risk、Privacy、Compliance、AML/BSA、Complaints、Internal Audit 和金融零售业务 owner。本文不是基础反欺诈材料, 而是训练你把 authorized push payment scam 从“客户自己转账”提升为 real-time customer protection architecture、AI decisioning、payment rail intervention、frontline operating model、evidence and remediation capability。
核心判断:
The bank should not treat every authorized push payment as valid intent, and should not treat every high-risk payment as fraud. The architecture challenge is to estimate scam-induced intent loss, intervene proportionally, preserve customer autonomy, and prove the decision later.
0. Disclaimer
本文是学习、架构训练和作品集材料, 不构成法律意见、监管意见、合规结论、消费者赔付建议、客户通知建议、支付网络规则解释、可疑活动报告建议、模型验证意见或具体机构政策建议。
正式项目必须由 Legal、Compliance、Payments Legal、Fraud/Scam Operations、AML/BSA、Privacy、Cyber、Model Risk、Conduct Risk、Complaints、Payments Operations、Branch/Contact Center、Product Owner、Data Governance、Third-Party Risk、Internal Audit 和必要的外部顾问共同判断。
不同 payment rail、account agreement、network rule、state/federal/international law、客户类型、business/consumer status、jurisdiction、transaction facts、complaint record、evidence quality、receiving institution response 和机构政策都会影响是否能 hold、delay、decline、recall、reimburse、close account、file report 或联系第三方。本文避免作任何 jurisdiction-specific reimbursement claim。Remediation and reimbursement must be determined by Legal/Compliance/Complaints under applicable facts and policy。
1. Executive Framing
APP scam 是金融零售 AI 的高难度场景, 因为它处在三个边界交叉处:
- Payments velocity: 客户需要快速转账, 诈骗也依赖快速转走。
- Customer autonomy: 客户确实登录、认证、点击并授权, 但可能被操控。
- Institution duty and conduct risk: 机构不能简单袖手旁观, 也不能用粗暴拦截替代客户决策。
高级 PM / Architect 要把问题从 "build a scam model" 改写为:
How do we design a real-time intervention system that detects scam-induced authorization,
applies the least harmful effective friction,
routes complex cases to trained humans,
preserves evidence for complaints and remediation,
feeds mule intelligence back into financial crime operations,
and remains governed under model, conduct and privacy controls?
Executive one-liner:
APP scam control is a customer-protection decision system, not merely a fraud classifier.
Board / executive concerns:
| Concern | Architecture answer |
|---|---|
| Customer losses | Identify scam typology, intervene before settlement, support recovery and complaints |
| Legitimate payment disruption | Track false friction, completion delay, override and appeal paths |
| Model risk | Validate calibration, drift, feature use, reason codes, override and feedback loop |
| Conduct risk | Review vulnerable customer treatment, warning quality, complaint outcomes and fairness proxies |
| Privacy | Limit conversation/device data to approved sources, purposes, retention and access |
| Financial crime | Feed mule/beneficiary intelligence into AML/BSA and investigations |
| Operational readiness | Train branch/call center, define decision rights, preserve evidence |
2. Source Anchors
| Anchor | Official link | 本文使用方式 |
|---|---|---|
| FTC scam alerts | https://consumer.ftc.gov/features/scam-alerts | 用 consumer-facing scam patterns、reporting/recovery awareness 和 scam taxonomy 建立 warning library and education content |
| FTC impersonation rule blog | https://www.ftc.gov/business-guidance/blog/2024/02/ftc-impersonation-rule-goes-effect-april-1 | 用 government/business impersonation risk 训练 impersonation scenario, business/customer warning copy, brand-abuse controls |
| FFIEC Authentication and Access to Financial Institution Services and Systems | https://www.ffiec.gov/press/pr081121.htm | 用 risk assessment、layered security、MFA/equivalent controls、monitoring/logging/reporting、call center/help desk risk 和 push payment risk 设计 step-up and operations controls |
| FinCEN advisories/bulletins/fact sheets | https://www.fincen.gov/resources/advisoriesbulletinsfact-sheets | 用 financial crime typology、mule accounts、elder financial exploitation、cyber-enabled fraud 和 SAR escalation awareness 连接 scam ops and AML/BSA |
| CFPB compliance circulars landing page | https://www.consumerfinance.gov/compliance/circulars/ | 用 consumer protection and supervisory guidance 入口训练 complaints、remediation、customer communication and conduct-risk thinking |
| NIST AI RMF | https://www.nist.gov/itl/ai-risk-management-framework | 用 Govern / Map / Measure / Manage 组织 risk mapping、metric design、monitoring、control selection and improvement |
| ISO/IEC 42001 overview | https://www.iso.org/standard/42001 | 用 AI management system、roles、policy、operation planning、performance evaluation、internal audit and continual improvement 建立 operating model |
Source nuance:
- FTC scam alerts 是 typology and education anchor, 不是金融机构具体赔付义务结论。
- FFIEC authentication guidance 强调 authentication and access risk management, layered security and monitoring;APP scam 需要在此基础上增加 intent and social-engineering layer。
- FinCEN anchors 对 mule and suspicious activity awareness 有价值, 但报告义务、时点和内容由 BSA/AML and Legal 判断。
- CFPB guidance/circulars landing page 用于培养 consumer protection and complaints discipline, 不应被本文当作某一 APP scam reimbursement rule。
- NIST AI RMF and ISO/IEC 42001 提供 AI governance language, 不是单个模型的 pass/fail checklist。
3. Scam Taxonomy
Playbook taxonomy 要能直接驱动 intervention, not just reporting。
| Typology | Manipulation pattern | Typical customer story | Payment pattern | Primary controls |
|---|---|---|---|---|
| Bank safe-account impersonation | "账户被盗, 转到安全账户保护资金" | 客户说 bank/fraud team 正在协助 | new beneficiary, wire/RTP/P2P, active phone coaching | safe-account warning, out-of-band callback, fraud specialist, payment delay where allowed |
| Government / law enforcement impersonation | 威胁 arrest, tax, immigration, warrant, fine | 客户恐惧、保密、急迫 | wire, cash, gift card, crypto, split payments | authority scam warning, pause, independent verification, branch escalation |
| Business email compromise | vendor/executive/closing agent 改收款信息 | "这是供应商/房产交易新账号" | ACH/wire, payee change, business user approval | known-good callback, dual approval, beneficiary change hold |
| Romance / family trust scam | 长期情感操控, 借钱/医疗/旅行/危机 | 客户保护对方, 不愿透露 | repeated transfers, escalating amount, crypto | non-shaming script, cooling-off, trusted contact where policy allows |
| Investment / crypto scam | guaranteed return, fake platform, withdrawal fee | 客户相信自己在投资 | wire to exchange, crypto on-ramp, repeated top-ups | investment warning, platform risk, cooling-off, fraud specialist |
| Tech support / refund scam | remote access, fake refund, overpayment error | 客户被引导操作电脑/手机 | bill pay, wire, P2P, gift card, cash | remote access question, session anomaly, device security advice |
| Marketplace / purchase scam | off-platform payment, fake goods/rent/tickets/pets | 客户认为是普通购买 | P2P/RTP/ACH to unknown party | purchase-specific warning, seller verification, payment protection education |
| Mule recruitment / money flipping | 客户被诱导收转资金或出借账户 | "帮朋友收钱/赚佣金" | inbound then rapid outbound, new account, crypto | account review, financial crime escalation, customer education |
| Elder / vulnerable customer exploitation | trusted person or outsider施压 | story changes, family/caregiver pressure | branch cash/wire, repeated unusual payments | trained branch escalation, privacy-safe support, legal/compliance route |
Taxonomy design requirements:
- Allow multi-label cases. A romance scam can become crypto investment scam。
- Capture scam stage: grooming, payee setup, first payment, repeated payment, recovery fee, complaint。
- Capture pressure signal: urgency, secrecy, authority, shame, love/trust, greed/FOMO, fear, remote control。
- Capture payment consequence: immediate loss, delayed settlement, recoverable window, mule cluster, complaint。
4. Payment Rail and Intervention Map
| Rail / product | Key risk | Decision point | Evidence needed |
|---|---|---|---|
| Real-time payment / instant transfer | low recovery window, customer expects speed | before final send, new payee setup, amount increase | risk score, payee verification, warning response, settlement timestamp |
| Wire transfer | high-value and often irreversible | branch/wire room approval, callback, dual control | wire request, customer purpose, beneficiary, callback result, staff notes |
| ACH credit | batch process gives some review time but business volume high | payee creation, file submission, exception review | file id, user approval, beneficiary change, velocity, return/recall attempts |
| P2P / alias payment | alias ambiguity and casual UX | recipient confirmation, relationship warning | phone/email alias, display name, prior relationship, customer confirmation |
| Bill pay / external transfer | fake biller or mule disguised as payee | payee onboarding and first payment | biller directory result, address/account history, memo, customer purpose |
| Internal transfer | institution sees both sides but account privacy applies | sender risk + receiver account risk | receiving account risk, hold/recovery status, investigation linkage |
| Crypto on-ramp / exchange payment | asset movement after fiat payment hard to reverse | first exchange payment, high increase, investment story | merchant/exchange risk, customer warning, withdrawal story, repeat pattern |
| Business treasury payment | dual control may still be socially engineered | beneficiary change, approver behavior, out-of-band verification | approval chain, vendor master change, callback proof, BEC evidence |
Rail-aware design questions:
- What is the last point where friction can still prevent loss?
- What delay/hold/decline authority exists under product terms and network rules?
- What recovery channel exists post-send, and who owns it?
- What does the customer expect in this rail, and what friction will feel legitimate?
- What evidence is needed if the customer later complains?
5. Decision Gates
Gate 0: Use Case and Risk Tier
Purpose: decide which payment journeys need APP scam controls before launch。
| Question | High-risk answer |
|---|---|
| Is the rail fast or hard to reverse? | RTP, wire, P2P, crypto on-ramp |
| Is customer self-service? | mobile/online without human review |
| Can new beneficiaries be added quickly? | yes, especially with first-payment same session |
| Are vulnerable customers or high-value accounts involved? | seniors, newly bereaved, high balances, small business owners |
| Does the channel include conversation evidence? | branch/call/chat/transcript available |
Output: Scam Control Tier, required evidence objects, required intervention ladder, model inventory entry。
Gate 1: Beneficiary / Payee Onboarding
Purpose: stop risky destination setup before payment urgency peaks。
Controls:
- New payee risk scoring。
- Name/alias/account consistency where available。
- Beneficiary graph lookup。
- Known vendor/merchant/biller directory match。
- Account change verification for business payments。
- First-payment delay or enhanced warning where policy allows。
Gate decision:
| Risk pattern | Default action |
|---|---|
| Known relationship and low value | allow with passive monitoring |
| New payee + high-value/fast rail | warning + confirmation + possible delay |
| Beneficiary linked to mule cluster | fraud ops review or decline/hold route according to policy |
| Vendor account change | known-good callback and dual approval |
Gate 2: Payment Initiation
Purpose: combine transaction, session, rail and customer history。
Signals:
- Amount relative to customer baseline。
- First payment to beneficiary。
- Rail risk and settlement speed。
- Device/session anomalies and remote-access indicators where allowed。
- Recent limit increase, failed attempts, repeated edits, split payments。
- Recent calls/chats/branch visits/complaints。
- Customer segment and vulnerability flags only where policy-approved。
Output: risk vector with reason codes, not just score。
Gate 3: Customer Intent Confidence
Purpose: estimate whether authorization reflects informed and independent intent。
Intent checks:
| Check | Example high-risk response |
|---|---|
| Relationship clarity | "我不能说", "这是安全账户", "他们让我保密" |
| Independent verification | customer used number/link provided by caller |
| Urgency pressure | payment must happen now to avoid arrest/loss |
| Coaching | customer remains on phone or repeats scripted purpose |
| Understanding of irreversibility | customer believes bank can reverse after send |
| Alternative explanation | customer rejects all warning because scammer has framed bank as threat |
Architecture output: intent_confidence = high / medium / low / unknown, with uncertainty and reason codes。
Gate 4: Step-Up Friction
Purpose: choose least harmful effective friction。
| Risk level | Friction | Example |
|---|---|---|
| Low | passive confirmation | "确认收款人和金额" |
| Medium | typology-specific warning | "如果有人要求你转到安全账户, 这是诈骗特征" |
| High | interactive checklist + cooling-off | customer must answer independent verification questions |
| Very high | fraud specialist callback / branch review | trained staff conducts structured conversation |
| Critical | delay/hold/decline/escalation under policy | decision by authorized owner, evidence captured |
Friction quality rules:
- Be specific about the scam pattern。
- Avoid blame and shame。
- Do not disclose sensitive model logic or mule intelligence。
- Offer a safe pause。
- Preserve customer response。
- Provide escalation route。
Gate 5: Human Escalation
Purpose: use branch/call center judgment without unstructured inconsistency。
Escalation routing:
| Trigger | Route |
|---|---|
| Safe-account / active phone coaching | Fraud specialist callback |
| High-value wire | Wire room + branch manager + fraud review |
| Vulnerable customer concern | Branch supervisor + compliance/conduct route |
| Business vendor change | Treasury service + known-good callback |
| Mule recipient cluster | Fraud ops + AML/BSA review |
| Complaint after send | Complaints + scam ops + recovery desk |
Structured interview questions:
- Who told you to make this payment?
- How did you verify the person or company independently?
- Are you currently on the phone/chat with anyone about this payment?
- Did anyone tell you not to tell the bank, your family, or colleagues?
- Did anyone ask you to say the payment is for a different purpose?
- Do you understand this payment may be difficult or impossible to recover after it is sent?
- Would you be willing to pause and call the organization using a number you find independently?
Gate 6: Release / Delay / Hold / Decline / Monitor
Purpose: make accountable payment decision。
Decision record must include:
- risk vector and model version。
- payment rail and intervention window。
- customer response and evidence。
- decision owner and authority。
- Legal/Compliance consultation if required。
- final action and customer communication。
- recovery path if payment proceeds。
No architecture document should hard-code universal authority to delay or refuse payments. That authority is product-, rail-, contract-, law-, and policy-dependent。
Gate 7: Post-Payment Recovery and Complaint
Purpose: once payment leaves, speed and evidence matter。
Actions:
- Initiate recall/recovery workflow immediately where available。
- Contact receiving institution through approved channel。
- Open complaint/remediation case if customer alleges scam or inadequate warning。
- Preserve intervention evidence and final customer-visible content。
- Update mule graph and beneficiary risk。
- Feed outcome to model labels after quality review。
- Review whether customer is at risk of repeat targeting。
6. Artifact Set
| Artifact | Purpose | Owner |
|---|---|---|
| Scam Taxonomy and Typology Library | consistent risk classes and warning content | Fraud Strategy |
| Payment Rail Intervention Map | rail windows, hold/delay options, recovery channels | Payments Product / Payments Ops |
| Customer Intent Confidence Model Spec | feature logic, confidence vector, reason codes | AI Product / Data Science |
| Beneficiary / Mule Risk Card | destination risk and graph evidence | Fraud Ops / Financial Crimes |
| Step-Up Friction Decision Table | maps risk to UX and operations | Product / Scam Ops |
| Warning Copy Library | approved typology-specific warnings | Product / Legal / Compliance |
| Frontline Structured Interview Script | branch/call center conversation control | Operations / Fraud Training |
| Evidence Pack Schema | complaint, recovery, audit and model feedback proof | Architecture / Data Governance |
| Complaint and Remediation Handoff | evidence and decision path for post-loss review | Complaints / Compliance |
| Model Risk Pack | model purpose, data, validation, monitoring, overrides | Model Risk / Data Science |
| Conduct Risk Review Pack | false friction, vulnerable customers, complaints, fairness | Conduct Risk / Compliance |
| Privacy Assessment | data minimization, consent, retention, access, purpose | Privacy / Data Governance |
| Tabletop Exercise Scripts | tests decision rights and operations readiness | Operational Risk / Internal Audit |
7. RACI / Operating Model
Decision rights:
| Decision | Accountable | Consulted |
|---|---|---|
| Define scam typology and risk appetite | Fraud Strategy Executive | Payments, Compliance, Model Risk |
| Approve payment intervention ladder | Product Owner + Fraud Ops | Legal, Compliance, Conduct Risk |
| Approve delay/hold/decline policy | Legal/Compliance + Business Owner | Payments Ops, Fraud Ops |
| Approve model for production | Model Risk Governance | Data Science, AI Product, Fraud Ops |
| Approve conversation data use | Privacy / Data Governance | Legal, Operations, Model Risk |
| Escalate mule network | Financial Crimes / AML/BSA | Fraud Ops, Legal |
| Handle customer complaint | Complaints Owner | Fraud Ops, Legal, Compliance, Payments |
| Decide remediation route | Complaints / Business / Legal / Compliance | Finance, Fraud Ops |
| Report to risk committee | Operational Risk / Fraud Executive | Product, Model Risk, Compliance |
| Audit control effectiveness | Internal Audit | All control owners |
RACI:
| Activity | Accountable | Responsible | Consulted | Informed |
|---|---|---|---|---|
| Scam taxonomy | Fraud Strategy | Scam Ops | AML/BSA, Legal, Product | Branch/Call Center |
| Beneficiary scoring | Fraud Ops | Data Science | Privacy, Financial Crimes | Payments Ops |
| Intent model | AI Product | Data Science | Model Risk, Conduct Risk | Fraud Ops |
| Payment UX | Payments Product | Design / Engineering | Legal, Compliance, Scam Ops | Contact Center |
| Warning copy | Product | UX Content | Legal, Compliance, Fraud Ops | Branch |
| Human escalation | Operations | Branch/Contact Center Leaders | Fraud Training, Compliance | Product |
| Evidence ledger | Architecture | Engineering / Data | Privacy, Legal, Audit | Complaints |
| Model monitoring | Model Risk | Data Science | Fraud Ops, Conduct Risk | Risk Committee |
| Complaint review | Complaints | Case Handlers | Legal, Fraud Ops, Payments | Customer-facing teams |
| CAPA | Operational Risk | Control Owners | Audit, Compliance | Senior Management |
Governance cadence:
| Cadence | Forum | Outputs |
|---|---|---|
| Daily | Scam ops huddle | typology spikes, mule accounts, recovery urgency |
| Weekly | Product/fraud/model review | false friction, threshold changes, model labels, warning performance |
| Monthly | Conduct/privacy review | complaints, vulnerable customer impacts, data use, frontline QA |
| Quarterly | AI and fraud governance committee | model performance, control gaps, roadmap, vendor dependencies |
| Semiannual | Internal control testing | operating effectiveness, evidence quality, script adherence |
| Annual | Tabletop exercise | rail-specific scam scenario, branch/call center escalation, complaint drill |
8. Implementation Roadmap
Phase 1: 0-30 Days, Foundation
| Workstream | Action | Deliverable |
|---|---|---|
| Scope | Pick top 2 rails and channels by scam loss and recovery difficulty | Rail Scope Card |
| Taxonomy | Define 8-10 scam typologies and pressure signals | Scam Typology Library |
| Evidence | Map current logs, warnings, staff notes and payment records | Evidence Gap Map |
| Operations | Identify branch/call center escalation paths | Escalation Map |
| Privacy | Inventory data sources and prohibited signals | Data Use Boundary |
| Metrics | Establish baseline losses, complaints, false friction proxies | Baseline Dashboard |
Phase 2: 31-60 Days, MVP Controls
| Workstream | Action | Deliverable |
|---|---|---|
| Beneficiary risk | Build first-time payee and high-risk beneficiary rules | Beneficiary Risk Card |
| Intent checks | Add structured customer questions for high-risk flows | Intent Checklist |
| UX | Launch typology-specific warnings for top scenarios | Warning Copy Library |
| Operations | Train pilot fraud specialists and branch/call center supervisors | Training Pack |
| Evidence | Create case_id linkage across payment, warning and intervention | Evidence Ledger MVP |
| Governance | Start weekly threshold and complaint review | Governance Minutes |
Phase 3: 61-90 Days, AI Decisioning
| Workstream | Action | Deliverable |
|---|---|---|
| Model | Develop risk vector model with reason codes | Model Spec and Validation Pack |
| Friction engine | Map risk vector to intervention ladder | Friction Decision Table |
| Mule graph | Add network features and receiving account intelligence where allowed | Mule Graph MVP |
| Monitoring | Track false friction, reversal, complaint, recovery and calibration | Monitoring Dashboard |
| Conduct risk | Review customer impact and vulnerable segment controls | Conduct Review Pack |
| Tabletop | Run RTP/wire scam scenario with post-payment complaint | Tabletop Report |
Phase 4: 91-180 Days, Scale and Control
| Workstream | Action | Deliverable |
|---|---|---|
| Multi-rail | Extend to ACH, P2P, bill pay, business treasury | Rail Expansion Plan |
| Advanced AI | Add transcript analytics and LLM-assisted analyst summarization within privacy boundary | AI Ops Assist Pack |
| Feedback loop | Integrate complaint outcomes, recovery outcomes and analyst labels | Label Governance |
| Vendor/consortium | Evaluate third-party beneficiary intelligence and data sharing | Third-Party Risk Assessment |
| Audit | Test control design and evidence quality | Internal Audit Binder |
| Portfolio | Package case study, architecture model, roadmap and metrics | Portfolio Storyline |
9. Evidence Pack
Evidence pack should prove what happened, why intervention occurred, what the customer saw/heard, who decided, and how the outcome was handled。
Minimum evidence fields:
| Field | Purpose |
|---|---|
| case_id | common reference across payment, intervention, complaint |
| payment_id | transaction-level evidence |
| rail / channel | intervention window and customer experience context |
| customer_id / segment | customer history and complaint linkage |
| beneficiary_id | recipient graph and recovery linkage |
| session_id / device_id | identity/session confidence where allowed |
| authentication_result | confirms customer authentication path |
| risk_vector | identity, rail, beneficiary, intent, social-engineering, evidence quality |
| model_version | reproducibility and model risk |
| reason_codes | frontline explanation and audit |
| warning_content_id | exact message shown |
| customer_response | proceed/cancel/changed story/escalate |
| frontline_interaction_id | call/chat/branch/wire room evidence |
| structured_interview | question/answer record |
| decision_owner | automated rule, analyst, branch manager, wire room, supervisor |
| decision_action | release, delay, hold, decline, monitor, recovery |
| legal_compliance_consult | consultation timestamp and decision reference where applicable |
| final_payment_status | settled, canceled, returned, recalled, unrecovered |
| complaint_id | post-event review linkage |
| remediation_status | under review, approved, denied, paid, closed under policy |
| mule_graph_update | beneficiary intelligence feedback |
| label_status | confirmed scam, suspected scam, legitimate, insufficient evidence |
Evidence quality scoring:
| Score | Meaning |
|---|---|
| 5 | full transaction, model, warning, customer response, staff notes, outcome and complaint evidence |
| 4 | missing minor supporting evidence but final decision reproducible |
| 3 | core transaction and warning present, weak conversation or beneficiary evidence |
| 2 | payment record present, intervention rationale incomplete |
| 1 | case cannot be reconstructed reliably |
Replay package:
customer payment context
authentication and session evidence
beneficiary risk card
payment rail intervention window
AI risk vector and reason codes
warning or friction shown
customer response
frontline structured interview
decision owner and action
payment settlement/recovery outcome
complaint/remediation outcome
model feedback label
10. Model Risk and AI Governance
Model inventory fields:
| Field | Required content |
|---|---|
| Model purpose | detect and support intervention for APP scam risk |
| Decision boundary | decision support for friction and escalation, not autonomous legal/compliance conclusion |
| In-scope rails | RTP, wire, ACH, P2P, bill pay, crypto on-ramp as approved |
| Features | transaction, beneficiary, behavioral, session, conversation-derived structured fields |
| Prohibited features | unapproved private messages, social media, protected-class proxies without approved governance |
| Labels | confirmed scam, suspected scam, prevented scam, legitimate after friction, complaint outcome |
| Outputs | score, confidence vector, reason codes, uncertainty |
| Human override | allowed roles, required reason, audit capture |
| Monitoring | calibration, drift, false friction, complaint, typology performance |
| Review cadence | weekly operational, monthly risk, quarterly governance |
Validation questions:
- Does the model separate identity confidence from intent confidence?
- Does it over-score new payees in ways that harm legitimate life events, small businesses or immigrant remittances?
- Are labels biased toward customers who complain or high-value losses only?
- Does conversation analytics rely on approved data sources?
- Do reason codes support operations without leaking control logic to scammers?
- Are thresholds validated by rail, channel, amount band, customer segment and typology?
- Can analysts override, and are overrides monitored?
- Is there challenger analysis against simpler rules and human-only review?
- Is drift monitored after scam typology changes?
NIST AI RMF mapping:
| Function | APP scam application |
|---|---|
| Govern | roles, policy, model inventory, escalation rights, audit |
| Map | payment rail risk, customer harm, data boundaries, typologies |
| Measure | calibration, false friction, complaint, recovery, conduct impact |
| Manage | threshold changes, CAPA, model retraining, operations training |
ISO/IEC 42001 mapping:
| AIMS element | APP scam application |
|---|---|
| Policy and objectives | customer protection with proportional friction |
| Roles and responsibilities | fraud, payments, model risk, conduct, privacy, complaints |
| Operation planning | decision gates, evidence ledger, intervention ladder |
| Performance evaluation | metrics, internal audit, management review |
| Improvement | CAPA, typology updates, control redesign |
11. Privacy and Conduct Boundaries
Privacy design principles:
- Use minimum necessary data for scam intervention。
- Make data source, purpose, retention and access explicit。
- Prefer structured customer-provided answers over covert inference。
- Separate customer protection analytics from marketing or unrelated profiling。
- Treat call/chat transcripts as sensitive operational records。
- Review third-party mule/beneficiary intelligence for permissible use and sharing limits。
- Avoid storing scammer-provided screenshots longer than necessary without retention review。
Data boundary table:
| Data source | Default posture |
|---|---|
| Payment metadata | generally core to fraud/payment risk, governed by internal policy |
| Payee setup data | core scam signal, use with access controls |
| Authentication/session data | useful for identity confidence, do not confuse with intent |
| Call/chat transcripts | use only under approved notice, purpose and retention |
| Branch notes | structured and controlled, avoid speculative labels |
| Customer-provided scam messages | use as case evidence, protect sensitive third-party data |
| Device telemetry | high governance need, use only approved fields |
| Private SMS/email/social media | do not use unless explicit legal/privacy basis and product design support it |
| Vulnerability indicators | use carefully for protection, not adverse treatment |
Conduct risk tests:
- Would a reasonable customer understand why friction occurred?
- Are warnings accurate, specific and non-shaming?
- Are certain customer groups experiencing excessive delay or false declines?
- Does the process allow a legitimate urgent payment to escalate efficiently?
- Are vulnerable customers supported without stripping agency?
- Are complaint outcomes feeding back into design?
- Are employees trained not to accuse customers of lying or being complicit without evidence?
12. Branch and Call Center Playbook
Frontline objective:
Create a safe pause, test independent intent, capture evidence,
and route the payment decision through the right authority.
Do:
- Speak calmly and specifically。
- Ask if anyone is on the phone/chat or remote session。
- Ask how the customer independently verified the recipient。
- Explain payment irreversibility in plain language。
- Offer an independent callback or pause。
- Escalate high-risk patterns to fraud specialist or supervisor。
- Record exact questions and answers。
- Preserve customer dignity。
Do not:
- Shame the customer。
- Argue about whether the customer is "being scammed"。
- Promise reimbursement or legal outcome。
- Reveal mule intelligence details。
- Let a customer-provided phone number be the verification channel。
- Use free-text speculation such as "customer is lying"。
- Ignore coached story changes。
Structured note template:
Scam typology suspected:
Payment rail and amount:
Beneficiary:
Customer stated purpose:
Independent verification method:
Urgency/secrecy/coaching indicators:
Active phone/chat/remote access:
Warning provided:
Customer response:
Escalation:
Decision owner:
Outcome:
Evidence gaps:
Quality assurance:
| QA item | Passing evidence |
|---|---|
| Script adherence | required questions asked and captured |
| Non-shaming language | no blame or ridicule in recording/notes |
| Specific warning | warning matched typology |
| Escalation | high-risk pattern routed correctly |
| Evidence | decision record complete |
| Outcome feedback | case label and complaint link updated |
13. Complaints and Remediation Workflow
Complaints workflow should be designed before losses occur。
Intake questions:
- What payment was sent, through which rail, and when?
- What scam story does the customer report?
- Did the customer receive warnings or speak with staff before sending?
- What did the customer see and acknowledge?
- Was there a hold, delay, override or release decision?
- Were recovery attempts initiated quickly?
- Is there receiving institution evidence?
- Is the customer at risk of repeat targeting?
Workflow:
complaint intake
-> payment and intervention evidence retrieval
-> scam typology classification
-> recovery status check
-> legal/compliance/policy review
-> customer communication
-> remediation decision by authorized owner
-> model label update after QA
-> CAPA if control weakness found
Remediation review dimensions:
| Dimension | Evidence |
|---|---|
| Customer action | authenticated, warned, coached, misled, complained timing |
| Institution action | warning quality, delay/hold decision, escalation, recovery attempt |
| Rail constraints | recovery window, settlement, receiving institution response |
| Scam evidence | messages, call notes, beneficiary graph, law enforcement report where available |
| Policy/legal | account agreement, applicable rules, institution policy, Legal/Compliance view |
| Conduct | clarity, fairness, vulnerable customer treatment, complaint handling |
| Control weakness | model miss, script failure, evidence gap, operational delay |
Do not put reimbursement outcomes in the playbook as universal promises. Use "authorized remediation owner decides under policy and facts"。
14. Metrics and KRIs
Executive dashboard:
| Metric | Use |
|---|---|
| APP scam loss by rail/channel | prioritize controls |
| Prevented loss estimate | communicate value with transparent methodology |
| False friction rate | protect customer autonomy |
| Median legitimate payment delay | monitor customer harm |
| High-risk intervention reversal rate | measure effective pause |
| Warning effectiveness by typology | improve UX and copy |
| Branch/call center escalation success | validate operations investment |
| Recovery attempt time | measure post-payment speed |
| Recovery success rate | evaluate receiving institution and rail process |
| Mule graph hit rate | validate beneficiary intelligence |
| Complaint rate after intervention | conduct and evidence quality signal |
| Complaint remediation cycle time | customer protection and operational quality |
| Model calibration and drift | model risk control |
| Override rate by team | threshold and training signal |
| Evidence completeness | audit and complaint defensibility |
KRIs:
| KRI | Example escalation |
|---|---|
| High-risk payment released without evidence record | immediate control breach review |
| Critical scam warning not shown due to channel gap | product remediation |
| Unknown affected population after scam spike | executive fraud huddle |
| Model drift in top typology | threshold freeze or challenger review |
| False friction spike for a customer segment | conduct risk review |
| Branch script adherence below threshold | retraining and QA |
| Recovery attempt delayed beyond rail-specific target | payments ops escalation |
| Repeated mule beneficiary missed by model | financial crimes review |
| Complaint cases missing intervention evidence | evidence ledger CAPA |
| New data source added without privacy review | model release blocker |
Metric anti-gaming:
- Do not count every abandoned high-risk payment as prevented scam without sampling/QA。
- Do not optimize only loss prevention; include legitimate payment delay and complaint harm。
- Do not hide false declines as "customer chose not to proceed" when friction design caused confusion。
- Do not retrain only on confirmed fraud losses; include prevented and legitimate labels。
15. Checklists
Product Design Checklist
| Check | Passing evidence |
|---|---|
| Rail-specific controls | intervention map exists by rail |
| Payee setup scoring | first-time and changed beneficiaries assessed |
| Typology-specific warnings | warning copy library approved |
| Customer pause | cooling-off or callback pattern defined where allowed |
| Human escalation | route and SLA defined |
| Appeal/escalation | legitimate payment path exists |
| Evidence capture | warning, response and decision logged |
| Complaint handoff | case linkage to complaints exists |
Model Risk Checklist
| Check | Passing evidence |
|---|---|
| Purpose statement | decision support boundary documented |
| Data lineage | approved feature catalog |
| Prohibited features | privacy and conduct exclusions documented |
| Validation | calibration, backtest, challenger, typology performance |
| Monitoring | drift, false friction, override, complaint |
| Human override | role and reason code capture |
| Label governance | QA for confirmed/suspected/prevented/legitimate |
| Change control | threshold/model update approvals |
Operations Checklist
| Check | Passing evidence |
|---|---|
| Branch scripts | trained and versioned |
| Call center scripts | trained and QA monitored |
| Fraud specialist queue | routing, SLA, owner |
| Wire room procedure | high-value escalation and callback |
| Recovery desk | rail-specific recall process |
| Mule intelligence | receiving account feedback loop |
| Complaint review | evidence retrieval and policy review |
| Tabletop | recent exercise and CAPA |
Privacy and Conduct Checklist
| Check | Passing evidence |
|---|---|
| Data minimization | only approved fields used |
| Purpose limitation | scam intervention purpose documented |
| Retention | case and transcript retention set |
| Access control | sensitive evidence restricted |
| Customer dignity | non-shaming scripts |
| Vulnerable customer | support route and QA |
| Fairness review | false friction and complaint by segment |
| Customer communication | clear, accurate, not misleading |
16. Anti-Patterns
| Anti-pattern | Why it fails | Better practice |
|---|---|---|
| "MFA passed, so it is not our issue" | APP scams are authorized under manipulation | separate authentication and intent controls |
| "Block all high-score payments" | creates customer autonomy and conduct risk | proportional intervention ladder |
| "Show the same warning to everyone" | causes warning fatigue | typology-specific warning with customer action |
| "Ask the customer if they are being scammed" | coached customers often answer no | ask behavioral and verification questions |
| "Use transcripts without governance" | privacy, retention and purpose risk | approved data boundary and access controls |
| "Frontline free-text notes are enough" | weak evidence and model feedback | structured interview plus controlled narrative |
| "Fraud team owns everything" | payments, branch, complaints, AML and legal all own parts | cross-functional operating model |
| "Confirmed fraud labels only" | label bias and slow feedback | include prevented, suspected, legitimate and complaint labels |
| "Reimbursement promise in warning" | legal/policy overreach | route to authorized remediation process |
| "No post-payment workflow" | misses recovery and mule intelligence | immediate recovery and graph update |
| "Optimize conversion only" | product metric conflicts with protection | balanced customer protection scorecard |
| "Do not tell customer anything" | unexplained friction drives channel bypass | clear, safe, non-sensitive explanation |
17. Tabletop Scenarios
Scenario 1: Safe Account Scam on Instant Rail
A customer attempts a high-value instant payment to a new beneficiary.
The payment memo says "safe account". The customer passed MFA and says the bank fraud department called them.
They are still on a phone call during the transfer.
Expected actions: safe-account warning, ask active call/coaching questions, independent bank callback, fraud specialist escalation, decision record, potential delay/hold/decline under policy, evidence preservation。
Scenario 2: Branch Wire with Coached Customer
An older customer visits a branch to send a wire overseas.
They appear anxious, say it is for a real estate investment, and refuse to provide documents.
The beneficiary was added that morning.
Expected actions: non-shaming conversation, investment/romance typology questions, supervisor escalation, beneficiary risk card, wire room review, customer pause, structured notes。
Scenario 3: Business Email Compromise
A small business user changes a vendor account and submits an ACH credit file.
The email thread approving the change came from a lookalike domain.
Dual approval occurred, but no known-good callback was performed.
Expected actions: hold/review if within window, known-good vendor callback, BEC typology record, business user education, ACH recovery path, control gap CAPA。
Scenario 4: Crypto Investment Scam
A retail customer sends repeated wires to a crypto exchange after receiving app warnings.
They say they have already seen profits but must deposit more to unlock withdrawal.
Expected actions: investment scam warning, cooling-off, fraud specialist conversation, ask withdrawal proof, repeat-targeting review, complaint/recovery prep if payment proceeds。
Scenario 5: Complaint After Prior Warning
A customer complains that the bank should have stopped a P2P payment.
Evidence shows a generic warning was shown, but no typology-specific warning or structured response was captured.
Expected actions: complaint evidence review, remediation owner decision under policy, warning design CAPA, model label update, conduct risk review。
18. Practical Templates
18.1 Executive One-Pager
Problem:
Authorized customers are sending fast payments under scam influence.
Risk:
Customer loss, complaint exposure, mule network growth, conduct risk, payment disruption.
Architecture:
Separate identity confidence from intent confidence; score beneficiary/mule risk;
apply rail-aware friction; escalate to trained humans; preserve evidence; feed outcomes back.
Controls:
Typology warnings, payee scoring, structured interviews, recovery workflow,
model monitoring, privacy boundary, conduct review.
Metrics:
Loss, prevented loss estimate, false friction, delay, recovery, complaints,
evidence completeness, model drift.
Decision needed:
Approve pilot scope, risk appetite, intervention authority, staffing, data boundary and roadmap.
18.2 Scam Intervention Case Card
Case ID:
Customer:
Rail / channel:
Amount:
Beneficiary:
Typology:
Risk vector:
Intent confidence:
Intervention:
Customer response:
Decision owner:
Outcome:
Recovery action:
Complaint status:
Evidence score:
CAPA:
18.3 Warning Copy Principles
| Rule | Example |
|---|---|
| Name the pattern | "有人要求你把钱转到安全账户是常见诈骗方式" |
| Break the pressure | "请先挂断电话, 用你自己查到的官方号码联系机构" |
| Avoid shame | "这类骗局设计得很逼真, 很多人都会遇到" |
| Explain irreversibility | "发送后可能很难追回" |
| Ask for action | "暂停并验证收款人, 不要使用对方提供的号码或链接" |
| Avoid overclaim | 不承诺一定追回或一定赔付 |
18.4 Model Monitoring Pack
| Section | Content |
|---|---|
| Population | payments scored by rail/channel/amount band |
| Performance | precision proxy, recall proxy, calibration, typology hit |
| Customer impact | false friction, delay, abandon, complaint |
| Operations | escalation volume, SLA, override, QA |
| Conduct | vulnerable customer treatment, segment review |
| Privacy | data source changes, access exceptions |
| Drift | feature distribution, typology shift, mule cluster changes |
| CAPA | threshold updates, script changes, model retraining |
18.5 Complaint Review Worksheet
| Field | Evidence |
|---|---|
| Customer allegation | complaint narrative |
| Payment facts | transaction, rail, beneficiary, timing |
| Scam facts | typology, customer-provided evidence, third-party evidence |
| Intervention facts | warning, response, call/branch notes, decision owner |
| Recovery facts | recall attempt, receiving institution, timing, outcome |
| Policy/legal review | authorized reviewer conclusion under facts and policy |
| Remediation decision | action, rationale, customer communication |
| Control findings | model miss, warning gap, operations gap, evidence gap |
| Feedback | model label, CAPA, training update |
19. 30-Day Portfolio Lab
目标: 30 天内做出一个可展示的 AI APP Scam Intervention Architecture portfolio pack。推荐选择 "instant payment safe-account scam" 或 "branch wire romance/investment scam"。
| Day | Task | Artifact |
|---|---|---|
| 1 | 选定 rail、channel、customer segment | Scenario Boundary Card |
| 2 | 写 scam taxonomy and stage map | Scam Taxonomy |
| 3 | 画 payment rail intervention window | Rail Intervention Map |
| 4 | 定义 beneficiary/mule risk fields | Beneficiary Risk Card |
| 5 | 定义 customer intent confidence vector | Intent Model Spec |
| 6 | 设计 data boundary and privacy map | Data Use Boundary |
| 7 | 设计 typology-specific warnings | Warning Library |
| 8 | 设计 friction ladder | Step-Up Decision Table |
| 9 | 写 branch/call center script | Frontline Script |
| 10 | 定义 evidence pack schema | Evidence Schema |
| 11 | 设计 complaint/remediation handoff | Complaint Workflow |
| 12 | 写 model inventory card | Model Risk Card |
| 13 | 写 conduct risk review checklist | Conduct Checklist |
| 14 | 设计 mule graph feedback loop | Mule Intelligence Flow |
| 15 | 建 metrics dashboard spec | Dashboard Spec |
| 16 | 写 RACI and operating cadence | Operating Model |
| 17 | 写 executive one-pager | Executive Brief |
| 18 | 设计 tabletop scenario | Scenario Script |
| 19 | 运行 tabletop dry run | Decision Log |
| 20 | 写 CAPA register | CAPA Backlog |
| 21 | 准备 sample case card | Case Card |
| 22 | 写 warning A/B principles | Warning Design Memo |
| 23 | 写 privacy and conduct memo | Governance Memo |
| 24 | 写 model monitoring pack | Monitoring Pack |
| 25 | 写 complaint review worksheet | Complaint Worksheet |
| 26 | 写 architecture narrative | Case Study |
| 27 | 准备 6 个 interview answers | Interview Pack |
| 28 | 打包 artifacts | Portfolio Index |
| 29 | 做 10 分钟汇报稿 | Executive Talk Track |
| 30 | 自评并补齐证据链 | Final Portfolio Pack |
20. Interview Answers
Q1: 如何向高管解释 APP scam intervention architecture?
30 秒:
这不是普通 fraud model。客户本人通过认证并授权付款, 但 intent 可能被诈骗操控。架构目标是把 identity confidence、beneficiary/mule risk、payment rail window、customer intent confidence 和 social-engineering signals 连接起来, 用比例化 friction 干预, 并保留 evidence 支撑投诉、补救、审计和模型改进。
Q2: 为什么 MFA 不能解决 APP scam?
30 秒:
MFA 证明操作人可能是客户本人, 但不能证明客户没有被 impersonation、safe-account scam、romance scam 或 remote-access coaching 操控。APP scam 需要在认证之外建立 intent confidence layer 和 scam-specific intervention。
Q3: 你如何设计不伤害合法客户的 friction?
30 秒:
我会用 risk-based intervention ladder: 低风险只确认, 中风险给 typology-specific warning, 高风险加 checklist/cooling-off/callback, critical cases 才进入 hold/delay/decline/escalation under policy。同时监控 false friction、legitimate payment delay、complaints and override。
Q4: Beneficiary/mule graph 的价值是什么?
30 秒:
APP scam 的资金出口通常是 mule network。只看 sender anomaly 会漏掉多个受害人向同一收款集群付款的模式。Beneficiary graph 能在 payee setup、first payment、repeat payment 和 post-payment recovery 阶段提供 destination risk, 但必须受 data-sharing, privacy and AML governance 约束。
Q5: Conversation signals 怎样使用才专业?
30 秒:
只使用合法收集、目的明确、最小必要的数据, 如客服转写、branch structured notes、in-app memo、客户主动提供的 scam messages。不要默认扫描客户私人 SMS/email/social media。模型输出要是 reason codes and confidence, 而不是给客户贴标签。
Q6: 如果客户坚持付款怎么办?
30 秒:
架构不应让一线员工临场拍脑袋。应按 rail-aware policy 记录 risk vector、warning、客户回答、frontline escalation、decision owner and final action。是否 delay、hold、decline 或 release 取决于产品条款、rail rules、Legal/Compliance and institutional policy。无论结果如何, evidence and recovery path 要完整。
Q7: 投诉和补救怎么和 AI 架构连接?
30 秒:
每次 intervention 都要有 case_id 连接 transaction、risk vector、warning content、customer response、staff notes、decision and recovery action。投诉团队基于 evidence pack 和政策事实做 remediation review。模型团队只在 QA 后使用 outcome label, 避免把争议案例直接当训练真相。
Q8: 这个 portfolio 能体现 PM/Architect 的什么能力?
30 秒:
它体现我能把 AI risk、payment rails、fraud operations、frontline workflow、privacy、conduct、model risk and complaints 串成一个可运行的 customer protection architecture, 而不是只画一个模型或写一段 warning copy。
21. Final Operating Principle
AI APP scam intervention maturity 可以用一个问题测试:
If an authenticated customer is about to send fast money under possible scam influence,
can the institution estimate intent and beneficiary risk,
pause the right transaction with the least harmful friction,
escalate through trained humans,
act within rail-specific windows,
preserve evidence for complaints and remediation,
learn from outcomes,
and prove privacy, conduct and model governance discipline?
如果答案不清楚, 问题不是缺一个 fraud score。问题是 payment product、AI decisioning、scam operations、branch/call center、complaints、privacy、conduct risk and evidence engineering 还没有被设计成同一套 operating system。