Bank statement fraud and income verification — solved by AI.
CloudZA's platform automatically detects doctored bank statements and validates declared income — cutting manual review queues from days to minutes, and scaling credit origination beyond what any analyst team can match.
The throughput problem — and what AI changes
Manual review can't scale to instant-decision credit origination.
Bank statement review is the bottleneck in every credit origination workflow. Manual throughput is capped, inconsistent, and blind to the forgeries that matter most.
Throughput ceiling
A trained analyst can review a limited number of bank statements per day. As application volumes grow — or seasonal peaks arrive — the queue backs up and time-to-decision extends into days.
Non-standard income misclassified
Self-employed and freelance applicants with irregular deposit patterns fail rules-based income checks at high rates, despite genuine income. Consistent customers are declined on system error, not creditworthiness.
Sophisticated forgeries slip through
Pixel-level edits, font substitutions, and metadata manipulation preserve a statement's visual appearance while altering amounts. Legacy OCR rules don't detect these; a trained ML model does.
Speed mismatch with BNPL competitors
Instant-decision lenders are winning the applications that matter. A manual queue measured in days is a competitive liability when the market expects a same-session outcome.
Fraud detection and income validation, joined into a single pipeline.
Fraud Detection
An XGBoost ML classifier scores each PDF for authenticity using 26 fraud indicators — PDF metadata flags, amount anomaly ratios, and required-field checks. High-risk documents escalate to a GenAI forensic second-check before human review. The system never auto-declines; a human analyst makes every final call on flagged documents.
- 1.Feature extraction from PDF (26 indicators, no OCR required)
- 2.XGBoost model scores fraud probability (0–1)
- 3.High-risk threshold → GenAI forensic pass via Bedrock
- 4.Human analyst reviews flagged documents with AI evidence
Income Validation
An agentic GenAI pipeline on Amazon Bedrock AgentCore that ingests statement PDFs, extracts transactions using per-bank extraction rules, classifies income vs. transfers and fees, detects recurring income streams, and reconciles against the declared amount — producing an auditable pass/fail verdict with supporting evidence.
- 1.Triage: bank identified, duplicate statements collapsed
- 2.Per-bank extraction rules injected; all transactions extracted
- 3.Income classified vs. transfers and fees; inter-account netting
- 4.Recurring streams detected; reconciled against declared amount
From PDF upload to credit decision — automatically.
Bank statement PDF uploaded
Application submitted; statement PDF ingested into private VPC. No data leaves your AWS account.
Fraud detection: XGBoost ML model scores the document
26 fraud features extracted from PDF structure and metadata. XGBoost model returns a fraud probability score (0–1).
Threshold gate · 0.44
Score below threshold → Income Validation · Score above threshold → GenAI forensic check
Income Validation pipeline
Agentic GenAI extracts, classifies, and reconciles income against declared amount.
Automated verdict
Pass/fail with transaction evidence logged — auditable credit decision record.
GenAI forensic second-check
Claude on Bedrock examines document structure and transaction patterns in depth.
Human escalation
Analyst reviews with AI evidence. The system never auto-declines — human makes the final call.
Built for the credit origination workflow.
100% automated first-pass review
Every application runs the fraud score and income validation pipeline automatically — your analyst team handles the edge cases, not the routine queue.
Per-bank extraction knowledge
Bank-specific extraction rules injected at runtime. Column layouts, date formats, sign conventions, and income signals handled correctly for each institution.
Declared vs actual income reconciliation
Recurring income streams detected from transaction history and matched against the declared amount — with inter-account transfer netting to avoid double-counting deposits.
Confidence-based referral
Uncertain results refer to a human rather than producing a fabricated verdict. Borderline fraud scores trigger the GenAI forensic pass; borderline income classifications flag for analyst review.
Full audit trail
Every decision — fraud score, income classification, reconciliation reasoning, and outcome — is stored with its evidence in a structured record that supports credit decision documentation requirements.
No public surface
The entire platform runs in a private VPC with no internet-facing endpoints. All access is via VPN and internal ALB. Financial PII never traverses the public internet.
Built to meet POPIA, GDPR, and CCPA requirements.
This platform was designed from the ground up to satisfy data protection obligations across South Africa, the EU, and the US — not adapted to fit them. Every design decision about data flow, audit trail, and human-in-the-loop escalation was made with cross-jurisdictional regulatory obligations in mind.
All data processed and stored in your chosen AWS region. No data leaves your account. Financial PII stays within the private VPC at all times.
SA customer data processed in af-south-1. No cross-border transfer of South African personal information. VPC-isolated with configurable retention periods and data minimisation built in.
EU customer data processed in eu-west-1. Data minimisation, right-to-erasure support, and full audit trails for automated credit decisions satisfy Articles 13, 22, and 25.
US consumer data isolated in your chosen US region. Supports right-to-delete and data inventory requests. Processing records maintained for regulatory audit and consumer rights fulfilment.
Private VPC. Your chosen AWS region. No public surface.
Both platforms run entirely within a private VPC in your chosen AWS region. No internet-facing endpoints. Operator access via VPN and internal ALB only. AWS Cognito handles authentication with JWKS baked into the container image at build time — no internet call needed at runtime.
What the platform delivers at a lender.
| Metric | Manual / legacy | With CloudZA AI platform |
|---|---|---|
| Daily application throughput | Limited by analyst capacity | Scale to any volume — AI removes the throughput ceiling |
| Income classification | Rules-based OCR — fails on irregular income (self-employed, freelance) | Per-bank GenAI extraction with income-stream detection |
| Fraud detection | None / visual review — misses pixel and metadata manipulation | ML scoring on 26 fraud indicators + GenAI forensic pass |
| Decision auditability | Manual analyst notes — inconsistent, incomplete | Structured verdict + transaction evidence in audit-ready record |
| Time to decision | Days — queue-limited by analyst capacity | Minutes for automated first-pass; human queue for edge cases only |
Let AI handle the review queue. Let your analysts handle the edge cases.
We'll assess your current bank statement review workflow, map your bank coverage requirements, and scope a platform deployment that fits your regulatory obligations and throughput targets. Built for your AWS account. Operated by CloudZA.