Fraud detection systems are designed to assess risk at the level of individual transactions or accounts. However, this approach is becoming less effective as fraud becomes more complex.
Fraud is often spread across multiple accounts, devices, and interactions rather than appearing as a single event, making it difficult for traditional detection models to capture this kind of activity.
A white paper from Microsoft, Reinventing Link Analysis: How Digital Fingerprinting and LLMs Are Transforming Enterprise Fraud Detection, authored by Akhil Singhal and Sadhana Viswanathan, explores how combining digital fingerprinting with link analysis can shift fraud detection from isolated events to network intelligence across systems.
From Isolated Detection to Network Intelligence
Traditional approaches work well for known patterns, but are less effective when fraud is distributed across multiple entities.
This has led to a shift towards network intelligence, where relationships between entities are analysed to uncover hidden connections. Rather than asking whether a single transaction is fraudulent, this approach focuses on how multiple interactions relate to one another across time and systems.
Identifying the User Behind Fraud Activity
A central component of this approach is digital fingerprinting, which creates a probabilistic representation of a user based on device, network, and behavioural signals.
These signals can include device characteristics, IP attributes, environmental configurations, and interaction patterns. By analysing how a user behaves, rather than relying solely on static identifiers, organisations can move closer to identifying the individual operating the system.
Identifying the “user at the keyboard” enables more accurate classification of risk, particularly in cases where fraudsters rotate accounts or reuse infrastructure to evade detection.
Connecting Fraud Through Link Analysis
Once suspicious activity is identified, link analysis is used to uncover relationships across historical and real-time data.
By connecting shared attributes such as device identifiers, login credentials, IP addresses, and behavioural patterns, systems can construct a network of related entities. This allows organisations to identify not only the initial fraud signal but also other accounts and transactions that may be connected.
This approach supports earlier detection by enabling organisations to reassess previously approved activity and prevent further abuse. It also shifts detection from identifying individual events to exposing broader fraud networks.
The Role of LLMs in Detection
The paper also outlines how LLMs can enhance link analysis by introducing a reasoning layer on top of traditional rule-based systems.
Instead of relying solely on predefined rules, LLMs can interpret patterns across complex datasets, identifying relationships that may not be captured through static logic. This allows detection systems to adapt more effectively to evolving fraud behaviours while reducing the need for continuous manual rule updates.
Importantly, this layer operates alongside existing controls, supporting decision-making while maintaining governance and oversight.
What This Changes for Fraud Prevention
Together, digital fingerprinting and link analysis enable a shift from reactive detection to preventive disruption of fraud activity.
By identifying connections across users, devices, and transactions, organisations can detect coordinated behaviour earlier and respond at scale.
This approach also delivers clear operational benefits:
- Higher fraud coverage by detecting coordinated networks
- Reduced false positives through probabilistic fingerprinting
- Faster response through automated linkage and blocking
- Greater scalability across large datasets
- Improved explainability through connected fraud relationships
Network-level intelligence offers a more resilient model for detecting and disrupting organised fraud.
From Detection to Disruption
The approach outlined in the paper reflects a broader transition in fraud prevention, where detection is no longer limited to individual events but extends to understanding how activity is connected across systems.
This allows organisations to act earlier and more consistently, addressing fraud patterns before they scale.
The full white paper explores these concepts in greater detail, including the underlying architecture and practical considerations for implementation.
Reinventing Fraud Detection Through Digital Fingerprinting and Link Analysis
A Microsoft white paper examines how digital fingerprinting and link analysis shift fraud detection from isolated events to connected, network-level intelligence.
On the Frontlines: Fighting AI-Powered Scams & Fraud
Experts from Microsoft, OpenAI, Google and C4ADS share how AI is shaping scams and how to fight back.
Telecoms on the Front Line: GASA at the Stimson Center Dialogue on Combating Scams
According to GASA’s Global State of Scams Report, telecommunications channels—voice and SMS in particular—remain a predominant “front door” for scams.
What Really Works in Preventing Fraud Against Older Adults? Insights from Frontline Practitioners
Expert insights on preventing fraud against older adults, highlighting the role of technology, targeted education, bank intervention, and coordinated partnerships.
Brazil’s BC Protege+ Blocks Fake Bank Accounts Before They Can Be Opened
Brazil’s Central Bank launched BC Protege+, allowing individuals and businesses to block bank account openings in their name. With over 1 million activations, the tool offers a structural model for reducing identity-based fraud.
-1.jpeg)
From Vienna to Global Action: Key Takeaways from the UN Global Fraud Summit
Explore key insights from our participation at the UNODC's Global Fraud Summit in Vienna. Discover how AI is changing the scam landscape, the power of national anti-scam centres, and the introduction of the Public-Private Partnership Framework to protect communities from fraud.
League of Protectors: Women Fighting Against Scams
Explore key insights from our International Women’s Month webinar on combating scams. Discover how women leaders are driving cross-border collaboration, digital literacy, and collective action to protect communities from fraud.
The Real Gap in Fraud Defense Is Strategy, Not AI
Fraud losses keep rising despite advances in AI detection. The real challenge is fragmented strategy across banks, platforms, telcos and governments. Effective scam prevention requires coordination, shared signals and earlier intervention.