[Money20/20 - Fingerprint video interview] APP fraud, device intelligence, and adaptive friction explained

During Money20/20 Europe, we sat down with Ekan Subramanian, VP of Engineering at Fingerprint, to discuss current fraud trends and the latest fraud detection and fraud prevention solutions on the market.

Authorised push payment fraud has exposed a structural weakness in traditional fraud prevention. In this model, the user often appears legitimate, passes authentication and initiates the transfer themselves. The problem is not failed identity checks. It is manipulation. That shift matters because controls built to verify identity are less effective when a genuine customer is being coached, pressured or deceived into making the payment.

Why APP fraud demands a different response

In this video, Ekan makes a clear point: blanket friction is a poor answer to a more nuanced threat. When institutions add hurdles across the entire payment journey, they may reduce some risk, but they also frustrate genuine customers and increase the likelihood of churn. The challenge is no longer simply to block suspicious transactions. It is to distinguish between low-risk behaviour and signs of coercion or compromise without degrading the experience for everyone else.

 

 

That is where device intelligence becomes more valuable. By analysing signals across the customer journey, firms can assess whether a session is consistent with historical behaviour, whether remote access tools may be present, or whether developer tools and other anomalies suggest manipulation. This creates a more continuous view of risk than one-off checks at login or payment confirmation.

The video also highlights a wider use case beyond the sending side of a payment. Device-level analysis can help uncover mule activity, such as a single device being used to open or access multiple accounts. In practice, that means fraud teams are not only assessing individual transactions; they are also looking for coordinated patterns across networks.

Regulation and AI are raising the stakes

The UK’s mandatory reimbursement regime has pushed APP fraud out of the narrow domain of security and into customer experience, operations, and balance-sheet risk. Financial institutions are now under pressure not just to stop fraud, but to evidence why a decision was made, why friction was introduced, and why legitimate transactions were allowed to proceed. Auditability is becoming as important as detection.

This is why the 'Goldilocks zone' described in the conversation is so relevant. Adaptive friction allows firms to intervene only when risk signals justify it, rather than imposing blanket controls on every user. At the same time, the rise of AI-enabled fraud means attackers can mimic normal behaviour more convincingly and on a greater scale. As a result, detecting bots, proxies, geolocation spoofing and AI-driven automation is becoming part of mainstream fraud defence rather than a specialist layer.

The broader lesson is straightforward: as APP fraud becomes more behavioural, prevention must become more contextual. Static controls were built for a different threat landscape.

About the interviewee

Ekan Subramanian is the Vice President of Engineering at Fingerprint, where he leads a team of engineers and researchers building the world's most advanced device intelligence platform. With more than 30 years of experience leading engineering organisations, from early-stage startups to global enterprises, Ekan brings deep expertise in technical architecture, product development, and scaling high-performing teams.

Prior to Fingerprint, Ekan spent seven years at New Relic, most recently as VP of Engineering, where he led globally distributed teams across core product, infrastructure, and developer platforms.

Ekan lives in Portland, Oregon, and enjoys travel, gardening, and anything tech.

About the company

Fingerprint detects the intent of human and agentic visitors. Our device intelligence platform identifies over 1 billion unique devices every month and processes hundreds of signals to help fraud teams distinguish trusted visitors from bad actors at speed and scale. Over 6,000 companies, including Dropbox, Booking.com, and checkout.com, use Fingerprint every day to recognise high-risk activity in real time, prevent fraud attacks, and deliver frictionless user experiences.