Fraud Prevention the Pep Guardiola effect

You can have all the offensive prowess with an abundance of intelligence and strategy but without a threat response, defense, you’re going to leak goals and let attackers in. So, what does a next generation defensive solution look like?

Greg Hancell

21 Sep 2023

Fraud Prevention the Pep Guardiola effect

There are parallels between the evolution of football and financial cybercrime prevention (AML and Fraud), we will look to lay out the similarities in the article.

Pep Guardiola is famous for inventing Tici-Taka football. A style of football that is world renowned and loved for the fluidity, movement, and overall dominance that his teams exert over their competition. They pass and move in such a way that they have complete control over the game and usually dominate possession with 65% and above.

His team defend from the front, they close down passes, they intercept, and recover the ball quickly. They excel in transition, to transform defence into attack, this unique style has been replicated world over by other football coaches.

There is however another component to this football style, that is often overlooked. The goalkeeper.

Historically, the goalkeeper was held in high regard for their capability to stop shots, intercept crosses and how far they could clear the football away from their goal. They were the last point of defence against the attackers trying to put the ball over the goalline.

Goalkeepers had a truly unfavourable job in footballing terms. As they were only ever remembered for their mistakes. There are blooper reels where goal keepers were not able to stop a simple shot, or miskick a clearance and gifting the opponents a goal, or humiliatingly being in the wrong place and getting lobbed by the attacker.

Goalkeepers had to be tough physically and mentally as they could often go for long periods of the game with next to no defensive duties to do, yet when called upon had to be 100% ready and react in an instant to stop the threat.

Additionally, that one mistake, could play on them for the rest of the season and career as they didn’t have an opportunity to make up for the mistake they made.

Those of you that work in Fraud Prevention may already be able to see the similarities of the last line of defence the goalkeeper and your own role in an organisation.

Under Pep Guardiola this changed, the Goalkeeper became an offensive player.

As the offensive player, they are expected to be an expert in fluidly transitioning defence into attack. Pep ultimately had an unfair advantage over other teams by gaining an additional 11th outfield player, by changing what a goalkeeper does.

They are no longer expected to kick the ball as far as possible into the opponents half, instead they are expected to make short possession based passes. This required a mindset shift and an evolution in football, ultimately Pep created an additional player on the pitch for his style of possession-based football that defended in an offensive way.

Some of you may be completely lost as to where this article is going, some may understand it however may not yet have understood the relevance to fraud and AML, others may already know what I am about to say.

The thing is.

Fraud prevention and AML teams are the goal keepers of financial institutions. They are only ever remembered or in the news for a scandal, or an attack they failed to prevent.

They can have a brilliant year identifying fraud, keeping customer’s money safe, closing accounts suspected of money laundering and defending wave after wave of attacks.

In the shadows they may have stopped your account from an attacker imitating you, the reader, without your knowledge.

And yet one event can undo all of this in the public eye.

Fraud prevention is having its own Pep Guardiola evolution right now. Instead of the teams being the last line of defence and waiting for an attack to safely clear the danger as far away as possible. The teams can go on the offensive and defend from the front.

This switch in mindsets allows you the capability to identify and stop attacks before they do damage, as opposed to react to attacks that are playing out and damaging the financial institution.

Those of you in cyber security will likely have come across something similar, in the form of a cyber fusion centre whereby you unify offensive and defensive capabilities into one area.

So, what components make up a cyber fusion centre?

  • Technical (offense)
  • Strategic (style of play)
  • Threat Response (defense)
  • Orchestration and Automation (recovery and transition)

Do the same components transfer to a next generation fraud prevention solution?

Yes, and we will now cover each in turn.


Otherwise known as offensive capabilities. Rather than just waiting for a fraudulent transaction to occur you can instead reach out and gather intelligence on those that are trying to attack you and compromised device / accounts.

This is typically comprised of:

  • Open-Source Intelligence (OSINT)
  • Cyber Threat Intelligence (CTI)
  • Own intelligence
  • Sanctions / PEP’s / HR Countries

This is all the intelligence that the organisation should know in order to be able to identify an attack before it causes damage.

For example, you might want to be able to know about compromised devices interacting with your product, or customer accounts that are compromised, or mule accounts available to be purchased on the dark web, or compromised identities available to be purchased on the dark web. These potential points of compromise can be identified during an attack to reduce fraud.

These signals are important to recognise attackers automating a coordinated attack on the Financial Institution (FI) and is a way to defend from the front.


It’s great to have lots of intelligence about devices, accounts, identities and customers, however without knowing the impact that this is having in the market, other financial institutions and on your FI it is somewhat meaningless.

Strategic intelligence, enables those using a fraud prevention solution to understand what is happening and what the likelihood is that they will also be attacked with a similar method. Typically, this is comprised of the following:

  • Threat Intelligence Network
  • Dashboards / Reports state of play
  • Cross financial institution real time attacks
  • Product risk understanding

A key separator in CTI, OSINT and a threat intelligence network is the ability to link with certainty the signals to the FI’s customer set.

In footballing terms this is how you setup your football style to limit the amount of attacks you will face, by knowing your weaknesses and covering for them with offensive attributes that generates a threat to the attacker.

Threat Response

You can have all the offensive prowess with an abundance of intelligence and strategy but without a threat response, defense, you’re going to leak goals and let attackers in. So, what does a next generation defensive solution look like?

  • Real time decisioning solution
  • Accurate Machine Learning Models
  • Continuous Machine Learning Features and Data
  • Daily Adaptive Machine Learning Models (drift proof)
  • Advanced Alerting and investigation
  • Simulated attack “war room”

This is the capability to setup the application to be able to predict and defend against attacks. It is important for you to truly understand the opposition and the FI to determine where the attack will likely play out and crucially how you react when it does.

The more you can remove from human decision making, in a potentially stressful situation, and instead automate under a predefined risk matrix the better. Doing so will remove bias and outcomes that generate a greater attack surface. In footballing terms, mistakes happen when players react to situations they have not trained for or are caught out of position.

Security Orchestration, Automation and Response (SOAR)

A football coach will practice drill after drill with their players, to build muscle memory and to react quicker to the opponent. That same technique is effective in fraud prevention. Typical components here include:

  • Behavioural and Continuous transparent Authentication
  • Run time application self-protection to protect devices under attack

When put brought together in a seamless way the fraud prevention solution can transform the business from one that blocks, inhibits growth and is blamed when there is a successful attack.

To a solution that enables more business, enables more balanced risk taking, and the capability to defend from the front by having an extra player to attack.

What can this type of solution identify:

  • Synthetic identities
  • Known compromised accounts
  • Compromised devices
  • Compromised cards
  • Mule Accounts
  • Mule Networks
  • Fraudulent transactions
  • Fraudulent transfers
  • Fraudulent beneficiary creation
  • Authorised Push Payment Scam
  • Secret Shopper Scam

Deploying such a solution will therefore help you to dramatically reduce fraud and false positives, ultimately taking charge of the situation. The benefits are:

  • Reduced fraud
  • Reduced fale positives (reduction in alerts)
  • Increased cyber threat intelligence
  • Greater surety to enable more business
  • Reduced time to onboarding
  • Reduced funding of organised crime
  • Compliance to regulation
  • Improved organisational efficiency
  • Happier fraud team

What’s stopping you from transforming your fraud prevention prowess from defensive only into a seamless attack and defense solution?

If you’re interested to find out more why not reach out to Lynx on the contact details below.

Lynx has helped numerous financial institutions make the transformation from a slow, unreactive, defensive only, fraud prevention solution. We enable companies to transform to a dynamic self learning fraud prevention solution that both attacks and defends, giving you the extra player.

We have deep knowledge on device, user behaviour, locations, travel, spend, patterns of interaction, their associated beneficiaries, how much money they typically transfer/ spend and when. We have market leading bespoke algorithms with the most accurate models that learn every day so you can too.

Why don’t you give us a try?

We live and breath data and are experts in data science. We have world class algorithms, insight and intelligence. We ensure that:

  • Our models are the best in the business
  • We reduce your costs by reducing false positives by up to a factor of 100 compared to rules
  • We reduce fraud significantly
  • We reduce the complexity of rule building
  • We improve job satisfaction and alert fatigue by giving you meaningful alerts
  • We continuously learn to changing attacks and new products / customer behaviour

We’re confident that we’re able to stop the attacks you face and have been doing so for over two decades.

We’re the Pep Guardiola of Fraud Prevention, the Machine Learning solution you’ve been patiently waiting for since they came onto the scene. Allow us to help you transform your organisation to stop more fraud, reduce operational overheads, enable seamless customer experiences, and transform your fraud teams capabilities to seamlessly predict, identify and react to attacks.

So why don’t you reach out and ask for a P.o.C. today, you won’t be disappointed.

Copied link

This site is registered on as a development site.