× CLOSE

Frequently Asked Questions

What is Captain IV and what is it used for?
Captain IV is an advanced Internal Internet Verification Engine designed to optimize the Internet Verification phase of fraud investigations for Payment Risk Operations at Amazon. It automates OSINT (Open Source Intelligence) workflows by consolidating data from 40+ global databases, applying intelligent pattern recognition across multiple fraud MO categories, and generating AI-ready intelligence packages for Quick Suite and PartyRock integration. The system operates in real-time with zero data retention, ensuring compliance with privacy standards.
How does the workflow process work from start to finish?
Captain IV executes a five-phase automated investigation protocol:
  1. Phase 01 - Data Input: User submits investigation parameters (subject identity, transaction vectors, intelligence hints)
  2. Phase 02 - Risk Vector Analysis: Analyzes geographic consistency across Marketplace, Billing, Shipping, Card, and IP countries
  3. Phase 03 - Email Domain Analysis: Classifies email domains (Disposable, Privacy, Risky, Free, Corporate)
  4. Phase 04 - MO Detection: Identifies legitimate MOs (Military, Educational, Test Accounts, Corporate, Correctional, Reseller) and fraud patterns (Munged Address, Tech Scam, Family Fraud, Identity Theft)
  5. Phase 05 - OSINT Query Generation: Creates targeted investigation queries across Identity, Corporate, Local (40+ countries), Technical, and Email Intelligence categories
Results are displayed in the web interface with AI-ready JSON payload for Quick Suite/PartyRock integration.
What types of Modus Operandi (MO) does Captain IV detect?
Captain IV detects both Legitimate MOs and Fraud MOs:

Legitimate MOs (reduce false positives):
  • Test/Internal Accounts (Ireland IP, TEST ORDER keywords)
  • Military MO (APO/FPO/DPO addresses, .mil/.gov domains, rank keywords)
  • Educational MO (.edu/.ac domains, campus/university keywords)
  • Corporate MO (LinkedIn employment verification)
  • Correctional MO (inmate/prison keywords)
  • Reseller MO (freight forwarder keywords)
Fraud MOs:
  • Munged Address MO (unnecessary prefixes, repeated characters)
  • Tech Scam MO (remote access keywords: TeamViewer, AnyDesk, etc.)
  • Family Fraud (surname match between account holder and related person)
  • Identity Theft (complex alphanumeric email mismatch)
How does email domain analysis work?
Captain IV classifies email domains into five categories with severity levels:

Disposable Email (CRITICAL): yopmail.com, temp-mail.org, guerrillamail.com, 10minutemail.com, mailinator.com, etc.
Privacy Email (HIGH): protonmail.com, tutanota.com, cock.li, secmail.pro
Risky Email (HIGH): gmx.com, gmx.net, mail.com, email.com (fraud history)
Free Email (INFO): gmail.com, yahoo.com, hotmail.com, outlook.com, icloud.com, aol.com
Corporate/Private Domain (INFO): Any domain not in above lists (requires verification)

Disposable email domains are highlighted with critical alerts in the Analysis Findings panel.
What OSINT tools and databases does Captain IV use?
Captain IV leverages 40+ country-specific OSINT tools across five categories:

1. IDENTITY & SOCIAL: Google name search, social media scan (LinkedIn/Facebook/Instagram), Google Maps address verification, link analysis
2. CORPORATE: LinkedIn employment verification, general corporate check
3. LOCAL (40+ Countries): FastPeopleSearch (US), Canada411 (CA), Companies House (UK), PagesJaunes (FR), Das Telefonbuch (DE), Hitta.se (SE), ABN Lookup (AU), Escavador (BR), and many more
4. TECHNICAL: IP reputation (AbuseIPDB), email reputation check
5. EMAIL INTELLIGENCE: Hunter.io verification, HaveIBeenPwned breach check

All queries are generated automatically and accessible via one-click buttons in the results interface.
How does VPN/Proxy detection work?
Captain IV detects VPN/Proxy usage through ISP analysis against a database of 60+ known VPN/Proxy providers including Amazon AWS, Google Cloud, M247, DigitalOcean, Linode, and others. The system also performs IP geolocation mapping using Leaflet.js to visualize network intelligence and identify mismatches between IP location and shipping address (Disguised Address MO). Results are displayed in the Network Intelligence panel with interactive maps.
What are High-Risk Countries and Regional Exceptions?
Captain IV flags transactions involving High-Risk Countries per SOP guidelines: NG, GH, ID, RO, ZA, VN, BY, BD, CI, DZ, MA, TN, RU, UA.

However, the system applies Regional Exceptions for legitimate marketplace relationships:
  • FR Marketplace: Safe for DZ, MA, TN, BF, SN, ML, NE, TD, CM, MQ, GP, RE, GF, YT (DOM-TOM and Maghreb regions)
  • UK Marketplace: Safe for IE, MT, CY, GI
  • US Marketplace: Safe for PR, VI, GU, AS, MP
  • ES Marketplace: Safe for AD, GI
This reduces false positives for legitimate cross-border transactions.
How do I use the AI Cognitive Module (Quick Suite & PartyRock)?
The AI Cognitive Module provides two integration options:

1. Quick Suite Analysis (BI + Knowledge Base):
Click the "QUICK SUITE ANALYSIS" button to open Quick Suite with the JSON payload automatically copied to your clipboard. Paste the payload into Quick Suite chat for AI-powered analysis combining Business Intelligence and Knowledge Base insights.

2. PartyRock Agent:
Click the "PARTYROCK AGENT" button to open the PartyRock Agent with the JSON payload copied to clipboard. Paste the payload for conversational AI analysis.

The JSON payload includes: context (Fraud Investigation), subject details, relations, transaction vectors, findings, and investigator hints.
Does the system save my investigation data?
No. Captain IV operates with zero data retention for privacy compliance. All investigations are ephemeral — only Case IDs and timestamps are logged for audit purposes. No PII (Personally Identifiable Information) is stored. The system processes data in real-time and discards it immediately after generating results.
What should I do if the system doesn't detect a known VPN/Proxy?
If Captain IV doesn't detect a known VPN/Proxy provider:
  1. Verify the IP address is correct in the input form
  2. Check the Network Intelligence panel for ISP information
  3. Use the "IP Reputation (AbuseIPDB)" query in the Technical Data section for additional verification
  4. Report the VPN/Proxy provider via the Slack support channel so it can be added to the database
The VPN/Proxy database is continuously updated based on analyst feedback.
How do I interpret severity levels in Analysis Findings?
Captain IV uses four severity levels for risk factors and MO detections:

CRITICAL: Immediate action required (e.g., Disposable Email, Tech Scam MO)
HIGH: Significant risk indicator (e.g., Munged Address, Identity Theft Risk, High-Risk Country)
INFO: Informational finding requiring review (e.g., Corporate MO Check, Family Fraud Check, Correctional MO)
SAFE: Legitimate pattern detected, reduces false positive risk (e.g., Military MO, Educational MO, Test Account)

Findings are displayed in the Analysis Findings panel with color-coded severity tags.
What are "Top Queries" and how do I use them?
Top Queries are priority investigation queries marked with a special highlight in the OSINT Generation panel. These queries are most likely to provide actionable intelligence:

• Social Media Scan (LinkedIn/Facebook/Instagram)
• Corporate LinkedIn Check
• Local OSINT Tools (marketplace-specific)
• IP Reputation (AbuseIPDB)

Click the "OPEN TOP QUERIES" button to open all priority queries simultaneously in new tabs for rapid investigation. This saves time by focusing on the most valuable data sources first.
Can I use Captain IV for non-fraud investigations?
While Captain IV is optimized for fraud investigation workflows in Payment Risk Operations, the OSINT capabilities can be valuable for other use cases such as:
  • Identity verification for account recovery
  • Corporate entity verification
  • Address validation
  • Email domain reputation checks
However, the MO detection and risk analysis features are specifically calibrated for fraud detection patterns. For other use cases, focus on the OSINT Generation and Network Intelligence modules.
What is the projected cost savings of using Captain IV?
Captain IV is designed to reduce reliance on external OSINT vendors (Ekata, Pipl, etc.) by providing internal capabilities. Projected impact:

90%+ cost reduction per investigation compared to external vendors
$7,800-$26,000 USD annual savings if Captain IV resolves 20% of cases currently sent to external vendors
Accelerated investigation speed through automated query generation and risk vector analysis
Centralized IV workflow ensuring complete SOP compliance

The system is currently in Version 2.4 Golden Master (December 2025) and not yet in production.
How do I get support or report issues?
For technical support, feature requests, or to report issues:

1. Slack Support Channel:
Join the Captain IV support channel at amazon.enterprise.slack.com/archives/C0A62KTAS2D

2. Documentation:
Consult the User Guide and SOP Library accessible from the main menu

3. Feedback:
Report VPN/Proxy providers not in the database, suggest new OSINT tools, or request additional MO detection patterns via Slack

The development team actively monitors the support channel and incorporates analyst feedback into system updates.