Real-world scenarios where hybrid fraud prevention wins

By Kirsty Berry, Head of Product Marketing & Market Analytics, Compass Plus Technologies

Fraud today is complex, fast-changing, and multi-channel. Criminals adapt quickly, exploiting weaknesses in digital banking, new payment methods, and customer behaviour. Financial institutions are under constant pressure to strengthen defences, but without adding unnecessary friction to genuine customers.

A hybrid approach, combining the transparency of rules with the adaptability of machine learning, offers the best of both worlds. Rules provide clarity and control for known risks, while machine learning adapts dynamically to new behaviours and hidden anomalies. Together, they create resilience where it matters most.

Here’s how this plays out across three critical fraud scenarios.

Account takeover (ATO)

The challenge
Account takeover (ATO) is one of the fastest-growing forms of fraud. It occurs when a fraudster gains unauthorised access to a user’s account, often through phishing, credential stuffing, or malware. Once inside, they can move funds, harvest sensitive data, or commit further fraud in the victim’s name.

Traditional rules-based systems struggle here: a login from a new device or location may be flagged, but too many false positives risk frustrating genuine customers. Machine learning on its own can identify unusual behaviour, but without enforcement mechanisms, it may not be able to intervene quickly enough.

Example
A dormant mobile account (inactive for 30+ days), belonging to a 60-year-old customer, suddenly logs in from a new device. The fraudster makes a few small purchases to test the waters, then closes a deposit account and transfers the funds to a third party. On the surface, each action looks legitimate, but the overall pattern is suspicious.

The hybrid advantage

• Machine learning analyses behaviour across multiple dimensions; login timing, device fingerprinting, transaction sequencing, and highlights deviations from the customer’s long-term patterns
• Rules provide the enforcement layer, such as flagging inactivity combined with high-risk actions, triggering step-up authentication, or blocking transfers outright

The result: financial institutions can detect ATO activity early, while ensuring genuine customers are not locked out unnecessarily.

Money mules

The challenge
Money mules are a vital part of the fraud supply chain. Whether knowingly or unknowingly, individuals allow their accounts to be used for moving stolen funds, helping criminals launder proceeds from scams, trafficking, or cybercrime. Mule activity often looks like ordinary account use: receiving funds, followed quickly by transfers or cash withdrawals.

Rules alone may pick up some red flags, such as repeated high-value withdrawals, but criminals constantly adjust their tactics to stay just under fixed thresholds. Machine learning, meanwhile, can surface anomalies but requires rules to act quickly in real time.

The hybrid advantage

• Rules can detect time-based red flags, such as minimal delay between credits and debits, or bursts of ATM withdrawals shortly after unusual deposits
• Machine learning builds a deep behavioural profile of each account, identifying activity that deviates from the customer’s normal transaction history – whether sudden spikes in velocity, use of new channels, or inconsistent transfer patterns

By working together, the two approaches enable banks to identify mule activity early, intervene before funds are irretrievably moved, and reduce their exposure to financial crime and regulatory penalties.

BNPL fraud

The challenge
“Buy Now, Pay Later” (BNPL) and other emerging payment methods have grown rapidly in popularity, making them an attractive target for fraudsters. A common strategy is to start small: fraudsters make one or two low-value purchases to build trust, then strike with a high-value transaction using stolen credentials or synthetic identities.

Rules-based systems are often slow to adapt to these new payment models, as it takes time to design and test new logic. Machine learning can react more quickly, but on its own, it may not enforce the necessary credit and identity checks to stop fraud in real time.

The hybrid advantage

• Rules enforce safeguards such as maximum instalment volumes, credit exposure limits, and mandatory strong authentication (e.g. 3DS/3RI). They can also be used to blacklist known fraudulent devices or accounts
• Machine learning monitors repayment behaviour, transaction consistency, and spending anomalies – flagging accounts that suddenly deviate from their usual pattern, or that display “bust-out” characteristics

This combination prevents fraudsters from exploiting BNPL channels while maintaining a frictionless shopping experience for genuine customers. Merchants and acquirers also benefit from greater assurance that they can extend BNPL offers without disproportionate risk.

The bigger picture

Across these scenarios, one principle is clear: fraud prevention can’t rely on rules or machine learning alone. Rules bring clarity and enforceability. Machine learning brings adaptability, scale, and the ability to detect unknown threats. Hybrid systems combine these strengths to give financial institutions the resilience they need to protect both revenue and customer trust.

By adopting hybrid fraud prevention, institutions can:

• Detect fraud earlier and more precisely
• Reduce false positives and operational costs
• Scale confidently into new payment channels
• Safeguard customer loyalty and brand reputation

Hybrid fraud prevention isn’t just a technical advantage – it’s an essential strategy for staying ahead of an evolving threat landscape.

To find out more about the advantages of hybrid fraud prevention, check out our latest eBook –