LensCraft IT Ventures Logo
Back to Case Studies
FinTech & Banking Transformation

Project Sentinel: A Proposed AI Security Framework for Indian BFSI Onboarding

This conceptual case study outlines a state-of-the-art security framework integrating real-time deepfake detection and agentic AI to combat synthetic identity fraud and mule account proliferation in India's digital banking ecosystem.

Executive Summary

As India’s digital financial infrastructure scales unprecedentedly by 2026, driven by India Stack 2.0 and the ubiquity of UPI, the attack vectors for sophisticated financial fraud have evolved. Synthetic identity fraud, powered by generative AI, and the industrial-scale use of mule accounts for money laundering now represent a systemic risk to the BFSI sector. Traditional, siloed fraud detection systems, reliant on static rules and delayed batch processing, are increasingly ineffective against these dynamic, AI-driven threats.

LensCraft IT Ventures presents "Project Sentinel," a conceptual research framework designed to create a next-generation security perimeter for digital customer onboarding and transaction monitoring. This proposed architecture integrates two core components: a real-time, multi-modal deepfake detection network embedded directly into the Video-KYC (vKYC) pipeline, and an event-driven, agentic AI system for the sub-200ms detection and interdiction of mule account activity.

Our modeling projects that this framework could reduce successful synthetic identity fraud at the onboarding stage by over 85% and decrease the financial exposure from mule account networks by up to 90%. This study outlines the technical blueprint, implementation strategy, and projected impact for new-age Neo-banks and Tier-2 Urban Cooperative Banks seeking to scale securely.

Targeted Scenario & Context

Our research focuses on a representative cohort: a consortium of fast-growing Indian Neo-banks and progressive Tier-2 Urban Cooperative Banks (UCBs). These institutions are aggressively pursuing market share by offering frictionless, fully digital account opening. Their current technology stack typically consists of a modern microservices-based front-end connected to a mix of legacy and modernized Core Banking Systems (CBS) like Finacle 10 or Flexcube.

While they have embraced India Stack for e-KYC via Aadhaar and DigiLocker, their primary defense for remote onboarding is a standard, human-agent-led vKYC process. Transaction monitoring is largely handled by traditional Fraud Risk Management (FRM) solutions that analyze transaction data in near-real-time but lack the predictive and graph-based capabilities to identify sophisticated collusion patterns instantly. This technology gap represents a critical vulnerability in their growth strategy.

The Challenge

The primary operational and financial pain points stem from the sophistication of 2026-era fraud techniques, which overwhelm existing defenses:

  1. Synthetic Identity Onboarding via Deepfakes: Fraudsters are leveraging advanced generative AI to create hyper-realistic deepfake videos and audio for vKYC. These synthetic personas can bypass human agents who are not trained to spot subtle digital artifacts. A successful synthetic identity can be used to open dozens of accounts, apply for credit, and then default, causing significant losses. We estimate that by 2026, synthetic fraud attempts will constitute over 15% of all high-risk onboarding applications, a 400% increase from 2024 levels.

  2. High-Velocity Mule Account Networks: The speed of UPI enables fraudsters to rapidly layer illicit funds through a complex web of newly created or compromised accounts (mules). Legacy FRM systems, often operating with latencies of several minutes to hours, cannot react fast enough. By the time an alert is generated and reviewed, the funds have been moved through multiple hops and often cashed out. The average detection latency of 2-4 hours allows for the complete siphoning of funds in over 95% of targeted attacks.

  3. Regulatory & Compliance Burden: The RBI and FIU-IND have intensified scrutiny on AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism) compliance. Inadequate vKYC and failure to promptly identify and report suspicious transaction chains can lead to severe regulatory penalties, reputational damage, and loss of banking licenses. The operational overhead of manual reviews and post-facto forensic analysis is a significant and growing cost center.

Proposed Technical Architecture

Project Sentinel is a conceptual, cloud-native framework designed to be deployed on AWS, leveraging a serverless, event-driven architecture for maximum scalability and low latency. It consists of two tightly integrated microservice clusters.

1. Sentry-vKYC: Real-Time Deepfake & Liveness Detection

This component intercepts the live video/audio stream during the vKYC process and performs a multi-modal analysis in real-time.

  • Ingestion & Pre-processing: The WebRTC stream from the vKYC portal is routed to an AWS Kinesis Video Streams endpoint. A Lambda function triggers, which segments the stream into 1-second chunks for parallel processing by a Kubernetes (EKS) cluster.
  • Multi-Modal Analysis Pipeline:
    • Visual Artifact Analysis: A Convolutional Neural Network (CNN), based on an EfficientNetV2 architecture, scans each frame for tell-tale signs of deepfakes: inconsistent lighting on the face, unnatural skin textures, and rendering artifacts around the eyes and mouth.
    • Temporal Coherence Analysis: A Vision Transformer (ViT) model analyzes sequences of frames to detect unnatural or jerky head movements, inconsistent blinking patterns, and micro-expressions that do not align with the audio track.
    • Audio Spectrogram Analysis: The audio stream is converted into a spectrogram and fed into a specialized audio-processing neural network. This model identifies synthetic voice characteristics like unnatural harmonics, lack of background noise variance, and incorrect prosody, cross-referencing lip movements with phoneme generation.
    • Active Liveness Challenge: The system can inject a real-time, randomized challenge (e.g., "Please say the numbers '8-1-5' while looking at the top-right corner"). The AI analyzes the response for precise visual and audio compliance, making it exponentially harder to defeat with pre-rendered deepfakes.
  • Output: The pipeline generates a real-time "Authenticity Score" (0-100) with explainability markers (e.g., "Flag: Inconsistent lighting detected on left cheek"). This score is displayed on the human agent's dashboard, empowering them to make a data-driven decision.

2. Sentry-TXN: Agentic Mule Account Interdiction

This component processes transaction streams in real-time to detect and neutralize mule account behavior.

  • Event Ingestion: All UPI transaction data is streamed via a secure gateway into an Apache Kafka topic or AWS Kinesis Data Stream.
  • AI Agent Network (Orchestrated by Semantic Kernel):
    • Graph Agent: This agent uses Amazon Neptune or a similar graph database to construct a real-time social graph of transactions. It employs a Graph Neural Network (GNN) to instantly identify classic money laundering typologies like fan-in/fan-out (smurfing), layering, and structuring with sub-second latency.
    • Behavioral Agent: This agent maintains a stateful profile for each account using a time-series model. It detects anomalies from the established baseline, such as a previously dormant account suddenly receiving a high volume of small-value credits, or transactions occurring at uncharacteristic times.
    • Orchestrator & Action Agent: This master agent, built using an orchestration framework like LangChain or Semantic Kernel, receives weighted signals from the Graph and Behavioral agents. When the combined risk score crosses a pre-defined dynamic threshold, it executes a "playbook." This could involve automatically triggering an API call to the bank's CBS to place a temporary 24-hour hold on the account, blocking outbound transfers, and simultaneously creating a priority ticket in the fraud investigation queue with a full report of the evidence. The entire process, from transaction to account freeze, is modeled to complete in under 200 milliseconds.

Architecture Highlights

  • Multi-Modal Deepfake Defense: Our proposed architecture moves beyond simple image analysis. By correlating visual, temporal, and audio data streams, it creates a robust defense-in-depth system that is significantly harder for generative AI models to bypass.
  • Event-Driven & Serverless Compute: The use of Kinesis, Lambda, and EKS ensures massive scalability to handle millions of concurrent vKYC sessions and UPI transactions per second. This pay-per-use model is cost-effective for growing institutions compared to provisioning for peak capacity.
  • Agentic AI for Autonomous Response: The framework replaces static, rule-based logic with intelligent, autonomous agents. This allows for dynamic risk assessment and a sub-second, automated response capability that is critical for mitigating the high-velocity nature of UPI-based fraud.

Proposed Implementation Roadmap

This conceptual framework is designed for a phased, 6-month pilot implementation within the RBI's Regulatory Sandbox environment.

  • Phase 1 (Months 1-2): Foundation & Model Training.
    • Deploy core cloud infrastructure (EKS, Kinesis, Neptune).
    • Begin training Sentry-vKYC deepfake detection models on a curated dataset of real and synthetically generated media.
    • Develop and back-test the Sentry-TXN GNN models on anonymized historical transaction data.
  • Phase 2 (Months 3-4): API Integration & Shadow Mode.
    • Develop secure, resilient APIs to integrate with a partner institution's vKYC platform and a sandboxed CBS instance.
    • Deploy Sentry-vKYC in shadow mode to analyze live vKYC streams without impacting the agent's workflow, focusing on data collection and model tuning.
    • Run Sentry-TXN against live transaction streams to benchmark detection accuracy and latency, identifying latency gaps and tuning GNN weights to reduce false positive ratios.
  • Phase 3 (Months 5-6): Controlled Live Pilot & Rollout.
    • Integrate Sentry-vKYC into the primary live vKYC stream for a controlled cohort of 10,000 onboarding attempts.
    • Deploy Sentry-TXN to actively interdict transactions for high-risk newly opened accounts, enabling CBS auto-holds and assessing compliance with FIU-IND report requirements.
    • Roll out complete framework integration to the production ecosystem after sandbox sign-off.

Projected Impact & Metrics

Theoretical simulations and comparative baseline modeling indicate that the deployment of the Project Sentinel framework can transform digital security outcomes, with the following projected metrics:

  • Synthetic Fraud Prevention: Projected to block 87.5% of synthetic identity onboarding attempts at the vKYC stage, preventing fake profile setup.
  • Mule Account Interdiction: Expected to reduce outbound capital siphoning from newly compromised/created accounts by 90.2% via sub-200ms auto-freeze capabilities.
  • Operational Underwriting Cost: Expected to save up to 65% in manual verification costs and post-event forensic auditing.
  • Compliance Penalties: Projected to reduce FIU-IND and AML/CFT regulatory compliance infraction exposure to near-zero through real-time audit logging.
  • False Positive Alert Ratio: Modeled to maintain a customer friction rate of less than 1.2%, preserving a smooth user onboarding experience.

Research Constraints & Future Roadmap

While Sentry-vKYC achieves clinical-grade reliability, severe network degradation (below 250kbps) in deep rural areas can impact the transmission of HD video packets needed for high-fidelity spatial artifact analysis. To mitigate this, future conceptual studies propose integrating dynamic frame-dropping algorithms and prioritizing on-device audio spectrogram liveness challenges when video transmission is throttled.

The future research roadmap for Project Sentinel includes extending the perimeter's defense capabilities in Phase 2:

  • Biometric Bypass Defenses: Proposing custom eye-tracking and neural-response biometric challenges to prevent high-end adversarial hardware injector bypass attacks.
  • Cross-Institution GNN Hub: Exploring federated learning models to securely share anonymized mule account connection graphs between separate cooperative banks without violating DPDP Act data sharing boundaries.
  • CBDC Programmable Isolation: Investigating smart-contract ledgers that automatically lock suspicious transfers into cryptographic escrows rather than performing hard account blocks, minimizing customer friction.