Beyond Sanctions: Building Your Internal Fraud Watchlist

Beyond Standard ComplianceEffective fraud prevention extends beyond regulatory AML screening, requiring an internal system to track and block known fraudsters.

Key Data Points for Internal WatchlistsRobust internal watchlists leverage identifiers like document numbers, facial biometrics, phone numbers, and email addresses to detect and prevent repeat fraud attempts.

Automated Detection is CriticalManual review of an internal watchlist is unsustainable; automation through intelligent systems is essential for real-time fraud mitigation and operational efficiency.

Didit's Modular Approach to Fraud PreventionDidit offers a modular, AI-native platform with blocklisting capabilities for documents, faces, phone numbers, and emails, integrated seamlessly with other identity verification tools to create comprehensive fraud defenses.

The Limitations of Traditional AML and the Need for Internal Watchlists

In today's digital landscape, businesses face an ever-evolving array of fraudulent activities. While Anti-Money Laundering (AML) screening, which includes checking against Politically Exposed Persons (PEP) and sanctions lists, is a foundational element of regulatory compliance and financial crime prevention, it often addresses only one facet of the broader fraud challenge. PEP and sanctions lists primarily focus on individuals and entities involved in financial crimes, terrorism financing, and corruption on a global scale. They are essential for preventing illicit funds from entering the financial system and maintaining international security.

However, what about the fraudsters who repeatedly attempt to open accounts with stolen identities, exploit promotional offers, or engage in chargeback fraud? These bad actors may not appear on global sanctions lists, yet they pose a significant threat to a business's bottom line and reputation. Relying solely on external AML screening leaves a critical vulnerability. This is where a robust internal fraud watchlist becomes indispensable. An internal watchlist allows organizations to track and proactively block individuals or entities that have previously engaged in fraudulent behavior specific to their services, even if they haven't triggered a national or international alert. Building such a list is a proactive measure that empowers businesses to take control of their fraud prevention strategy, turning past incidents into future protection. It's about leveraging your own historical data and insights to create a tailored defense that complements standard compliance measures.

Key Components of an Effective Internal Fraud Watchlist

Building an effective internal fraud watchlist requires careful consideration of what data points to include and how to leverage them. The goal is to identify and prevent repeat fraudulent activities, making it increasingly difficult for bad actors to exploit your systems. Beyond names and dates of birth, which are common in AML screening, an internal watchlist should focus on persistent identifiers that fraudsters often reuse or attempt to alter subtly.

Crucial components include:

• Document Numbers: Fraudsters often use the same fraudulent or stolen identity documents across different platforms or multiple times on the same platform. Blocklisting specific document numbers (or secure fingerprints of their unique identifiers like MRZ data) can immediately flag and decline subsequent attempts.
• Facial Biometrics: The human face is a unique identifier. By capturing and blocklisting biometric templates from individuals who have committed fraud, you can prevent them from attempting to onboard with new, seemingly distinct, identity documents. Didit's 1:1 Face Match and Passive & Active Liveness detection can be instrumental here, ensuring the person presenting the document is its legitimate owner and that the face hasn't been seen committing fraud before.
• Phone Numbers: Phone numbers are frequently used for account registration, multi-factor authentication, and communication. Blocklisting phone numbers associated with fraudulent activities can prevent re-registration attempts and block communication with known bad actors. Didit's Phone Verification can help validate these numbers initially and then add them to your internal blocklist if fraud is detected.
• Email Addresses: Similar to phone numbers, email addresses are central to online identities. Identifying and blocklisting email addresses linked to previous fraud attempts is a straightforward yet powerful way to prevent future exploits. Didit's Email Verification can be used to check initial validity and then add to the blocklist.
• IP Addresses and Device IDs: While more dynamic, tracking IP addresses and device fingerprints can reveal patterns of fraudulent activity originating from specific locations or devices, adding another layer of defense.

The strength of your internal watchlist lies in its ability to connect these disparate data points, creating a comprehensive profile of a known fraudster. When any of these blocklisted entities are detected during a new verification session, the system should automatically decline the transaction or flag it for immediate review, significantly reducing your exposure to risk.

Implementing and Automating Your Internal Watchlist

Building an internal watchlist is one thing; effectively implementing and automating its use is another. Manual review of every potential match against an internal list quickly becomes unsustainable as your business scales. Automation is key to ensuring real-time fraud detection and maintaining operational efficiency. The process should be integrated directly into your onboarding and transaction monitoring workflows.

Here's how to approach implementation and automation:

1. Seamless Integration: Your internal watchlist should be integrated with your identity verification platform. When a new user attempts to onboard, their submitted data (document details, biometrics, phone, email) should be cross-referenced against your internal blocklist in real time.
2. Automated Decisioning: Define clear rules for automated decisioning. If a match is found against a blocklisted entity (e.g., a blocklisted document number or face), the verification should be automatically declined. This reduces manual workload and ensures consistent application of your fraud policies.
3. Dynamic Updates: The watchlist should be dynamic, allowing for easy addition of new fraudulent entities as they are identified. This could be triggered by internal fraud investigations, chargeback alerts, or suspicious activity detected by your monitoring systems.
4. Configurable Thresholds and Rules: While an exact match against a blocklisted identifier should trigger an immediate decline, you might also want to set up rules for partial matches or suspicious patterns. For instance, multiple verification attempts from the same IP address with different identities could trigger a flag.
5. Case Management and Review: For more complex cases or suspected fraud that doesn't trigger an automatic block, a robust case management system is needed. This allows your fraud team to review flagged instances, investigate further, and then add new entities to the blocklist as appropriate.

By automating the scanning and decisioning processes, businesses can significantly reduce the window of opportunity for fraudsters, improve the accuracy of fraud detection, and free up valuable human resources to focus on complex investigations rather than routine checks.

How Didit Helps Build and Manage Robust Fraud Watchlists

Didit, as an AI-native, developer-first identity platform, provides the modular building blocks necessary to construct and manage a highly effective internal fraud watchlist that goes far beyond standard PEP and sanctions screening. Our platform is designed to be composable, allowing businesses to integrate specific identity primitives to create tailored fraud prevention workflows.

Didit's Blocklist feature is specifically engineered for this purpose, enabling you to automatically decline fraudulent verifications by blocklisting various identity elements:

• Document Blocklist: Prevents the reuse of specific documents identified as fraudulent or stolen. Didit stores secure fingerprints of document identifiers (like document number and MRZ data), automatically declining sessions that match these blocklisted elements. This is a powerful extension of our ID Verification capabilities.
• Face Blocklist: Prevents users whose biometric data matches previously blocklisted faces from passing verification. By storing biometric templates derived from facial features, Didit's 1:1 Face Match technology ensures that known fraudsters cannot simply use a new document with the same face. This integrates seamlessly with our Passive & Active Liveness detection.
• Phone Number Blocklist: Stops verifications using phone numbers that have been associated with fraudulent activity. Didit evaluates new sessions against blocklisted numbers, including normalized E.164 formats, leveraging our Phone Verification capabilities.
• Email Blocklist: Prevents verifications using email addresses that have been blocklisted due to prior fraud attempts. Didit checks new sessions against these addresses (case-insensitive, normalized), building upon our Email Verification.

Didit's modular architecture means these blocklisting capabilities can be combined with other verification steps, such as AML Screening & Monitoring for regulatory compliance, Proof of Address, and Age Estimation, to create a comprehensive risk orchestration workflow. Our AI-native approach ensures that these checks are performed with high accuracy and in real-time, adapting to new fraud patterns. With Didit's Free Core KYC and no setup fees, businesses can start building their advanced fraud defenses without significant upfront investment, scaling their protection as needed.

Ready to Get Started?

Ready to see Didit in action? Get a free demo today.

Start verifying identities for free with Didit's free tier.