chen-gig-payout-fraud — DoorDash payout redirect via ghost driver
DoorDash driver M. Chen — bank routing number changed on account 3 days before $2,840 weekly settlement · ghost driver account dd_ghost_447 received the redirect · Stripe export shows two sub-merchant payout events on the same delivery batch. Fully synthetic.
what this proves
- every primary engine produces deterministic, fixture-locked output — verified by
npm run check:flagship(5/5). - every output is generated 100% locally in your browser — no upload, no server-side processing of your evidence.
- the full case binder is built from these outputs without uploading a single byte — click below to generate it locally.
primary engines locked to this fixture
build the case binder
one click runs all primary engines on the synthetic evidence, assembles findings into a self-contained html binder, and opens it in a new tab. print to pdf from there — still zero upload.
runs all 8 primary engines locally on the synthetic evidence zip · opens a self-contained html binder · no upload
download the synthetic evidence
MIT-licensed, fully synthetic, safe to attach to a PR or send to a reviewer. Compare your local runs against the published goldens.
built deterministically from scripts/fixtures/build-chen-gig-payout-fraud.mjs. seed: chen-gig-payout-fraud:v1.
methodology
gig payout fraud lives in the routing change window. the Stripe sub-merchant export shows two payout events on the same batch — one to the legitimate account, one to the ghost driver. normalize both exports before building the timeline: routing change date → first ghost payout → settlement gap. the payment processor normalizer surfaces the discrepancy; the Venmo export confirms the receiving wallet. read the full gig worker payout fraud guide →
after the playbook
export findings from each primary engine, then drop every csv/json into fatcousin-multi-tool-super-timeline-correlator. one timeline across routing changes, payout events, and ghost account activity — still zero upload.