AI 底层逻辑 / 经典论文

AI APP Scam Intervention：授权支付诈骗干预架构

388 行ai-foundations/papers/128-ai-authorized-push-payment-scam-intervention-architecture.md

AI Authorized Push Payment / Scam Intervention Architecture 解读

面向对象: Advanced AI PM / CBAP Senior BA / Product Architect / Enterprise Architect / Fraud Strategy / Scam Operations / Payments Product / Branch and Contact Center Operations / Model Risk / Conduct Risk / Privacy / Internal Audit Partner。核心问题: 当客户本人正在授权一笔 real-time payment、wire、ACH credit、P2P、bill pay、internal transfer 或其他 push payment, 但交易背后可能存在 impersonation、romance/investment scam、safe account scam、remote-access coaching 或 mule network 时, AI 如何识别并干预 social-engineering fraud, 同时不把真实客户意图简单当成 fraud blocking? 学习目标: 建立 customer intent confidence、beneficiary/mule risk、conversation and coercion signal、payment rail intervention window、step-up friction orchestration、branch/call center escalation、evidence pack、complaints/remediation、model risk、conduct risk、privacy boundary 和 operational controls 的架构能力。

重要说明: 本文是学习、架构训练和作品集材料, 不构成法律意见、监管意见、合规结论、消费者赔付建议、客户通知建议、支付规则解释、可疑活动报告建议或模型验证意见。正式项目必须由 Legal、Compliance、Payments Legal、Fraud/Scam Operations、AML/BSA、Privacy、Cyber、Model Risk、Conduct Risk、Complaints、Branch/Contact Center、Payments Operations、Product Owner、Data Governance、Internal Audit 和必要的外部顾问共同判断。不同 payment rail、jurisdiction、产品条款、客户类型、账户协议、网络规则、regulator view 和机构政策会影响能否 hold、delay、decline、recall、reimburse、file report 或联系收款机构。本文只提供 decision support architecture。

Source Anchors

Source	Link	用途
FTC scam alerts	https://consumer.ftc.gov/features/scam-alerts	用 scam taxonomy、consumer education、impersonation/social-engineering patterns 和 recovery advice 训练客户保护场景；FTC 页面列出 phishing、gift card、government/business impersonator、romance、wire transfer 等常见 scam 类型
FTC impersonation rule blog	https://www.ftc.gov/business-guidance/blog/2024/02/ftc-impersonation-rule-goes-effect-april-1	用 government/business impersonation scam 语言设计 impersonation risk library、warning copy 和 scam operations typology；不要把本文写成该规则适用性结论
FFIEC Authentication and Access to Financial Institution Services and Systems	https://www.ffiec.gov/press/pr081121.htm	用 risk assessment、layered security、MFA/equivalent controls、monitoring/logging/reporting、call center/help desk controls 和 push payment risk 思维设计 step-up authentication and intervention
FinCEN advisories/bulletins/fact sheets	https://www.fincen.gov/resources/advisoriesbulletinsfact-sheets	用 financial crime typology、mule activity、elder financial exploitation、cyber-enabled fraud 和 reporting escalation 语言连接 fraud/scam operations 与 AML/BSA；正式报告义务由 BSA/AML and Legal 判断
CFPB compliance circulars landing page	https://www.consumerfinance.gov/compliance/circulars/	用 consumer protection、complaints、servicing、payments and supervision guidance 的入口建立 complaints/remediation and conduct-risk review habit；不在本文作 reimbursement 或 liability 结论
NIST AI RMF	https://www.nist.gov/itl/ai-risk-management-framework	用 Govern / Map / Measure / Manage 组织 AI scam intervention 的 risk mapping、measurement、monitoring、governance 和 improvement evidence
ISO/IEC 42001 overview	https://www.iso.org/standard/42001	用 AI management system、roles、policy、operation、performance evaluation、internal audit 和 continual improvement 建立 AI scam intervention control plane

一句话:

APP scam intervention architecture is not a fraud stop button. It is a real-time decision architecture for distinguishing genuine customer intent from scam-induced authorization, applying proportional friction, preserving customer dignity, and proving the decision later.

1. Thesis

Authorized Push Payment scam 的架构难点在于: transaction looks authorized, but intent may be compromised。

传统 unauthorized fraud 常问:

Did someone else access the account or payment credential?

APP scam intervention 要继续问:

Is the authenticated customer acting under deception, coercion, impersonation,
romance/investment manipulation, remote-access coaching, urgency pressure,
or mule-directed instructions, while still technically authorizing the payment?

因此 AI 的目标不是简单提高 block rate。真正目标是建立四个 confidence:

Identity confidence: 发起人是否为授权客户或授权 business user。
Payment legitimacy confidence: payment rail、amount、timing、device、beneficiary、narrative 是否符合合理交易模式。
Beneficiary confidence: 收款方是否像真实关系、真实商户、真实 biller, 还是像 mule / pass-through / recently risky beneficiary。
Intent confidence: 客户是否理解交易对象、用途、不可逆性、风险和替代解释, 是否可能被 coached to lie。

成熟架构必须承认一个事实: customer intent is not directly observable。系统只能通过 signals、conversation、behavior、beneficiary graph、payment context 和 intervention response 估计 intent confidence。高级 PM / Architect 的价值在于设计 proportional friction, not paternalistic blocking。

2. Why It Matters

实时支付和数字渠道把客户体验从 "batch and reversible enough" 推向 "instant and hard to recover"。诈骗者利用的不是认证漏洞, 而是客户信任、恐惧、孤独、投资欲望、权威服从和时间压力。

Shift	传统 fraud control 假设	APP scam 下的风险放大
Strong authentication	MFA 通过后交易可信	MFA 证明是客户本人, 不能证明客户未被操控
Faster rails	速度提升 UX	更短 recall/recovery window, mule account 可快速层层转走
Self-service limits	客户自主转账	客户可能被骗子教导如何绕过 warning、分拆金额、说服 banker
Fraud models	异常交易即风险	长期 romance/investment grooming 可让行为看起来渐进合理
Generic warnings	提示客户 beware scams	被操控客户会跳过通用提示, 或相信自己不是目标
Operational escalation	高风险交易 call center 复核	被 coached 的客户可能给出 rehearsed story, frontline 需要 evidence and script

金融零售的特殊点:

Branch、call center、mobile app、online banking、wire room、Zelle/P2P team、ACH team、card dispute team、AML investigations 往往各看一段证据。
Scam 不是单笔交易问题, 而是 customer journey problem: first contact、grooming、payee setup、limit increase、payment attempt、intervention、post-payment complaint、recovery、repeat targeting。
Conduct risk 很容易被忽视: 过度 friction 会剥夺客户正当支付能力, 不足 friction 会让客户损失扩大, 错误话术会让客户羞辱、对抗或失去信任。

3. Architecture Model

参考架构:

payment initiation signal
  -> identity and session confidence
  -> payment rail risk and intervention window
  -> beneficiary / mule risk graph
  -> customer history and behavioral context
  -> customer intent confidence model
  -> social-engineering and conversation signal layer
  -> proportional friction orchestration
  -> branch / call center / fraud ops escalation
  -> release, delay, decline, limit, recall, monitor or case open
  -> evidence ledger and complaint/remediation handoff
  -> model, conduct, privacy and operational control review

核心设计原则:

Do not collapse scam risk into authentication risk。MFA、device binding、passkey 和 session controls 解决 who is acting, 不是 why they are acting。
Do not collapse intervention into blocking。干预包括 education、specific warning、confirmation、cooling-off、beneficiary verification、callback、branch review、fraud specialist interview、limit management、payment delay、case monitoring 和 post-payment recovery。
Model output must be decision support。是否 delay、decline、exit customer relationship、file report、reimburse 或 contact receiving bank, 需要授权流程决定。
Evidence must survive the moment。APP case 的争议常发生在事后: 客户说没有被充分警示, banker 说客户坚持, 模型说高风险, payment team 说 rail window 已过。架构要让事实可重放。

4. Scam Taxonomy

APP scam taxonomy 要按 manipulation pattern 和 payment consequence 分类, 不只按 payment rail 分类。

Scam type	Social-engineering pattern	Common payment behavior	Intervention implication
Government / law enforcement impersonation	威胁逮捕、罚款、移民/税务后果, 要求保密和立即付款	wire, P2P, cash withdrawal, gift card, crypto, repeated smaller payments	高 urgency + secrecy + authority claim 是强信号；warning 要明确 "agency will not ask you to move money to protect it"
Bank / fraud department impersonation	声称账户被盗, 要求转到 "safe account" 或验证交易	new beneficiary, internal/external transfer, wire, real-time payment	需要 safe-account-specific warning、out-of-band callback、session/device review
Business email compromise / invoice redirection	假冒 vendor、executive、closing agent、supplier, 改变收款信息	ACH credit, wire, business online banking, treasury payment	需要 beneficiary change verification、dual approval、known vendor callback evidence
Romance / relationship scam	长期 grooming, 情感依赖, 医疗/旅行/投资借口	escalating wires/P2P, crypto on-ramp, gift cards	单笔 anomaly 不够, 需要 longitudinal relationship and vulnerability signals
Investment / crypto scam	高收益、guaranteed returns、fake platform、withdrawal fee	first-time crypto exchange, wires to exchange, repeated top-ups	需要 investment-scam warning、cooling-off、platform/beneficiary risk
Tech support / remote access scam	假称病毒、退款、错误转账, 诱导 remote desktop	bill pay, P2P, wire, cash, gift card	需要 remote-access signal、device/session anomaly、call center script
Family emergency scam	假称亲人事故/绑架/保释	urgent wire/P2P/cash	需要 trusted-contact/callback option, 但隐私和安全边界要明确
Purchase / marketplace scam	假商品、租房、宠物、车辆、票务	P2P, instant payment, ACH	friction 要区分 normal marketplace risk vs high pressure / off-platform behavior
Mule recruitment / money flipping	客户也可能成为 mule, 被诱导收转资金	inbound credits then rapid outbound, new accounts, crypto	需要 customer protection + AML escalation, 避免仅以 victim language 处理所有 case

高级 nuance: 同一 case 可能跨多个 typology。比如 bank impersonation 先让客户 wire to "safe account", 然后诱导 crypto purchase；系统要支持 multi-label case, 不要强迫单一 root cause。

5. Risk Signal Layers

5.1 Payment Rail and Irreversibility

Rail / channel	Scam architecture concern	Intervention window
Real-time payment / instant transfer	settlement 快, recall/recovery 不确定, 客户预期即时	pre-send intervention 最关键；post-send 更依赖 receiving institution cooperation
Wire	高金额、不可逆性强、branch/wire room 参与多	beneficiary verification、purpose review、dual control、callbacks、hold/delay policy
ACH credit	batch timing 给一定 review window, 但 business payroll/vendor 场景复杂	new beneficiary, account validation, NACHA/ODFI/RDFI process coordination
P2P	low friction, consumer context, alias/phone/email ambiguity	alias verification、relationship signals、scam warning、repeat recipient monitoring
Bill pay / external transfer	客户认为常规支付, 但 fake biller 或 mule 也可混入	payee onboarding, biller directory, address/account changes
Internal transfer	同行内 beneficiary visibility 更强, 但 mule account may be internal	cross-account graph, velocity, hold/review, internal recovery playbook
Crypto on-ramp	conversion 后 recovery 极难, scam typology 常见	exchange/merchant risk, investment warning, cooling-off, enhanced review

5.2 Beneficiary / Mule Risk

Beneficiary risk 不是简单 "new payee = bad"。它要回答:

收款方是否为客户既有关系、已验证商户、bill pay directory、工资/房租/供应商关系。
收款账户是否新开、短期大量入账后快速出账、与多个 victim-like senders 连接。
收款别名、phone/email、routing/account、merchant descriptor 是否频繁变化。
receiving institution、account type、geo、velocity、network cluster 是否与已知 scam typology 相似。
是否存在 pass-through mule behavior: inbound from many unrelated senders, outbound to crypto/external rails, low balance dwell time。

5.3 Customer Intent Confidence

Customer intent confidence 应该由多个弱信号组合:

客户是否能清楚说明收款方身份、关系、用途和独立验证方式。
客户是否被要求保密、绕过银行、不要告诉家人、对 banker 撒谎。
客户是否表现出异常 urgency、fear、shame、romantic loyalty、investment FOMO。
是否出现 limit increase、new device、remote access、unusual login time、copy-pasted beneficiary instructions。
客户是否在 warning 后改变 narrative, 或重复骗子常用脚本。
交易是否与近期 life event、complaint、branch visit、failed payment attempts、cash withdrawal、crypto search pattern 相连。

Important boundary: AI can estimate intent confidence, not read intent。系统必须用 "confidence and uncertainty" 表达, 不要把客户贴上 "liar" 或 "complicit" 标签。

可用信号要来自合法、透明、最小必要的数据源:

In-app payment memo, beneficiary setup text, structured payment purpose。
Customer service chat/call transcript, 前提是机构已有合法录音/转写和使用边界。
Branch banker/fraud specialist 的 structured interview notes。
Customer voluntarily shared scam messages or screenshots。
Case complaints, prior scam warnings, education interaction。

避免的边界:

不应默认扫描客户私人 SMS、email、社交媒体或第三方聊天内容。
不应把联系人、位置、设备内容等敏感信号纳入模型, 除非 Legal/Privacy/Data Governance 明确允许且已完成 notice、consent、minimization、retention、access control 和 model-use review。
不应把 sentiment 当作脆弱性标签直接自动化决策。Conduct risk 需要人类解释和复核。

6. Intervention Orchestration

APP scam control 的关键不是 "one big warning", 而是 context-specific friction ladder。

Risk band	Action pattern	Customer experience principle
Low	passive education, payee confirmation, normal monitoring	不破坏正常支付
Medium	specific scam warning, beneficiary/purpose confirmation, short delay for new payee	解释风险原因, 不制造羞辱感
High	cooling-off, out-of-band callback, fraud specialist chat/call, branch review, limit review	让客户有机会摆脱骗子实时压力
Critical	payment hold/delay/decline/escalation according to policy and rail rules	保护客户, 但保留 appeal and evidence
Post-payment	recall/recovery attempt, receiving bank contact, mule graph update, complaint case	快速恢复窗口和客户支持

Friction 设计要针对 typology:

Safe-account scam: 明确告诉客户金融机构不会要求转钱到 "安全账户"。
Impersonation: 要求客户通过独立渠道联系真实机构, 不使用来电号码或对方提供链接。
Investment scam: 询问能否独立提现、是否保证收益、是否被要求继续充值。
Romance scam: 使用 non-judgmental conversation, 避免让客户更依赖骗子。
BEC: 用 known-good contact 验证收款账户变更, 不回复可疑 email thread。

7. Operating Model

Function	Role in APP scam architecture
Fraud / Scam Strategy	定义 typology、risk appetite、intervention thresholds、case outcomes 和 feedback loop
Payments Product	把 rail constraints、settlement timing、customer UX、limits 和 payee flows 纳入设计
Branch Operations	处理高信任面对面场景, 使用 structured interview, 记录客户坚持/撤回/升级
Contact Center	执行 callback、fraud specialist conversation、case triage, 防止 coached customer 绕过
AML/BSA / Financial Crimes	评估 mule networks、suspicious activity、law enforcement liaison 和 reporting route
Model Risk	审查模型目的、数据、features、validation、monitoring、overrides、bias and drift
Conduct Risk / Compliance	审查 friction fairness、customer autonomy、complaints、vulnerable customer treatment
Privacy / Data Governance	确定 conversation data、device data、third-party data、retention、consent 和 access
Complaints / Remediation	处理 post-scam disputes, evidence review, remediation options and customer communication
Legal	判断 hold/decline authority、notifications、terms、litigation privilege and legal boundaries
Internal Audit	测试 control design、operating effectiveness、evidence quality and governance cadence

Operating cadence:

Daily scam operations huddle: typology spikes、mule clusters、false friction、recovery outcomes。
Weekly model and strategy review: threshold performance、override reasons、complaint outcomes。
Monthly conduct/privacy review: customer experience, vulnerable customer impacts, data use changes。
Quarterly AI governance: model drift、control gaps、vendor performance、audit findings、roadmap。

8. Product / Architecture Decisions

Decision	Options	Architecture judgment
Where to score risk	payee setup, limit increase, payment initiation, before settlement, post-payment	高价值系统要多点评分；只在 send button 评分会错过 grooming and mule setup
How to represent intent	binary scam/not scam, risk score, confidence vector, reason codes	使用 confidence vector: identity, beneficiary, rail, social-engineering, customer intent, evidence quality
Warning style	generic disclosure, typology-specific warning, interactive checklist, human conversation	高风险需要 typology-specific and action-oriented warning, 低风险不应过度干扰
Human escalation	all high scores to fraud team, only critical scores, branch/call center routing	按 rail/time sensitivity/customer vulnerability/value/risk reason routing
Beneficiary graph	internal-only, consortium/shared signals, third-party mule intelligence	需要 data-sharing and privacy review；graph value 高但 governance 成本也高
Customer conversation capture	free-text notes, structured questions, transcript analytics	结构化问题 + controlled notes 更适合 evidence and model feedback
Payment delay	fixed cooling-off, dynamic delay, no delay	取决于 rail、terms、policy and Legal/Compliance；架构提供 decision support not rule conclusion
Feedback loop	confirmed fraud only, complaint outcomes, analyst labels, receiving bank feedback	需要多源 label；confirmed loss label 会滞后且偏向已投诉客户
Explainability	no explanation, generic reason, operational reason codes	对 frontline 和 audit 要有 reason codes；客户话术要避免泄露 control logic

9. Control Matrix

Control objective	Control activity	Evidence
Separate authentication from intent	Payment decision uses identity confidence and scam-intent confidence as distinct fields	risk vector, model schema, decision log
Detect mule/beneficiary risk	Beneficiary graph uses account age, relationship, velocity, network and prior case outcomes	beneficiary risk card, graph score, data lineage
Apply proportional friction	Friction engine maps risk reason to warning, delay, callback, branch review or release	intervention decision table, UX version, customer event log
Preserve customer autonomy	High-risk interventions include explanation, appeal/escalation path and supervisor review where required	customer communication record, override reason, escalation notes
Support frontline quality	Call center/branch scripts are typology-specific, non-leading and non-shaming	script version, training completion, QA score
Avoid privacy overreach	Conversation/device/third-party signals have approved use, retention and access controls	privacy assessment, data catalog, access logs
Manage model risk	Model has purpose statement, validation, calibration, drift monitoring and challenger review	model inventory, validation report, monitoring dashboard
Manage conduct risk	False friction, vulnerable customer impact, complaint outcomes and demographic proxies are reviewed	conduct review pack, complaint trends, remediation log
Preserve evidence	Every intervention links payment event, risk vector, warning, customer response, analyst action and final outcome	case_id, payment_id, trace_id, final decision record
Close recovery loop	Post-payment scam cases trigger recall/recovery attempt and mule intelligence update	recovery ticket, receiving bank contact, mule graph update

10. Metrics

APP scam metrics 必须避免单一 "loss prevented"。过度拦截也可能造成客户伤害。

Metric	Why it matters
Scam loss prevented estimate	衡量控制价值, 但估算方法要透明
Confirmed scam loss rate by rail	区分 RTP/wire/ACH/P2P/channel 风险
False friction rate	被干预但最终合理交易的比例
Legitimate payment completion delay	衡量客户体验和 liquidity impact
High-risk warning abandonment quality	abandonment 可能是 prevented scam, 也可能是 frustrated legitimate customer
Customer intent reversal rate	客户在 specific intervention 后撤回交易的比例
Escalation conversion rate	branch/call center intervention 对 scam prevention 的实际贡献
Recovery speed and success rate	post-payment recovery 依赖时间和证据
Mule detection precision	避免把合法收款人错误标记
Model calibration by typology	不同 scam type 的 score 是否可靠
Override rate and reason distribution	frontline 是否频繁推翻模型, 以及为什么
Complaint rate after intervention	检测 conduct risk and customer harm
Vulnerable customer escalation quality	防止不当歧视或过度家长式干预
Evidence completeness rate	事后投诉、审计和模型改进的基础

高级指标设计:

net customer protection value =
  estimated prevented scam loss
  + recovered funds
  - legitimate payment delay cost
  - false decline/remediation cost
  - complaint handling cost
  - conduct and trust impact proxy

11. Failure Modes

Failure mode	Why it is dangerous	Better design
Treating MFA as scam control	客户本人通过 MFA 也可能被操控	intent confidence layer and scam-specific interventions
Blocking without explanation	客户会绕道去其他机构或渠道, 也增加投诉	proportional friction, specific reason class, escalation path
Generic warnings everywhere	客户疲劳, 高风险客户也不会停下来	typology-specific warnings and interactive checks
Overusing private conversation data	侵犯隐私、超出 consent、引发 conduct and trust risk	data minimization, explicit boundaries, approved sources
Training only on confirmed losses	label bias, 漏掉 prevented scams 和未投诉客户	include interventions, complaints, analyst labels, recovery feedback
Ignoring mule networks	只看 sender anomaly 会错过已知 bad beneficiary	beneficiary graph and receiving-account intelligence
Frontline notes are free-text only	难以训练、复盘和审计	structured interview fields plus controlled narrative
No rail-specific playbook	RTP、wire、ACH、P2P 的窗口和操作不同	rail-aware decision gates
Dark-pattern friction	用恐吓或羞辱迫使客户放弃	respectful, evidence-based, non-coercive warnings
Premature reimbursement statements	越权承诺, 可能不符合法律/政策/事实	Legal/Compliance/Complaints determine remediation route
No post-payment recovery loop	错过 recall and mule intelligence window	immediate recovery workflow and case linkage
Model not reviewed for conduct risk	高风险群体可能被过度摩擦或错误怀疑	conduct metrics, QA, governance and remediation review

12. Interview-Ready Takeaways

Q1: APP scam intervention 和普通 fraud detection 最大区别是什么?

普通 fraud detection 主要判断是否 unauthorized access 或 credential compromise。APP scam intervention 的难点是客户本人正在授权交易, 但可能被 deception、coercion 或 impersonation 操控。架构上必须把 identity confidence、beneficiary risk、payment rail risk 和 customer intent confidence 分开建模, 并用 proportional friction 干预, 而不是只追求 block rate。

Q2: 为什么不能简单拦截所有高风险转账?

因为金融机构既要保护客户, 也要尊重客户合法支付自主权。过度拦截会造成 liquidity harm、business disruption、客户投诉和 conduct risk。成熟方案是 risk-based intervention ladder: warning、confirmation、cooling-off、callback、branch/fraud specialist escalation、delay 或 decline, 具体权限由 rail rules、合同、政策和 Legal/Compliance 决定。

Q3: AI 如何识别 customer intent 被操控?

AI 不能直接读取 intent, 只能根据弱信号估计 intent confidence: new beneficiary、unusual rail/amount、urgency/secrecy language、safe-account narrative、remote-access indicators、beneficiary mule graph、customer behavior change、warning response、branch/call center conversation 等。输出应该是 confidence vector and reason codes, 供 intervention engine and human specialists 使用。

Q4: Conversation signals 怎么用才不会越过隐私边界?

只使用机构合法收集且目的明确的数据, 如 in-app memo、客服聊天、已授权录音转写、structured interview notes、客户主动提供的 scam message。不要默认扫描私人 SMS/email/social media。每个 signal 都需要 data catalog、purpose limitation、retention、access control、privacy assessment and model-use review。

Q5: Beneficiary/mule risk 为什么关键?

APP scam 的资金流向通常依赖 mule accounts。Sender anomaly 只能看到客户异常, beneficiary graph 能看到同一个收款账户是否接收多个 victim-like payments、快速出账、与已知 scam clusters 相连。高质量架构会在 payee setup、first payment、amount increase 和 post-payment recovery 都使用 beneficiary intelligence。

Q6: 投诉和补救在架构里怎么设计?

不能等投诉来了再拼证据。每次 intervention 都要保存 risk vector、warning copy、customer response、frontline notes、decision owner、payment outcome and recovery attempt。投诉团队根据 evidence pack、政策、Legal/Compliance guidance 和 case facts 判断 remediation route。架构提供事实和流程, 不预设赔付结论。

13. Practical Templates

13.1 APP Intervention Decision Record

Field	内容
case_id	scam intervention common reference
payment_id / rail	transaction id, rail, channel, amount, currency, timestamp
customer_intent_confidence	high / medium / low plus reason codes
identity_confidence	authentication, device, session, user profile
beneficiary_confidence	known relationship, new payee, mule graph, verification result
scam_typology	safe account, impersonation, romance, investment, BEC, tech support, marketplace, mule recruitment
intervention_applied	warning, checklist, delay, callback, branch review, fraud specialist, decline/hold/escalation
customer_response	proceeded, cancelled, changed story, provided evidence, escalated complaint
decision_owner	automated, fraud analyst, branch manager, wire room, payments ops, legal/compliance consulted
final_outcome	released, delayed, cancelled, recovered, complaint, confirmed scam, legitimate
evidence_status	complete, partial, missing source, missing transcript, missing beneficiary response

13.2 Beneficiary Risk Card

Dimension	Evidence
Relationship	first time, recurring, verified merchant, known vendor, family contact, unknown
Account intelligence	account age proxy, inbound/outbound velocity, balance dwell, prior scam linkage
Alias stability	phone/email/name/account changes, mismatch, recent creation
Network pattern	many unrelated senders, common device/IP/linkage where allowed, crypto off-ramp path
Rail behavior	high-risk rail, split payments, repeated attempts after decline
Receiving institution coordination	contact attempt, recall response, hold status where available

13.3 Frontline Scam Conversation Script Principles

Principle	Good practice
Non-shaming	"我们看到这类交易有一些诈骗特征, 我想帮你确认风险"
Specific	根据 typology 说具体风险, 不用泛泛 "be careful"
Independent verification	鼓励客户用自己查到的官方号码/联系人验证, 不用来电方提供信息
Anti-coaching	询问是否有人要求保密、保持通话、远程控制、告诉银行某个固定理由
Evidence capture	记录问题、客户回答、提供的证明、客户是否坚持付款
Escalation	高风险或客户受压时升级 fraud specialist / supervisor / branch manager

13.4 Evidence Pack Schema

case_id
customer_id / segment / vulnerability flag where policy-approved
payment_id / rail / channel / amount / timestamp
beneficiary_id / alias / account reference / verification status
identity and session signals
risk vector and model version
warning or intervention content version
customer response and interaction transcript or structured notes
frontline user id / role / decision timestamp
legal/compliance/payment ops consultations where applicable
final payment outcome
recall/recovery actions
complaint/remediation status
model feedback label and evidence quality score

13.5 Step-Up Friction Decision Table

Condition	Default intervention	Escalation trigger
New beneficiary + high amount + real-time rail	specific warning + payee confirmation + short delay where allowed	customer says urgency/secrecy/safe account
Safe-account language detected	stop-and-check warning + out-of-band bank callback	customer remains on active phone call or remote session
Romance/investment pattern + escalating payments	cooling-off + fraud specialist conversation	repeat attempt after warning or crypto destination
BEC vendor account change	known-good callback + dual approval	unable to verify beneficiary change
Customer coached narrative suspected	structured interview + supervisor review	inconsistent answers or refusal to pause under pressure

14. Final Operating Principle

成熟的 AI APP scam architecture 可以用一句话检验:

When a customer authorizes a high-risk push payment,
can we distinguish authentication from intent,
score beneficiary and social-engineering risk,
apply proportional friction before the recovery window closes,
escalate through branch and call center operations,
preserve evidence for complaints and remediation,
and improve the model without violating privacy or customer autonomy?

如果答案不清楚, 机构不是缺一个 fraud score, 而是缺一套把 payment rails、scam operations、AI model risk、frontline workflow、customer protection、privacy and conduct controls 连接起来的 intervention architecture。