If Google Uses It to Find Webpages, We Can Use It to Find Fraudsters
Black Hat USA 2025 · Day 1 · Briefings
David Geer and Ido Ganor demonstrate that TF-IDF — the same text-frequency algorithm that underpinned early web search — can be applied to device and behavioral fingerprints to detect fraud at scale without requiring labeled training data or expensive model retraining. In proof-of-concept deployments at a bank and a mobile network operator, the technique added up to 9% recall on top of existing detection systems at equivalent precision, with minimal compute cost. ---
AI review
Applying TF-IDF to device fingerprints for fraud detection is a clever reuse of a 30-year-old IR technique, and the 9% recall uplift on top of a production bank system is a real number from a real deployment. But this is a practitioner's optimization talk dressed up as research — the novelty ceiling is low and the threat model hand-waving about agentic AI is exactly the kind of buzzword scaffolding I'd normally penalize harder.