Reinventing Fraud Detection Through Digital Fingerprinting and Link Analysis

Fraud detection systems are designed to assess risk at the level of individual transactions or accounts. However, this approach is becoming less effective as fraud becomes more complex.
Fraud is often spread across multiple accounts, devices, and interactions rather than appearing as a single event, making it difficult for traditional detection models to capture this kind of activity.
A white paper from Microsoft, Reinventing Link Analysis: How Digital Fingerprinting and LLMs Are Transforming Enterprise Fraud Detection, authored by Akhil Singhal and Sadhana Viswanathan, explores how combining digital fingerprinting with link analysis can shift fraud detection from isolated events to network intelligence across systems.
From Isolated Detection to Network Intelligence
Traditional approaches work well for known patterns, but are less effective when fraud is distributed across multiple entities.
This has led to a shift towards network intelligence, where relationships between entities are analysed to uncover hidden connections. Rather than asking whether a single transaction is fraudulent, this approach focuses on how multiple interactions relate to one another across time and systems.
Identifying the User Behind Fraud Activity
A central component of this approach is digital fingerprinting, which creates a probabilistic representation of a user based on device, network, and behavioural signals.
These signals can include device characteristics, IP attributes, environmental configurations, and interaction patterns. By analysing how a user behaves, rather than relying solely on static identifiers, organisations can move closer to identifying the individual operating the system.
Identifying the “user at the keyboard” enables more accurate classification of risk, particularly in cases where fraudsters rotate accounts or reuse infrastructure to evade detection.
Connecting Fraud Through Link Analysis
Once suspicious activity is identified, link analysis is used to uncover relationships across historical and real-time data.
By connecting shared attributes such as device identifiers, login credentials, IP addresses, and behavioural patterns, systems can construct a network of related entities. This allows organisations to identify not only the initial fraud signal but also other accounts and transactions that may be connected.
This approach supports earlier detection by enabling organisations to reassess previously approved activity and prevent further abuse. It also shifts detection from identifying individual events to exposing broader fraud networks.
The Role of LLMs in Detection
The paper also outlines how LLMs can enhance link analysis by introducing a reasoning layer on top of traditional rule-based systems.
Instead of relying solely on predefined rules, LLMs can interpret patterns across complex datasets, identifying relationships that may not be captured through static logic. This allows detection systems to adapt more effectively to evolving fraud behaviours while reducing the need for continuous manual rule updates.
Importantly, this layer operates alongside existing controls, supporting decision-making while maintaining governance and oversight.
What This Changes for Fraud Prevention
Together, digital fingerprinting and link analysis enable a shift from reactive detection to preventive disruption of fraud activity.
By identifying connections across users, devices, and transactions, organisations can detect coordinated behaviour earlier and respond at scale.
This approach also delivers clear operational benefits:
- Higher fraud coverage by detecting coordinated networks
- Reduced false positives through probabilistic fingerprinting
- Faster response through automated linkage and blocking
- Greater scalability across large datasets
- Improved explainability through connected fraud relationships
Network-level intelligence offers a more resilient model for detecting and disrupting organised fraud.
From Detection to Disruption
The approach outlined in the paper reflects a broader transition in fraud prevention, where detection is no longer limited to individual events but extends to understanding how activity is connected across systems.
This allows organisations to act earlier and more consistently, addressing fraud patterns before they scale.
The full white paper explores these concepts in greater detail, including the underlying architecture and practical considerations for implementation.
Latest blogs & research
GASA Mexico Shares Scam Prevention Tips During the 2026 FIFA World Cup
GASA Mexico shares practical advice for football fans on avoiding ticketing, travel, phishing and payment scams during the 2026 FIFA World Cup.
Watch the Global Anti-Scam Summit Europe 2026 Session Recordings
Watch keynotes, panels, workshops, working group sessions and Scam Fighter Awards recordings from the Global Anti-Scam Summit Europe 2026 in Lisbon.
Public-Private Partnerships in Action: Key Takeaways From the Global Anti-Scam Summit Europe 2026
Key takeaways from the Global Anti-Scam Summit Europe 2026 on how public-private partnerships can strengthen scam prevention, intelligence sharing, regulation and victim protection.
Nomorobo Joins Scam.org to Shield Consumers from Fraudulent Calls and Texts
Nomorobo has joined Scam.org as a member partner, bringing call and text blocking technology into the platform to help consumers protect themselves from fraudulent communications.
Scams Continue to Rise in Germany: Two in Three Adults Encountered a Scam in the Past Year
The Global Anti-Scam Alliance (GASA), in collaboration with Worldline, has released the State of Scams Germany 2026 Report.
Anatomy of an Investment/Crypto Scam
On 21 May, the Global Anti-Scam Alliance (GASA) hosted a webinar bringing together leading voices from the crypto industry, law enforcement, compliance, and civil society.
ICC and GASA Publish Best Practices Framework for Combating Scam Advertising
ICC and GASA have published a best practices framework for combating scam advertising, focusing on risk-based verification, transparency, reporting and collaboration.
Scams Surge Across the U.S.: 82% of Adults Targeted as Engagement and Losses Continue to Rise
The Global Anti-Scam Alliance (GASA), in collaboration with Iris® Powered by Generali, has released the State of Scams USA 2026 Report.