#31: On-Device AI, New Tap-and-PIN Tech, and Turning the Tables on Fraudsters

This week’s stories capture a dynamic moment in the fraud space. Google is embedding AI into browsers to detect scams in real time, cybersecurity researchers are fighting back by scamming the scammers, and a new payment tech could finally make online transactions feel more like secure, in-person ones.

It’s not just that fraud is evolving—it’s that fraud defenses are starting to get more creative too. As always, it’s a race between those building the systems and those exploiting them. Let’s get into it.

NATE'S TAKE - MAY 13, 2025

Top Three This Week

1. Google Adds On-Device AI to Chrome to Catch Scams Faster
2. New Tap-and-PIN Technology Aims to Make Online Payments Feel Safer
3. Cybersecurity Researchers Scam the Pig Butchers on Telegram

1. Google Adds On-Device AI to Chrome to Catch Scams Faster

How on-device LLM assistance scam mitigation works. Source: Google

Google is rolling out Gemini Nano, its on-device AI model, in Chrome to help detect scams like tech support fraud in real time. Part of the latest Chrome 137 update, the feature is currently available in Enhanced Protection mode, where it scans page content locally and flags potential threats.

This on-device setup has key advantages:

• It works even if the site hasn’t been crawled before, a major benefit since many malicious pages only stay live for 10 minutes or less.
• It sees pages as the user sees them, allowing for better detection of cloaked or dynamically rendered scams.
• It preserves privacy and performance, with Gemini Nano running locally and sparingly.

For now, the AI focuses on tech support scams, but Google plans to expand its use later this year to cover fake package tracking and toll alerts, including on Android.

Google also reports that its broader AI investments are helping it catch 20 times more scammy pages and have reduced airline impersonation scams in search by over 80%.

On-device AI is becoming an important part of the fraud prevention toolkit—faster, more contextual, and better aligned with how scams actually appear to users.

2. New Tap-and-PIN Technology Aims to Make Online Payments Feel Safer

Photo source: BBC

A new system called CPoI (Card Present over Internet) is being developed to make online shopping feel more secure by replicating the familiar in-store experience of tapping a card and entering a PIN.

Invented by UK-based software developer Justin Pike, the idea was inspired by his mother-in-law, who found online shopping during the pandemic confusing and less secure. Her simple question—"Why can't I just use my phone and my card?"—sparked the innovation.

CPoI allows customers to tap their physical card on their phone and enter their PIN to authenticate an online payment, instead of manually typing in their card number. This mimics a "card present" transaction, offering an alternative to traditional card-not-present (CNP) online payments, which are more susceptible to fraud.

Unlike existing mobile wallet options, CPoI is designed to require no app downloads or account setup. Shoppers wouldn’t need to store their card details or create new logins, and merchants wouldn't need special hardware.

While not yet in use, the technology is expected to roll out in the UK later this year.

This reflects a broader trend we’ve covered in Fraud in Focus: rethinking payment security through better customer experience design. CPoI won’t prevent all types of fraud, but it could reduce risk at the point of payment—especially for users hesitant to shop online due to security concerns.

3. Cybersecurity Researchers Scam the Pig Butchers on Telegram

Photo source: gbhackers.

Cybersecurity researchers have successfully infiltrated and scammed the scammers behind Pig Butchering schemes operating on Telegram.

In this case, researchers created fake personas, complete with social profiles and investment backstories, to bait scam groups. Once contact was made, they flipped the script—gathering intelligence on scam tactics and even siphoning funds from scammer wallets.

The researchers also identified common red flags associated with these schemes:

• Newly registered websites and shortened URLs
• Generic email addresses with investment themes
• Virtual phone numbers used in SMS phishing
• IP addresses tied to high-risk regions

Pig Butchering scams are among the most persistent and damaging forms of online fraud—driven by emotional manipulation and long-game deception.

This effort shows that proactive disruption tactics—not just user education or reactive mitigation—can help weaken these networks. It also reinforces the importance of investigating fraud ecosystems from the inside, especially when they rely on human interaction to succeed.