Interviews
Joel Winteregg, CEO of Vyntra – Interview Series

Joel Winteregg, CEO of Vyntra, is a financial technology executive and software engineer with nearly two decades of experience developing technology for fraud prevention, financial crime detection, and transaction security. Before taking the helm at Vyntra in June 2025, he served as Group CEO of Intix and spent more than 18 years as CEO and co-founder of NetGuardians, where he helped build artificial intelligence and machine learning solutions for financial institutions. Earlier in his career, Winteregg worked as a network and software engineer at the Institute for Information and Communication Technologies, focusing on open-source security management platforms and real-time event correlation. He now leads Vyntra following the combination of Intix and NetGuardians.
Vyntra is a financial technology company providing AI-powered transaction intelligence to banks, payment service providers, fintech companies, and other financial institutions. Formed through the 2025 union of NetGuardians and Intix, the company combines real-time transaction observability with financial crime prevention, enabling institutions to monitor payment flows, identify operational anomalies, detect fraud, track anti-money laundering risks, and investigate insider threats. Its platform centralizes transaction data across systems and formats while applying behavioral analytics and collective intelligence to help organizations respond to risks without unnecessarily disrupting legitimate payments. Vyntra reports serving more than 130 financial institutions across over 60 countries.
You spent nearly two decades building NetGuardians into a recognised player in AI-driven fraud prevention, and more recently led Intix before becoming CEO of Vyntra. How has your perspective on financial crime evolved across these roles, and what strategic gap does Vyntra aim to close today?
Financial crime is no longer an isolated operational issue. It has become a systemic risk for financial institutions. Across NetGuardians, Intix and now Vyntra,, the shift has been quite clear. Fraud has moved from being an IT problem to a board-level one. It used to sit largely below the executive level, owned by IT and cybersecurity teams. The financial, reputational and regulatory consequences are now material enough that it sits firmly on the agenda of boards and C-suite executives, and the response it demands has changed accordingly. Fraud has also stopped being a question of detecting suspicious transactions within a single institution. It now operates across systems, institutions and channels, and evolves continuously, which exposes a gap between how fraud behaves and how it is typically addressed.
Vyntra is focused on closing that gap, informed by working across more than 130 institutions in over 60 countries, where fraud prevention and transaction observability sit within the same platform. That means moving beyond static controls and isolated data, towards real-time intelligence, behavioural understanding and a more connected view of risk. The goal is to intervene before fraud even occurs while giving institutions better visibility across the full transaction lifecycle.
Global banking fraud losses are now reaching hundreds of billions annually, with increasingly sophisticated scam campaigns. From your vantage point, what structural shifts have turned fraud into what looks like an industrialised system rather than isolated criminal activity?
The defining shift is scale. Fraud has become organised, repeatable and increasingly industrialised, and is no longer a series of isolated incidents. For years, fraud was understood primarily in terms of volume. More attacks required more controls, and institutions responded by refining detection rules and strengthening authentication. That approach has now reached its limit.
What we are seeing now is something different. Fraudsters are operating at scale with the coordination and efficiency of legitimate businesses. They test, refine and optimise their approaches. They are agile, unconstrained by compliance or legal obligations, and constantly experimenting with new tools and tactics. Successful methods are reused and shared, and campaigns are designed with performance in mind. AI is accelerating this, but it is not the root cause. It simply turbocharges an already organised system. It allows faster targeting, more convincing communication and greater personalisation. That combination makes fraud more scalable and significantly harder to detect. It has stopped being opportunistic and has begun to resemble an industry.
A growing share of fraud today involves “authorised” transactions, where victims are manipulated into sending funds themselves. Why do traditional fraud prevention frameworks struggle with this category, and what fundamentally needs to change?
Traditional frameworks are built around unauthorised activity. They are designed to detect breaches, compromised credentials or suspicious access patterns. With authorised fraud, the system is functioning as intended. The customer authenticates, the transaction is confirmed, and there is no obvious technical anomaly. From a system perspective, everything looks legitimate.
The scale of this problem is significant. According to UK Finance’s latest Annual Fraud Report, APP fraud losses rose 19% in 2025 to £576.4 million, across 248,070 cases. The issue is that the fraud has already occurred before the payment. It happens in the interaction, through manipulation and social engineering. What needs to change is the focus. Instead of looking only at whether a transaction is authorised, institutions need to understand context and intent. That requires behavioural insight and real-time analysis, not just transaction-level checks.
Instant payment systems are accelerating globally, but they also compress the window for detecting fraud to seconds. How should financial institutions rethink risk management in a world where transactions are irreversible almost immediately?
Speed has become one of the defining factors in both fraud and prevention. Many scams now unfold within a single day, and once funds are transferred, they are often moved or withdrawn within minutes. At the same time, payment infrastructure is designed to deliver immediacy, and regulation is accelerating that shift. The EU’s Instant Payments Regulation requires all eurozone payment service providers to send instant credit transfers and offer Verification of Payee services from October 2025.
That creates a tension between speed and safety. In that environment, delayed intervention is no longer viable. Risk management has to operate in real time. Instead of slowing payments down, risk detection, decision-making and response need to be fast enough to happen inside the payment flow itself. This fundamentally changes how institutions need to think about fraud. Institutions need to shift from post-event analysis to in-flow prevention, stopping fraudulent transactions before settlement,not investigating them afterwards.
AI is now being used on both sides of the equation, by fraudsters to scale attacks and by financial institutions to detect them. What does the next phase of this arms race look like, and where do you see the balance tipping?
The arms race is being accelerated by AI, but the outcome will not be defined by technology alone. It will depend just as much on how effectively intelligence is shared and applied. Fraudsters already operate as highly coordinated networks, and financial institutions increasingly need to respond in the same way. They share infrastructure, data and tactics, and when one approach is blocked, it is quickly adapted and deployed elsewhere. AI enhances this by enabling faster iteration and more convincing, scalable campaigns.
On the defence side, there is a clear shift from treating fraud as a single-institution problem to recognising it as a network-level challenge. Initiatives such as EBA CLEARING’s FPAD and developments from SWIFT reflect a move towards shared, real-time fraud intelligence, particularly in the context of instant payments. This matters because many of the most valuable signals sit beyond a single institution, whether that is mule accounts, behavioural anomalies or emerging patterns. When that intelligence is shared and ingested in real time, detection improves. When it is not, fraud simply shifts elsewhere. The balance will favour those who can combine real-time analysis with collective intelligence. Those operating in isolation will struggle to keep pace.
Vyntra emphasises behavioural analytics and real-time transaction intelligence. How does this differ from rule-based systems, and why is behaviour becoming the critical signal in fraud detection?
Rule-based systems are inherently static. They rely on predefined conditions and known patterns. That works to a point, but it becomes less effective as fraud evolves. Behavioural analysis is different. It looks at how actions deviate from expected patterns in real time. That includes how a user interacts, how decisions are made, and how transactions fit within a broader context. What makes modern behavioural detection more capable is the combination of approaches working together. Unsupervised learning identifies anomalies without needing to know what fraud looks like in advance, supervised learning draws on known fraud patterns to sharpen detection over time, and active learning feeds real-world outcomes back into the model continuously, so the system improves with every decision it makes.
This matters because modern fraud is designed to appear legitimate at a transactional level. In many modern fraud scenarios, behaviour becomes the clearest indicator that something is wrong, even when the transaction itself appears legitimate. By focusing on behaviour and context, institutions can identify risk earlier, often before the transaction is completed.
There is increasing discussion around “community intelligence” or shared fraud data between institutions. In practice, how realistic is large-scale collaboration between financial institutions given regulatory constraints, and what models actually work?
Collaboration is moving from being optional to essential, but it has to take a workable form. This is not a new concept for Vyntra. Shared intelligence has been part of our approach for years, because fraud has never operated neatly within institutional boundaries. A few models are emerging in practice. Consortium or shared-utility approaches pool data through a central body. Federated and privacy-preserving designs allow institutions to train on shared patterns without exposing raw customer data. Network-level intelligence initiatives, such as EBA CLEARING’s FPAD, push fraud signals across participants in real time as instant payments scale. Each works within existing regulatory frameworks rather than around them, which is what makes them viable at scale. In our experience, institutions sharing intelligence within a trusted, GDPR-compliant network see detection rates improve by around 20%, though the exact figure varies by network design and participation levels. As instant payment regulation accelerates cross-border transaction volumes, the institutions and networks that invest in shared intelligence infrastructure now will be better positioned to manage the fraud that inevitably follows that growth.
Many financial institutions still struggle with high false-positive rates, which create friction for customers and operational inefficiencies. How do modern AI-driven systems reduce false positives without increasing risk exposure?
False positives are often a consequence of limited context. When decisions are based on narrow signals, systems tend to overcompensate. Modern approaches reduce this by incorporating more data and better context. Behavioural insight, transaction history and real-time signals allow for more accurate risk assessment. The objective is not simply to block more transactions, but to make better decisions. Across the industry, major financial institutions deploying behavioural AI systems have reported false positive reductions of between 60% and 90% compared to legacy rule-based controls. False positives damage trust when legitimate customers are repeatedly interrupted. When systems can distinguish between genuine anomalies and legitimate behaviour, they can reduce unnecessary friction while still maintaining strong protection.
Internal fraud and insider threats remain under-discussed compared to external attacks. How significant is this risk today, and how should institutions rethink monitoring of internal behaviours and access patterns?
Internal risk is often underestimated, but it is part of the same broader challenge. According to ACFE, banking and financial services recorded more cases of occupational fraud than any other industry in the study, with a median loss of $120,000 per case and a median detection time of 12 months. The longer that window stays open, the greater the losses. Just as external fraud increasingly relies on behaviour and access patterns, the same applies internally. Monitoring needs to move beyond static permissions and periodic checks.
Understanding how systems are used, how access patterns evolve and where anomalies occur is critical. Effective internal oversight is not surveillance of employees. It is proportionate scrutiny of activity within sensitive financial systems, focused on the access and behaviours that carry genuine risk. That distinction matters, because blanket monitoring without context produces noise rather than insight, and comes with its own operational and cultural consequences. The principle is consistent: behaviour provides the most meaningful signal when other indicators appear normal.
Looking ahead five years, do you believe fraud prevention will become fully autonomous and predictive, or will human judgement remain a critical layer in the system? Where does the balance ultimately settle?
Fraud prevention will become more automated and more predictive, particularly as real-time decisioning becomes essential. Systems will increasingly handle a large proportion of detection and intervention, especially where speed is critical.
However, it will not become fully autonomous. Judgement will remain a necessary layer, within institutions and on the customer side. From an institutional standpoint, there will always be cases where context, ambiguity and escalation require a person to step in. Many fraud scenarios, particularly authorised scams, still involve human manipulation and social engineering, which automation alone cannot read. That is reinforced by the direction of regulation. Whether through the UK’s PSR reimbursement regime or the EU’s PSD3 proposals, institutions are being held to a higher standard for preventing fraud and protecting customers. That increases the need for oversight, not just automation. In five years, what separates the institutions that get this right from the ones that fall behind will be knowing exactly how automation and judgement work together.
Thank you for the great interview, readers who wish to learn more should visit Vyntra.












