For Banks · Technical Overview

Edge-Native Fraud Telemetry & Threat Intelligence Federation

Waspada AI · July 2026 · Enterprise / Bank Partner Brief

Abstract

Modern financial ecosystems face an asymmetric threat: instant, automated bank fraud orchestrated through coordinated mule account networks. In Malaysia, where mobile-centric digital banking and e-wallet transfers (MAE, Setel, Touch 'n Go) dominate, the lag between a victim executing a transfer and the National Scam Response Centre (NSRC) or receiving bank blocklisting the mule account represents a multi-million dollar vulnerability. Furthermore, regulatory frameworks like the Personal Data Protection Act (PDPA) limit the sharing of threat intelligence due to risks of exposing victim or bystander Personal Identifiable Information (PII).

Waspada AI resolves this structural vulnerability by introducing an edge-native fraud telemetry and threat intelligence federation ecosystem. By parsing transaction receipts and chat logs on-device inside the host banking application, Waspada extracts core threat indicators (mule account numbers, bank BIC codes, scammer aliases, and malicious URLs), strips PII (NRIC, phone, email), and cryptographically uploads the metadata to an Orchestration Gateway. The Gateway standardises the telemetry into STIX 2.1 bundles, enabling RMiT-aligned advisory threat feed distribution across participating banks and security operations centres (SOCs).


1. Introduction & The Mule Problem

Mule accounts are the lifeblood of digital fraud. Once a scammer tricks a victim, funds are routed through multiple layers of compromise within seconds. Current defence frameworks are bottlenecked by:

Waspada AI bypasses these hurdles by pushing the intelligence extraction to the edge (the mobile client) and standardising the egress metadata using the Structured Threat Information Expression (STIX 2.1) global format.


2. Architecture Overview

Waspada AI is organised into a modular architecture spanning three layers: the client-side Edge SDK, a centralised Orchestration Gateway, and downstream integrations with bank risk engines and SOC platforms.

CLIENT EDGE Edge SDK Regex → NER → SLM PII Redaction Platform / Web AI Cryptographic Signing JWT ORCHESTRATION GATEWAY Waspada API Signature Verification PII Firewall (L2) Domain Enrichment Threat Feed Formatting STIX DOWNSTREAM Bank Risk Engines SOC / SIEM Platforms Analyst Dashboards Regulatory Feeds CrowdStrike / Splunk

2.1. Client-Side Edge Extraction (Three-Tier)

The Edge SDK implements a multi-tier extraction pipeline that runs entirely on the client device. No receipt image, PDF, or raw OCR text is uploaded to Waspada servers.

2.2. Receipt & Image Processing

2.3. Public Triage Path (Citizens & NGOs)

Alongside in-app bank embedding, Waspada operates a public digital defense front door:

Banks buy the intelligence feed; citizens and community responders use free triage. CSR sponsorship can fund public hosting without replacing FMS procurement.

Privacy-by-Design: At no point does a receipt image, PDF file, or raw text leave the client device for Waspada cloud inference. Only extracted, PII-stripped threat indicators are transmitted to the gateway. Scammer aliases may egress under configurable policy (hash / include / omit). Platform AI (Apple / Android) and the web SLM both run on-device or in the browser sandbox.


3. Security Model & RMiT Alignment

Deploying within Bank Negara Malaysia's (BNM) Risk Management in Technology (RMiT) framework requires strict security properties. Waspada's security model addresses three critical areas. This is a paragraph-cited mapping — not BNM certification.

3.1. Non-Repudiation & Replay Protection

Telemetry payloads must not be replayable by third parties. Waspada implements a multi-layer authentication and integrity scheme:

Note: Implementation details of the replay protection mechanism, key rotation schedules, and cache eviction strategies are available under NDA to pilot partners.

3.2. Privacy Controls (PII Scrubbing)

Before any metadata leaves the client device, it passes through a PII scrubbing filter calibrated for Malaysian formats. Detectors strip:

The structured telemetry schema does not select victim names or account balances for egress. Scammer aliases may egress under configurable policy (hash / include / omit). Absolute “zero PII egress” is not claimed.

The gateway implements a secondary PII firewall that re-scans incoming payloads for NRIC / phone / email. Any payload that fails the secondary check is rejected — defense-in-depth against SDK tampering.


4. Federated Interoperability (STIX 2.1)

The Orchestration Gateway formats validated telemetry into Structured Threat Information Expression (STIX) 2.1 objects. By mapping extracted details into threat indicators and cyber observables, the threat feed connects natively to existing security pipelines.

Example output (sanitised):

{
  "type": "bundle",
  "id": "bundle--[generated-uuid]",
  "objects": [
    {
      "type": "indicator",
      "pattern": "[bank-account:account_number = '[REDACTED]'
                AND bank-account:bic = '[BANK_BIC]']",
      "pattern_type": "stix",
      "valid_from": "2026-07-09T09:00:00Z",
      "indicator_types": ["malicious-activity"]
    }
  ]
}

These bundles are streamed via authenticated Server-Sent Events (SSE) to analyst dashboards, and can be exported for ingestion by SIEM platforms including Splunk, CrowdStrike, and Elastic Security.


5. Deployment Model

Waspada is designed for flexible deployment:


6. Conclusion

Waspada AI bridges the critical latency gap in fraud detection while strictly respecting personal data privacy laws. By executing parsing and redaction on the customer's device, banks can share active mule indicator feeds across the ecosystem within seconds of a scam occurring. Standardising this data flow with STIX 2.1 allows the financial sector to build a united, automated front against financial fraud.

The platform is currently in pilot stage, designed for integration with forward-thinking Malaysian banks, regulatory bodies, and anti-fraud teams. Full technical documentation, architecture deep-dives, and security audit reports are available to pilot partners under mutual NDA.

Ready to integrate?
Full SDK documentation, API references, security architecture, and CISO compliance packs are available now. Pilot access available under NDA.