Banned Human Banned Human Banned Human Banned Human Banned Human Banned Human Banned Human Banned Human Banned Human Banned Human Banned Human Banned Human Banned Human Banned Human Banned Human Banned Human Anomalous behavior bot / agent stress Confirmed fraudulent session

Detect When an Account Changes Hands

Whether it's an account takeover or a mule handoff, the signal is the same — a new person is operating the account. Our behavioral map tracks every account over time and surfaces the moment control shifts, before any damage is done.

Shared Operator Detection

Detect when the same person is operating multiple accounts. This is typical of many criminal patterns optimizing for scale — one operator behind dozens of accounts leaves the same behavioral fingerprint in every one.

Block the Bad Humans

Every confirmed bad operator carves out a region of the behavioral map that is now permanently theirs. Flag those regions and you stop them at the door — the moment any new account starts behaving like one of the criminals you've already caught, it's caught too.

Watch the test sessions arrive: each one drifts into the map and turns red the instant it lands inside a flagged region.

Fraud Ring Detection

We detect when accounts share the same operator, when groups coordinate across accounts, and when behavioral patterns reveal organized activity. We can map the full shape of a fraud ring from a single confirmed case.

Duress Detection

When someone is being coerced, their behavior changes. The behavioral map encodes these signals continuously — projecting every session along a stress and duress axis — so your fraud team can distinguish a willing user from a coerced one before an irreversible transaction goes through.

Bot / Agent Detection

AI agents can now mimic human behavior convincingly enough to fool traditional detection. In the behavioral map, they don't. Automated sessions cleanly occupy distinct regions from human ones.

The Genesis

Let's analyze the activity on the account you see on the screen . Each individual human being — regardless of which account they use — will form a unique cluster in the behavioral map.

scroll

The Handoff

A typical pattern in fraudulent/abusive accounts is a handoff: the account gets sold from one party to another or taken over. Watch the timeline — the sessions suddenly occupy a completely new region.

scroll

The Suspect

This immediately becomes suspicious - a new person is operating this account.

scroll

Invisible Links

Let's inspect the region surrounding the new handler's cluster for this account.

Scroll to reveal nearby accounts.

scroll

From Detection to Investigation

The second operator also controls two other accounts .

Let us investigate the activity of these two newly suspicious accounts.

scroll

Vertical Integration

By integrating with other platform data such as transaction history, device data, we see that these accounts interacted with three new accounts .

Those accounts are now suspicious themselves — they interacted with accounts controlled by a suspected bad actor.

scroll

Network Expansion

One link reveals the next, and the next, and the next. From a single suspicious account, fraud teams follow behavioral handoffs to the actors behind them, jump from those actors to every other account they operate, cross into transaction edges to find their counterparties, and return to the behavioral map to find who's behind those — until the full topology of the criminal network has surfaced. The investigation no longer ends at the case, but the edges of the network.

Block the Human

Once the criminal network has surfaced, the regions it occupies in the behavioral map can be flagged. From this point on, any new account whose behavior lands inside one of these regions is the same operator — under a new identity.

Watch the test sessions arrive: each one drifts into the map and turns red the moment it falls inside a flagged region.

Interactive Demo

We're changing how platforms use behavioral analysis to combat fraud & abuse. Instead of detecting fraud through pattern recognition in behavior, we discover it through a navigation process and progressively uncover entire criminal networks.

Walk through an example:

scroll

Programmable Fraud Investigation

Every platform faces different fraud topologies — mule handoffs, coordinated rings, ATO after authentication. Rather than a black box risk score, we expose the behavioral map as a composable, programmable API that your fraud team integrates directly into your own stack — combining behavioral signals with your transaction history, customer records, and business rules to express investigation logic that no external vendor could replicate.

@ndj.compile
def detect_mule_handoff(platform_q, account_q):
    history = []

    def process_session(sid, meta):
        nonlocal platform_q
        neighbors = platform_q.neighbors(sid, n=1)
        match = neighbors.any({"user": meta.user})
        history.append((meta.timestamp, match))
        if not match:
            platform_q = ndj.difference(platform_q, ndj.singleton(sid))

    account_q.iterate(process_session)

    return history
    # [True, True, True, False, False, False]
    # handoff at the first False

Team

Matthew Yekell
Matthew Yekell
CEO
B.S. Stanford University, Computer Science. Previously at Vista Equity Partners, Cboe Global Markets, and Stanford Management Company.
Luc Rosenzweig
Luc Rosenzweig
CTO
B.S. Stanford University, Computer Science. Systems Research at Stanford CS. Previously at NVIDIA, Apple, and Epic Games.

If you think Incandor can help you fight fraud, contact us at info@incandor.com for early access.

time Account changed hands
Overview
The Genesis
The Mule Pattern
The Suspect
Invisible Links
Investigation
Vertical Integration
Network Expansion
Block the Human
Home
Behavioral Intelligence
ATO / Mule
Shared Operator
Block the Bad Humans
Fraud Ring
Stress / Coercion
Bot / Agent
API
Team
Home
Platform ▾
Behavioral Intelligence API
Use Cases ▾
Account Takeover / Mule Shared Operator Block the Bad Humans Fraud Ring Detection Stress / Coercion Bot / Agent Detection
Team
Interactive Demo
Contact
Home
Platform
Behavioral Intelligence API
Use Cases
Account Takeover / Mule Shared Operator Block the Bad Humans Fraud Ring Detection Stress / Coercion Bot / Agent Detection
Team
Interactive Demo
Contact

Behavioral intelligence infrastructure for fraud & abuse detection.

We build a behavioral map of every user on your platform — from how they physically interact with your app/website.

No fraud labels required. No enrollment period. Works from session one.

A fundamentally new approach to fighting fraud.

scroll

A behavioral map of every user on your platform.

Our proprietary models learn what every user on your platform looks like from how they physically interact with your app — mouse movement, keystroke timing, scroll patterns, touch behavior. Each session is then placed by these models in the map.

Every unique human creates a unique cluster on this map. Aside from identity, intent and state of mind are all encoded in this map.

Query it. Program it. Investigate fraud the way a detective would.

Scroll for some example use cases.

Each dot = one session
Each color = different user
Anonymized session replay 0:00
Space to navigate