An AI Security Agent for Banking: Multi-Vector Fraud and AML Detection Across Retail and Corporate Accounts

This paper presents a multi-vector AI security agent for banking that fuses transaction and session data streams using a hybrid architecture of LSTM sequence models, statistical monitors, and graph networks to simultaneously detect signature-based fraud and behavioral financial crimes, achieving significantly higher F1 scores than rule-based or single-model baselines while providing low-latency automated responses and analyst support.

The Gist

Imagine a bank as a massive, bustling city. Every day, millions of people (accounts) move money around, log in, and make purchases. Usually, this is fine. But sometimes, criminals try to sneak in, steal identities, or wash dirty money.

This paper introduces a new "AI Security Guard" designed to protect both regular people (retail) and big businesses (corporate) in this city. The authors, Joseph Walusimbi and Joshua Benjamin Ssentongo from Soroti University in Uganda, built this guard because the old ways of catching criminals aren't working well enough anymore.

Here is how the paper explains the problem and their solution, using simple analogies:

1. The Problem: Two Different Types of Criminals

The paper says banks face two very different kinds of threats, and the old security systems (called "Rule Engines") are like a bouncer who only checks for one specific thing.

• The "Bouncer" (Old Rules): This guard looks for obvious red flags. If someone tries to withdraw $10,000 in 5 minutes, or uses a card in two different countries at the same time, the guard stops them. This works great for brute-force attacks (like trying to guess a password) or ATM cloning.
• The "Chameleon" (New Threats): Then there are the sneaky criminals.
  • BEC (Business Email Compromise): Imagine a criminal hacks a CEO's email and sends a normal-looking email to the accountant saying, "Please send the payroll to this new bank account." The amount is normal, the time is normal, and the person looks real. The old "Bouncer" sees nothing wrong and lets the money go.
  • Money Laundering: Imagine someone breaking a huge pile of dirty money into tiny, legal-looking piles to hide the source. No single transaction looks suspicious, but the pattern of many small transactions is the crime.

The paper argues that the old "Bouncer" is blind to these Chameleons because they don't break any single rule; they just look like normal activity.

2. The Solution: A Three-Part "Super-Guard"

The authors built a new AI agent that acts like a three-person detective team working together on two different "surveillance cameras" (streams of data).

The Two Cameras:

1. The Transaction Camera: Watches money moving (swiping cards, wire transfers).
2. The Session Camera: Watches people logging in, changing passwords, or adding new payees.

The Three Detectives (The Fusion Architecture):
Every time an event happens, these three detectives weigh in to decide if it's a crime:

• Detective 1: The Pattern Learner (LSTM): This detective remembers your history. "Hey, Mr. Smith usually buys coffee at 8 AM in Kampala. Why are you suddenly buying a boat at 3 AM in London?" It learns your personal habits over time.
• Detective 2: The Speedometer (Threshold Monitor): This detective watches for speed and volume. "Whoa, that's 50 transactions in one minute!" or "That's a huge amount of cash deposited right before the limit." It catches the obvious bursts.
• Detective 3: The Map Maker (Graph Module): This detective looks at the connections between people. "This account is receiving money from 50 strangers and immediately sending it all out." It spots money laundering networks (mules) that look normal individually but are weird when connected.

The Verdict:
The AI combines the opinions of all three detectives into a single "Risk Score." If the score is high, the system takes action.

3. How It Reacts (The Response)

The system doesn't just scream "Criminal!" and stop everything. It has four levels of response, like a traffic light system:

• Low Risk: Just write it down in the log.
• Medium Risk: Ask the user for extra proof (like a text message code) or put a temporary "soft hold" on the money.
• High Risk: Stop the transaction immediately and alert a human analyst.
• Critical Risk: Freeze the account, call the police (analyst), and prepare a report for regulators.

The Chatbot Assistant:
If a transaction looks suspicious, the system automatically sends a message to the customer: "Was this you?"

• If the customer says "Yes" and proves their identity with a code, the money goes through.
• If the customer says "No," the account is frozen instantly.
• The system also watches for "Mass Resets" (where a hacker tries to reset passwords for 100 people at once) and stops that attack before it spreads.

The Analyst Assistant:
When a human security guard needs to investigate a crime, this AI writes a summary for them. It says, "This looks like a 'Business Email Compromise' attack. Here are the 3 steps you should take next." This saves the human hours of reading.

4. The Results: Did It Work?

The authors tested their system using a simulated city (a fake dataset of 237,000 transactions and 113,000 login sessions) because they couldn't use real bank data for privacy reasons.

They compared their "Super-Guard" against:

1. The old "Bouncer" (Rule-based system).
2. A system that only used the "Pattern Learner" (LSTM only).

The Scoreboard:

• Old Bouncer: Caught about 56% of transaction crimes and 73% of login crimes. It completely missed the "Chameleon" attacks (BEC and money laundering).
• LSTM Only: Caught about 65% of transaction crimes.
• The New AI Agent: Caught 78.7% of transaction crimes and 86.7% of login crimes.

Key Wins:

• BEC Detection: The old system had a 0% success rate against Business Email Compromise. The new AI managed to catch some of them by noticing that adding a new payee and immediately sending a large sum was a weird sequence of events, even if the amount looked normal.
• Speed: The system is incredibly fast. Even for the most critical crimes, it makes a decision in less than half a millisecond (0.43 ms), which is faster than a human can blink.

5. Limitations (What the Paper Admits)

The authors are honest about what their system can't do yet:

• It's a Simulation: They tested it on fake data. Real bank data is messier, and they admit the system needs to be retrained on real-world data before it can be used in a real bank.
• New Accounts: The "Pattern Learner" needs about 10 past transactions to get to know a customer. If a new account opens, the AI is less effective for the first month.
• Complex Money Laundering: While it got better at spotting money laundering, it still struggles with very complex, multi-step "layering" schemes where money moves through many accounts.

Summary

In short, this paper presents a smart, multi-layered security system for banks. Instead of just looking for "bad numbers," it looks at behavior, speed, and relationships. It combines the speed of rules with the memory of AI to catch both the loud, obvious thieves and the quiet, sneaky ones, all while helping customers verify their own identity and helping human guards work faster.

Technical Summary

Technical Summary: An AI Security Agent for Banking

Problem Statement
Financial institutions currently face a dual and diverging threat landscape that existing security architectures struggle to address simultaneously. On one side are signature-based fraud attacks (e.g., card-not-present attacks, brute-force credential stuffing, ATM cloning) characterized by individually anomalous events detectable by static threshold rules. On the other side are behavioral financial crimes (e.g., Business Email Compromise (BEC), money-laundering structuring and layering, mule networks) where individual transactions appear legitimate; the anomaly exists only in the relationship between transactions, accounts, or time windows.

Current static rule engines are structurally blind to these behavioral patterns, while many machine learning approaches target only single fraud categories or single data streams (transactions only). There is a lack of unified operational agents that integrate fraud detection, Anti-Money Laundering (AML), and automated response capabilities across both retail and corporate banking sectors.

Methodology
The paper proposes a unified AI Security Agent featuring a three-component fusion architecture operating on two parallel event streams:

1. Transaction Stream: Covers financial events (card purchases, wire transfers, ATM withdrawals, cash deposits).
2. Session Stream: Covers authentication and user-interface events (logins, MFA challenges, payee additions, bulk exports).

Core Detection Engine
For each stream, a composite risk score ($R$) is calculated by fusing three sub-models via a logistic regression layer:

• Sequence Model ($s_{seq}$): An LSTM network trained on sliding windows ($L=10$) of per-account behavioral history. It learns baselines for transaction amounts, velocity, and counterparty familiarity to detect anomalies in temporal sequences.
• Threshold Monitor ($s_{thresh}$): A continuous extension of rule-based logic that normalizes signals such as amount z-scores, velocity ratios (transactions per 10 minutes), structuring aggregates (rolling 7-day cash deposits vs. CTR thresholds), and new-counterparty signals.
• Graph/Network Module ($s_{graph}$): A lightweight proxy for Graph Neural Networks (GNNs) capturing account-counterparty relationship patterns. It computes rolling 24/48-hour features including fan-in (distinct inbound senders), fan-out (distinct outbound recipients), and pass-through ratios. It also flags impossible travel (city changes within physically implausible time gaps) and dormant account reactivation.

Fusion and Response
The final risk score is $R = \max(R_{txn}, R_{sess})$, ensuring that a critical event in either stream triggers an appropriate response. A single-sub-model override mechanism is employed: if the LSTM is highly confident ($s_{seq} \geq 0.90$) but other signals are low (common in BEC where amounts and networks look normal), the system prioritizes the LSTM signal.

Risk scores are mapped to a four-tier automated response framework (Low, Medium, High, Critical), triggering actions ranging from logging to account freezes, SMS notifications, and analyst paging. The system also includes:

• Customer Chatbot: For transaction verification via OTP and mass-reset attack detection.
• Analyst Case-Summary Assistant: Generates plain-English summaries with threat categorization and ranked action recommendations.

Key Contributions

1. Unified Architecture: A single agent covering 13 threat categories (including CNP fraud, ATO, BEC, structuring, layering, and mule activity) across retail and corporate sectors using a dual-stream, three-component fusion model.
2. Comprehensive Threat Model: Explicitly addresses the gap between signature-based detection and behavioral anomaly detection, covering both transaction and session contexts.
3. Experimental Evaluation: Evaluation on a 90-day synthetic dataset (237,669 transactions, 113,508 sessions, 3,470 accounts) demonstrating the efficacy of the fusion approach over baselines.
4. Operational Tools: Integration of a customer-facing verification chatbot and an analyst assistant to reduce operational burden.

Results
The proposed fusion model demonstrated superior performance compared to a rule-based baseline and an LSTM-only baseline:

• Transaction Stream: Achieved an overall F1 of 0.787 (vs. 0.562 for rules, 0.655 for LSTM-only) and a macro-average F1 of 0.303 (vs. 0.227 for rules, 0.158 for LSTM-only).
• Session Stream: Achieved an overall F1 of 0.867 (vs. 0.733 for rules, 0.713 for LSTM-only) and a macro-average F1 of 0.529 (vs. 0.500 for rules, 0.283 for LSTM-only).
• Specific Threats: The model significantly improved detection for BEC redirection (F1 0.064/0.368 vs. 0.000 for rules) and dormant reactivation. However, layering detection remained the weakest category (F1 0.131), attributed to the difficulty of detecting mid-chain patterns without full GNN message passing.
• Latency: Critical-tier automated responses completed with a 95th percentile latency of 0.43 ms on a single CPU node.
• Chatbot Performance: Achieved 96.6% identity verification accuracy and 86.8% mass-reset attack detection.

Significance and Claims
The paper claims that the primary significance of this work is the demonstration that a fused architecture can detect threats that are structurally invisible to single-mechanism systems. Specifically, the agent provides the only available detection path for BEC redirection in this study, leveraging the LSTM's ability to recognize the anomalous sequence of "add payee + immediate large transfer" even when individual transaction features (amount, velocity) remain within normal bounds.

The authors emphasize that the dual-stream architecture provides redundant coverage for cross-stream threats (e.g., Account Takeover manifesting in both session and transaction logs). They acknowledge limitations, noting that the evaluation relies on synthetic data and that layering detection is currently a proxy approximation. The paper concludes that while the prototype is effective, production deployment requires retraining on real labeled data and future work to replace the graph proxy with a full heterogeneous GNN.