Methodology

The goal was to detect transactional fraud and account takeover within milliseconds. We defined attack scenarios, loss thresholds, and permitted latency for real-time scoring. This ensured the system prioritised true positives while limiting costly false alarms.

Real-time features include transaction velocity, geographic velocity, device fingerprint patterns, and historical customer behaviour. Session-level aggregation and merchant risk signals were generated before scoring. The feature pipeline was designed to run in under 10ms per transaction.

We benchmarked unsupervised isolation forests, AutoEncoders, and supervised classifiers. The selected architecture blended an AutoEncoder reconstruction score with an Isolation Forest anomaly score to maximise recall on rare fraud events.

A FastAPI endpoint serves real-time scoring requests with sub-20ms latency. The API returns risk level, score, and top suspicious features to support downstream review. A daily batch job also recalibrates thresholds using fresh data.

Validation used time-based splits on historical transaction streams. Precision@K and recall were monitored for rare fraud cases. Thresholds were calibrated for operational review capacity rather than maximum classifier score.

High-risk alerts are routed to case officers and investigations dashboards. Model drift is monitored using score distribution and false positive trends. The production system supports rapid retraining and policy updates from new labelled fraud cases.