Genting Malaysia is one of the biggest corporations in Malaysia. It has been in the leisure and hospitality business covering theme parks, gaming, hotels, seaside resorts and entertainment for over 50 years.

At WunderWaffen, we don’t sell “automation.”

We eliminate bottlenecks that quietly drain thousands of man-hours from large organisations.

This case study began when Genting Berhad shared a familiar—but critical—finance operations challenge.

Their teams were spending an outsized amount of time on work that should never require human intelligence.

As mentioned in the Genting brief: 1. Automated Merchant Report Download Minimise human intervention in downloading merchant reports (currently ~40% of reconciliation time). Downloaded reports of the previous day should be available automatically by next morning, enabling employees to start reconciliation work immediately instead of logging into the bank portal manually. 2. Reduce Manual Reconciliation Effort Eliminate/reduce current heavy reliance on manual VLOOKUPs and Excel subtotals (~60% of time spent). Reports from multiple sources should be automatically combined, normalised, and structured for reconciliation. 3. AI-Powered Matching & Root Cause Suggestions AI to perform progressive 3-way matching:  Online/ Over-the-Counter Sale ↔ Merchant Reports ↔ Division POS systems (Hotel, F&B, Theme Park, Show, etc.) Output should clearly show unmatched items, with AI providing possible reasons (e.g., chargeback, cut-off time difference, human error). 4. Scope Focus Solution to prioritise B2C transactions, where transaction volume and complexity are highest.

The Problem: Where Finance Teams Were Losing Time

Genting’s finance operations team highlighted four pain points:

1. Merchant Report Downloads Were Still Manual

Nearly 40% of reconciliation time was spent simply logging into multiple bank portals and downloading merchant reports.

Every morning:

• Staff logged into bank portals manually
• Navigated multiple menus
• Downloaded yesterday’s reports one by one
• Only then began reconciliation

This delayed real work and created operational risk if someone forgot, was late, or made a mistake.

2. Reconciliation Was Excel-Heavy and Error-Prone

Another ~60% of time was consumed by:

• VLOOKUPs
• Manual subtotals
• Copy-pasting across reports from different banks and divisions

Each report came in a different format.

Nothing was standardised.

Every reconciliation depended on human attention.

3. No Intelligence in Matching or Root-Cause Analysis

The reconciliation process had zero intelligence.

When transactions didn’t match:

• Humans had to investigate
• No system suggested why
• No prioritisation of likely causes

With high-volume B2C transactions across hotels, F&B, theme parks, shows, and OTC sales, this quickly became unscalable.

The Strategic Fork: Bank-Grade Integration vs Reality

At first glance, the “clean” solution is obvious.

The Ideal (If Banks Cooperate)

Banks like Maybank, DBS, and UOB offer Host-to-Host (H2H) / SFTP services:

• Banks push reports automatically
• Encrypted
• No UI interaction
• No bots
• Enterprise-grade

But there’s a catch.

If you are not in formal contact with the bank, this option does not exist.

No relationship manager.

No treasury agreement.

No API access.

That makes the “bank-grade” solution theoretically correct but operationally useless.

The Reality: One-Sided, Zero-Integration Automation

This is where WunderWaffen excels.

When you can’t integrate with the bank,

you build a system that works despite the bank.

We pivoted from integration to stealth execution.

We proposed two solutions.

If the bank permits synchronization.....

Use Host-to-Host (H2H) SFTP

Most corporate banks (including Maybank, DBS, UOB) offer a service called Host-to-Host (H2H) or Automated File Transfer (AFT).

• How it works: Instead of you logging into a portal, the bank pushes the reports (usually CSV, MT940, or XML formats) directly to your company’s Secure FTP (SFTP) server at a scheduled time (e.g., 6:00 AM).
• Security: This uses SSH keys (public/private key pairs) and PGP encryption. No OTPs, no CAPTCHAs, no "logging in."
• Why you might have missed it: It is rarely advertised on the portal. It is a treasury product sold by their cash management sales team.
• Action: Ask your relationship manager specifically for "Host-to-Host Daily Reconciliation Report Delivery via SFTP."

If you have no relationship with the bank, you cannot use H2H, AFT, or file gateways. 

So that whole section becomes theoretical, not actionable.

So, if the bank does not permit synchronization, the solution has to simulate a real human. 

Phase 1: The Ingestion Layer — Solving the Download Problem

The Core Shift: Detection Is the Real Risk

Banks deploy bot-detection systems (Akamai, F5, Shape Security).

The danger isn’t failure.

The danger is being detected.

So we designed a Human-Emulation Rig.

A. Infrastructure That Looks Human

• No AWS, Azure, or cloud IPs
• Dedicated on-premise machine (physical mini-PC / office VM)
• Corporate static IP (business ISP)

To the bank, this looks like:

“One very hardworking employee.”

B. Stealth Browser Automation

We avoided fragile tools.

Instead:

• Persistent browser sessions
• Stable device fingerprint (screen, canvas, audio context)
• No fresh logins per run
• No Selenium giveaways

One browser.

One identity.

Days-long continuity.

C. Human-in-the-Loop Authentication (Hybrid Model)

OTP cannot—and should not—be bypassed.

So we didn’t.

Daily routine:

1. Human logs in once (password + OTP)
2. Reaches dashboard
3. Disconnects
4. Bot takes over the live session

No cookie hijacking.

No credential scraping.

Just controlled mouse and keyboard actions.

D. Slow, Serial, Human-Like Throughput

No parallel downloads.

No bursts.

No suspicious spikes.

• One bot
• One report at a time
• Randomised waits (5–12 seconds)
• ~45 seconds per report

Result:

250+ reports downloaded safely by late morning—every day.

Phase 2: Data Processing — Turning Garbage into Structure

Banks don’t give clean data.

They give:

• PDFs with logos
• Formatted Excel files
• HTML tables

So we built a Parser Factory.

• Custom parsers per bank and report type
• PDF extraction using positional (x,y) coordinates
• Robust to minor layout changes

Every report becomes:

• Structured
• Normalised
• Machine-readable

Phase 3: AI-Powered Reconciliation & Intelligence

Now the real leverage begins.

Progressive 3-Way Matching

AI performs staged matching across:

• Online / OTC Sales
• Merchant Reports
• Division POS systems

Unmatched items are:

• Flagged clearly
• Grouped intelligently

Root-Cause Suggestions

Instead of “doesn’t match,” AI suggests:

• Cut-off timing differences
• Chargebacks
• Human entry errors
• POS sync delays

This turns reconciliation from investigation into decision-making.

Built-In Safety: The Kill Switch

Automation without restraint is dangerous.

Before every click, the system verifies:

• Page title
• Expected headers
• Correct context

If anything changes:

• Automation stops instantly
• Human is alerted

No accidental transfers.

No blind clicking.

What is needed:

A Non-Intrusive, Zero-Integration Reconciliation Engine

Key Benefits to Genting:

• No bank approvals required
• Works across CIMB, OCBC, and legacy portals
• Runs entirely on client infrastructure
• Reports ready every morning
• AI-assisted reconciliation instead of Excel marathons

The Bigger Insight

The future of enterprise automation isn’t always about APIs.

Sometimes, the most powerful systems are Digital Employees:

• They log in like humans
• Work tirelessly
• Never forget
• Never get bored
• And quietly save thousands of hours per year

Thinking About Doing This for Your Finance Team?

If your organisation:

• Still logs into bank portals manually
• Still reconciles with Excel
• Still depends on human memory for daily ops

Then you don’t need more staff.

You need a Digital Operator.

👉 Talk to WunderWaffen.

We don’t automate tasks.

We remove operational drag—permanently.

Summary of Solutions

Feature	The "Bank-Grade" Way (Dead)	The "One-Sided" Way (Yours)
Connectivity	SFTP / Host-to-Host	Stealth Browser Automation
Auth	SSH Keys	Human-Assisted Login (OTP)
Speed	Instant (Batch Push)	Serial (3-4 hours daily)
Data Format	Standardized (MT940/XML)	Messy (PDF/Excel Scrapers)
Risk	High implementation effort	High maintenance effort (UI changes)