AI fraud detection for lenders: patterns, prompts, and the playbook

There are two ways to write about fraud in lending. The first is to tell horror stories and sell a product. The second is to tell you exactly what you’ll face, what the current state of AI actually catches, and what it doesn’t, in enough detail that you can make real defensive choices. This post is the second kind.

I’ll walk the four fraud patterns that account for the vast majority of losses at small-to-mid-sized lenders, where AI earns its seat in the defence, the specific prompts and decision trees that work, and — crucially — the things AI still misses and what you need to do about them.

The four patterns that matter

There are a hundred variants of fraud. There are four families. Every material loss you’ll encounter at a small lender will be some variation of:

1. Synthetic identity fraud. Real PAN, real phone, real address, but combined to produce a human that doesn’t actually exist. The breadcrumbs look plausible; the person behind them doesn’t.
2. Document manipulation. Payslips, bank statements, employment letters, tax returns — each one surgically edited to overstate income, understate obligations, or fabricate employment tenure.
3. Ring fraud. Multiple applications, different names, different PANs, but overlapping addresses, employers, co-applicants, or repayment accounts. Invisible one-at-a-time; obvious in aggregate.
4. Re-verification and payout-stage scams. A legitimate borrower is approved; then between approval and disbursal, the bank account changes, the OTP moves, the phone number is redirected — and the money disburses to the attacker.

Anyone trying to defend you against “general fraud” without this taxonomy is selling you ungrounded comfort. Anyone selling you defence against one of these four without acknowledging the others has a product to push.

Pattern 1 — Synthetic identity

Synthetic identity is the fastest-growing pattern globally and the one AI is, honestly, best positioned against.

How it works. The fraudster assembles an identity from real pieces — a genuine PAN (bought, stolen, or aged), a valid phone number, a real address, sometimes a plausible LinkedIn history — then applies for credit as that “person.” The bureau initially has no history, but some patterns create bureau history over months before the fraud event. When the loan disburses, the synthetic identity vanishes.

Why humans miss it. Each individual element looks clean. The PAN verifies, the phone is active, the address exists, the LinkedIn is plausible. A human underwriter has no anomaly to anchor on.

Why AI catches it. The pattern across signals is the tell. Synthetic identities show signature inconsistencies: timing mismatches (phone is very recent; address is older), fragmentary digital footprint (the LinkedIn is thin, the email address is very young), geographic incoherence (PAN from one state, phone from another, employer in a third), and behavioural flatness (application filled out with no typos and perfect consistency, because the fraudster is copy-pasting). An LLM prompt that asks — “Given these data points about one applicant, are there inconsistencies or anomalies in how the signals fit together?” — produces useful output roughly 80% of the time.

The prompt that works (abbreviated — full version in the Fraud Playbook):

You are a lending fraud analyst. Given the applicant's structured data and digital
footprint below, evaluate the coherence of the signals.

Focus on:
- Temporal consistency (when were the digital breadcrumbs created?)
- Geographic coherence (do the locations across signals align?)
- Footprint density (is the digital presence realistically thick for a human of this age?)
- Behavioural smoothness (is the application suspiciously error-free?)

Return: risk_level, findings with confidence scores, recommended verification steps.

Where it fails. (a) When the synthetic identity has been patiently “aged” for 12+ months before applying, with real bureau history. (b) When the fraud is tied to a real person’s identity that was stolen rather than synthesised. For both, the text-pattern prompt has no anomaly to catch, and you need bureau-level analytics plus out-of-band verification (video KYC, live address visit).

Pattern 2 — Document manipulation

This is where AI surprises people most, in both directions: it catches what human underwriters miss, and it misses what confident demos claim it catches.

What AI catches well. Arithmetic inconsistencies (salaries that don’t add up, deductions that don’t sum, balance-forward mismatches). Formatting oddities that leak through (font inconsistency described in pasted OCR text, template-version mismatches). Cross-document contradictions (payslip says role X, employer letter says role Y). The prompt that scans for these — published in the Prompt Library — catches 65–80% of amateur manipulation depending on your document mix.

What AI misses. Internally-consistent fake documents. If the fraudster builds a fake payslip where the gross, deductions, and net all reconcile, the template is pixel-perfect, the employer name is a known-clean one, and there are no cross-document contradictions — the LLM has no anomaly to flag. This is the category that grows as fraud professionals get better tooling (and increasingly, use LLMs themselves to produce clean fakes).

The defence-in-depth pattern that works.

• Stage 1 (AI): run the document-consistency prompt on pasted text. Clear obvious manipulation.
• Stage 2 (deterministic): verify employer via an independent source — direct HR-email ping, employer registry lookup, or confirmed LinkedIn handle cross-check.
• Stage 3 (metadata): for PDFs, extract PDF metadata (creator software, creation date, revision history). A payslip with creator “Adobe Photoshop” is not what you want to see.
• Stage 4 (outlier-based): compare this applicant’s income-to-age-to-role to your population distribution. Outliers beyond your tolerance get routed to senior review.

No single stage catches everything. Together, the four stages catch the vast majority of the manipulations that matter, because even sophisticated fraudsters slip at one of the four layers.

Pattern 3 — Ring fraud

Ring fraud is the pattern most classically missed by lenders who are good at individual underwriting but not good at aggregate pattern-recognition.

How it works. A fraud ring submits 10, 20, or 50 applications in a short window, each one passing individual underwriting, but sharing a common factor: the same repayment bank account; the same address (sometimes with different flat numbers); the same declared employer that turns out to be fraudulent; the same co-applicant PAN appearing as reference across files; the same IP address at application time.

Why humans miss it. A human underwriter sees files one at a time. By the time the pattern is obvious, the ring has drawn down the loans and vanished.

Why AI catches it, cleanly. Ring fraud is a graph problem. Given a batch of recent applications, an LLM is surprisingly good at surfacing the overlapping nodes when given the right structured prompt. More reliably, though, it’s a SQL problem: a simple query that groups applications by address, by employer, by repayment account, or by co-applicant PAN, and flags any group with more than N loans in a rolling window — this catches 90%+ of rings for a cost of one batch query per week.

The recommended pattern (full SQL + AI dossier prompt in the Fraud Playbook):

1. Weekly SQL batch: group applications in the last 30 days by (a) repayment account, (b) normalised address, (c) declared employer, (d) co-applicant PAN. Flag groups with ≥3 applications.
2. AI dossier prompt on each flagged group: paste the applications in the group and ask the LLM to write a fraud-dossier assessment — what’s the case for or against coordination? The prompt is particularly good at identifying the subtle cross-file patterns (same writing style, same typos, same unusual purpose stated differently).
3. Human review on the dossier — never auto-decline on a ring flag. False positives happen (real families sharing an address, real workplace colleagues in the same building).

Pattern 4 — Re-verification and payout-stage scams

This is the pattern AI doesn’t really help with, and it’s the one that bites the most sophisticated lenders most often because their AI is so good at the underwriting side that they under-invest in the post-decision workflow.

How it works. A legitimate applicant is approved. Between approval and disbursal — a window that is often days or weeks for amounts above a threshold — someone (sometimes the real applicant, sometimes a hijacker) changes the repayment account, or re-verifies the phone number, or requests a disbursal to a different IFSC. Money moves. The real applicant, sometimes, has no idea.

Why AI doesn’t help. This is a workflow problem, not a text-pattern problem. The pasted application data hasn’t changed. The scorecard still grades the same. There’s nothing for an LLM to notice.

What works — workflow defences:

1. Freeze the repayment account at the moment of approval. Any change requires a fresh out-of-band verification, not just an OTP to the same phone.
2. Bank-account name match at disbursal time — if the IFSC-linked account name doesn’t exactly match the approved applicant’s name, the disbursal holds.
3. Video-KYC at disbursal for amounts above a threshold — adds friction, but the right amount for the right threshold.
4. Cool-off period — disbursals auto-delay by 24h if the applicant’s phone, bank account, or email changed within the last 7 days.

None of these need AI. All of them need a product manager to actually build them.

What AI genuinely still misses

Three categories stay meaningfully hard in 2026.

Sophisticated document manipulation with internal consistency. As covered above. Counter: metadata forensics + outlier analytics + direct employer verification.

Collusive employer fraud. A real, verified employer attests to a fabricated employee. Often the “employer” is a shell company set up precisely for this, with just enough real presence (a website, a phone, a verified employee or two) to survive shallow checks. Counter: maintain a trusted-employer registry; for unfamiliar employers, require richer evidence (GST filings, provident fund records, multiple independent contact channels); for large loans, do on-site verification.

Deepfake / voice-clone video KYC. Rapidly advancing on the attacker’s side. Liveness checks are in an arms race with generation models. Counter: layered liveness (random gesture prompts, real-time environment noise checks), plus — honestly — reduce your reliance on single-session video KYC for loans above a meaningful amount.

The three-stage fraud workflow that actually works

I’ve described the pieces. Here’s how they fit together.

Stage 1 — Deterministic rules first. Run every application through hard rules: PAN duplicate check (against your own applicant history), basic bureau minimum, KYC document validity, employer-registry match. Block obvious failures. This is cheap, fast, and filters out 50% of attack volume without an LLM ever seeing the file.

Stage 2 — AI-augmented checks on the survivors. Document-consistency scan. Synthetic-identity coherence scan. Ring-fraud dossier if the application hit a ring-batch flag. Output: a fraud-risk score plus a structured findings list. Do NOT auto-decline on AI signals alone — that’s how false positives eat your conversion.

Stage 3 — Human review on medium-and-up flags. Anything the AI flags at medium confidence or higher goes to a senior credit reviewer. The reviewer has the AI’s findings as input, plus the deterministic checks’ output, and makes the actual decision.

Tune month-over-month. Month 1 is painful — expect 20–40% false-positive rate that frustrates your operations team. Month 3 should be under 10% as you calibrate thresholds, update banned-employer lists, and retrain your own prompts on your own population.

The compliance overlay

Most regulators — RBI in India, CFPB in the US, FCA in the UK — are explicit that AI-assisted fraud detection is permitted, provided:

1. The AI augments human decisioning, not replaces it.
2. The reasoning for each flag is auditable.
3. The underlying features are non-discriminatory by design.
4. The system is regularly tested for bias.

The RBI Digital Lending Guidelines of September 2022 are particularly clear on this: automated underwriting and fraud systems are allowed, explainability is required, and a human must be in the loop for adverse-action decisions. Design for these from day one — retrofitting compliance into an already-running AI-fraud stack is significantly harder than baking it in.

What to do this week

If you are a small-to-mid-sized lender and your current fraud detection is “our underwriters look carefully,” pick one pattern from the four above — the one that hurt you most in the last 90 days — and build the first stage of the three-stage workflow for just that pattern. Don’t try to defend against all four on day one.

If you want the full playbook — 12 prompts, three decision trees, the case study, the “what AI still misses” chapter — the Fraud Detection Playbook is the direct-to-you version. If you want to start with just the prompts, the AI Lending Prompt Library includes seven of the twelve.

The honest close: fraud is adversarial. The patterns update. What’s described here is the state of play in April 2026. Come back in six months for v2, where the synthetic-identity section will almost certainly be longer and the deepfake-KYC section will have grown teeth.