Tech Aware Nepal

Nepali citizens face relentless digital scams – phishing links draining eSewa wallets, fake loan offers trapping small businesses – with community reports arriving too slowly to prevent mass victimization. Today, Tech Aware Nepal's manual review process takes 72 hours (source: Q2 ops logs) to connect identical scams, allowing a single fake Daraz coupon link to spread across 17 districts and drain $8,500 before alerting the community (source: Kathmandu Post investigation, Jan 2024). Each hour of delay costs real livelihoods: a micro-merchant loses 3 days' income recovering from a $30 scam (source: UNDP Nepal financial resilience survey).

Business case: 12,000 monthly reports (source: platform analytics, Apr 2024) × 65% preventable repeats (source: Nepal Police Cyber Bureau case analysis) × $38 avg. loss per scam (source: Nepal Rastra Bank 2023 digital fraud report) = $3.55M/year recoverable losses. If adoption reaches only 40% of estimated reports: $1.42M/year. This feature is an AI-powered scam pattern detector that clusters reports and auto-publishes alerts in <15 minutes. It is not a fraud transaction blocker, real-time intercept system, or law enforcement evidence platform.

Execution risk: False negatives could leave campaigns undetected – a 5% miss rate on high-volume scams risks $177K in preventable losses. Inaction risk: Without this by Q3, Nepal Police's planned public scam portal (source: MoCIT roadmap) will capture community trust. Given the asymmetric upside and operational urgency, this warrants immediate build with robust validation gates.

Primary outcomes (D90):

Guardrails:

What we DON'T measure:

• Total alerts generated (vanity; focus on accuracy over volume)
• Detector model precision alone (measures artifact, not user outcome)
• Raw report volume (could increase due to scams, not detector value)

TECHNICAL: URL obfuscation evasion

• Probability: High | Impact: High
• Mitigation: Deploy real-time redirect tracing (Owner: Data Eng lead; Due: MVP+2)
• Trigger: >10% of scam URLs use multi-hop redirects

ADOPTION: Low report volume in rural areas

• Probability: Medium | Impact: Medium
• Mitigation: Integrate with Nepal Telecom's SMS spam feed (Owner: Partnerships; Due: Phase 1.1)
• Trigger: <20 reports/day from Tier 3 districts

COMPLIANCE: Nepal Electronic Transactions Act §35 data retention

• Probability: Low | Impact: Critical
• Mitigation: Legal review of raw report storage (Owner: Compliance Officer; Due: Pre-launch)
• Consequence: If not cleared, store only anonymized clusters

EXECUTION: Moderation capacity bottleneck

• Probability: High | Impact: Medium
• Mitigation: Pre-train moderators with scam corpus (Owner: Ops Lead; Due: UAT)
• Trigger: >1 hour alert backlog for 2 consecutive days

Kill criteria:

1. 2% false alert rate sustained for 72 hours

2. <40% of alerts acted upon (e.g., shares, blocks) at D30
3. Critical compliance gap unresolved by launch date

Core AI job: Cluster unstructured scam reports (SMS/email screenshots, descriptions) into campaigns using three signals:

1. Message pattern similarity (e.g., "Daraz 50% coupon" phishing)
2. Sender number reuse (e.g., +977-98XXXXXX95 across 20 reports)
3. URL fingerprinting (e.g., bit.ly/3xY9zZq redirecting to fake eSewa login)

Performance requirements:

• P0: Cluster identical URLs with 100% precision (zero false campaign alerts)
• P1: Link reports with shared sender numbers at ≥99% recall (miss ≤1% connected reports)
• P2: Detect similar text patterns (Levenshtein distance ≤2) at ≥95% accuracy

Failure boundaries:

• ❌ Does NOT analyze transaction patterns or bank statements
• ❌ Cannot attribute campaigns to criminal groups
• ❌ Will not process image-based reports without OCR (Phase 1)

Sources:

• Incoming user reports: SMS body, sender number, screenshot URLs, free-text description
• Historical scam database: 8,200 verified cases (source: Tech Aware archive 2021-2024)

Pipeline:

1. Ingestion: JSON payload via API POST /report {phone: "98XXXXXX95", text: "क्लिक गर्नुहोस्...", urls: [...]}
2. Anonymization: Strip user PII before clustering (e.g., mask reporter phone numbers)
3. Signal extraction:
   • URL normalization (resolve redirects → final domain)
   • Sender number grouping (NTC/Ncell prefix validation)
   • Nepali text embedding (DistilBERT-multilingual for NLP similarity)

Critical gaps:

• No voice scam data (current reports are 92% text-based)
• Limited regional dialect coverage (validated only on Kathmandu Valley Nepali)

Test suites:

Validation protocol:

1. Shadow mode: Run detector parallel to manual review for 14 days, log all discrepancies
2. Adversarial probes: Seed known scam variants weekly (e.g., URL typosquats, synonym swaps)
3. Edge-case tests:
   • ✅ Identical scam in Nepali/English Romanized
   • ❌ Voice note translation (out of scope)

Evaluation owner: Community Moderator Team (validate against 200-sample threat corpus weekly)

Critical oversight points:

1. Alert approval: Auto-detected campaigns require moderator "Verify" before publishing
   • Override reason logging required (e.g., "False cluster - similar but distinct scams")
2. Cluster auditing: Random 10% of clusters reviewed daily for drift detection
3. Emergency kill switch: Instant shutdown if false alerts exceed 0.5% in 24h

UI for oversight:

┌───────────────────────────────[ PENDING CAMPAIGNS ]──────────────────────────────┐
│ ⚠ Daraz 50% coupon scam                                    [12 reports] VERIFY ▼ │
├──────────────────────────────────────────────────────────────────────────────────┤
│ 📱 Sender: 98*****95, 98*****01                             ⏱ First seen: 2h ago │  
│ 🔗 URL: daraz-offer-np[.]xyz (12x)                          📍 Kathmandu (9), Pokhara (3) │  
│ 📝 Text pattern: "अन्तिम २ घण्टा! डाराजबाट ५०% छुट को उपहार"                   │  
└──────────────────────────────────────────────────────────────────────────────────┘  

Trust metrics:

Failure containment:

• Campaign alerts display confidence badge: "⚠️ Unverified" / "✅ Verified by [Moderator]"
• Public database entries show evidence trail: "12 users reported this URL"
• Auto-sunset: Alerts expire after 7 days unless re-confirmed