Investigation Workbench
CASE-2847 · High-velocity CNP fraud ring · P1
P1 · CRITICAL SLA 3h 12m
Case profile
Case IDCASE-2847
Opened2026-05-14 14:42 UTC
AssigneeM. Chen · Tier-2 Fraud
ReporterAuto / fraud-xgb-v14
StatusInvestigating
PriorityP1
Risk score94 / 100
Linked entities47
Estimated loss$1,284,400
Tags
CNPmule-networksynth-iddevice-reusecross-border
Behavioral signals
- • Typing cadence 2.4σ from baseline
- • Mouse curvature anomaly: 0.81
- • 14 sessions / 6 devices in 24h
- • Login geo: US → AE → SG → US (9m)
Device intelligence
- • DEV-8FA21C0E shared with 8 accts
- • Browser fingerprint reused 47×
- • VPN exit · TOR likelihood 0.72
- • Emulator signature detected
Transaction pattern
- • 132 txns / last 24h (baseline 4)
- • Avg amount $9,830 (baseline $84)
- • 84% to high-risk MCCs
- • 4 cross-border in 11 minutes
Network exposure
- • Connected to mule cluster #4421
- • 2 hops to OFAC-sanctioned entity
- • 12 confirmed mule accounts in ring
- • $1.84M moved through cluster
Investigation timeline
14:42:08
system · TXN-2847 flagged · score 94 · auto-blocked
14:43:11
AI Copilot · Linked to 3 prior chargebacks on DEV-8FA21C0E (mule cluster #4421)
14:51:27
M. Chen · Promoted to CASE-2847. Pulled 30-day txn history.
15:02:50
AI Copilot · Generated entity graph at hop-depth 2. 47 connected accounts. Drafted SAR narrative.
15:18:04
M. Chen · Confirmed 12 mule accounts. Filed freeze request to ops.
15:24:41
system · Account freeze acknowledged · 12 accounts placed on hold