Payment fraud investigation files

Detects references to payment fraud investigation files in financial and compliance documents. Commonly found in international regulatory filings, transaction records, and audit documentation.

Type

regex

Engine

boost_regex

Confidence

medium

Confidence justification

identifier/document-structure anchored regex with constrained context replaces phrase-only detection. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Mixed

Jurisdictions

global

Regulations

GDPR, PCI-DSS

Data categories

financial

Scope

wide

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported

Pattern

(?is)\b(?:payment\s+fraud|fraud\s+investigation|suspicious\s+transaction|unauthorized\s+transaction|fraudulent\s+activity|dispute\s+case|fraud\s+alert|suspicious\s+activity\s+report|fraud\s+case|investigation\s+file)\b

Corroborative evidence keywords

payment fraud investigation files, payment, fraud, investigation, files, financial, accounts, payments, fiscal, monetary, accounting, treasury, audit, revenue, expenditure, budget, ledger, accounts payable, accounts receivable, balance sheet (+31 more)

Proximity: 300 characters

Should match

• payment fraud — Primary topic phrase match
• fraud investigation — Case-insensitive topic phrase match
• suspicious transaction — Alternative topic phrase match
• unauthorized transaction — Additional topic phrase match

Should not match

• unrelated generic text without domain phrases — No relevant topic phrases present
• placeholder value 12345 — Random text should not match topic-specific regex
• credit premium — Generic word pair from old broad template should not match

Known false positives

• Financial terminology appearing in published reports, accounting textbooks, regulatory guidance, or template documents without actual transaction data. Mitigation: Require corroborative evidence keywords within the proximity window. Cross-reference with structured financial identifiers to confirm actual sensitive data.
• In English (as the primary international business language), standard business terminology overlapping with financial detection keywords in routine correspondence and documentation. Mitigation: Increase confidence threshold when scanning business correspondence. Layer with transaction-specific patterns for higher precision.

References

• https://www.austrac.gov.au/business/core-guidance/reporting/suspicious-matter-reports-smrs
• https://asic.gov.au/regulatory-resources/markets/report-suspicious-activity/
• https://www.austrac.gov.au/business/core-guidance/reporting