Combating Organized Platform Abuse: Amplifying Weak Risk Signals with Structural Information

Computer Science > Cryptography and Security [Submitted on 8 May 2026] Combating Organized Platform Abuse: Amplifying Weak Risk Signals with Structural Information Meng He, Jia Long Loh Large-scale online service platforms face severe challenges from organized platform abuse: multiple forms such as credit card fraud and promotion abuse continually emerge, characterized by large numbers of involved accounts, rapid outbreaks, and constantly shifting tactics. Existing mainstream approaches, whether heuristic rules limited in precision, supervised learning with insufficient generalization, or graph models that are engineering-heavy and dependent on seed users, have failed to address such threats effectively. This paper returns to first principles and, starting from the economic constraints of fraudulent behavior, proposes the Fraudster's Trilemma: organized attackers cannot simultaneously achieve scale, low cost, and dispersed cash-out. Building on this theory, we derive a robust structural invariant in organized fraud, namely centralized cash-out, and use a simple statistical method to turn low-precision individual weak signals into high-precision strong decisions. The method requires no labels, is nearly parameter-free, white-box interpretable, has linear complexity O(|E|), avoids cold-start issues, and its detection logic possesses the "open-hand" property: attackers cannot evade it even when fully informed. We validate the approach on two real fraud incidents in backtests. In the promotion abuse case, a single near-zero-cost weak signal (global Precision of only 16%) after structural amplification achieves Precision above 91% and Recall exceeding 99% (z=10.0); at a higher threshold (z=40.0), Precision reaches 93.7%. In the credit card fraud case, an infrastructure-layer weak signal (device spoofing) successfully detects payment-layer attacks without any business-logic linkage, revealing the framework's natural MO-agnostic property: it relies more on the structural invariant than on signal semantics. Comments: 11 pages, 6 figures, 8 tables Subjects: Cryptography and Security (cs.CR); Applications (stat.AP) Cite as: arXiv:2605.07383 [cs.CR]   (or arXiv:2605.07383v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2605.07383 Focus to learn more Submission history From: Meng He [view email] [v1] Fri, 8 May 2026 07:38:43 UTC (749 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-05 Change to browse by: cs stat stat.AP References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)