Fraud moves in milliseconds. The old defenses moved in batches. This New York bank screened transactions with a rules engine that ran on a delay and flagged anything remotely unusual. Genuine fraud slipped through in the gap between batches, while thousands of legitimate transactions got held or declined, generating a mountain of false alerts for a team that could never get to the bottom of it.

Customers felt both failures: a fraudulent charge that wasn't caught until the next day, or a legitimate purchase blocked at the worst possible moment. The investigations queue, meanwhile, grew faster than anyone could work it.

The challenge

Could the bank score every transaction the instant it happened, catch more real fraud, and stop drowning analysts in false alarms, all without adding latency a customer would feel? In a regulated institution, the model also had to be explainable: every decision needed a reason a risk officer could defend.

The approach

We replaced the batch rules engine with a real-time scoring platform. A streaming pipeline enriches each transaction with behavioral and network features in flight, then a blend of gradient-boosted and graph models scores it in under a tenth of a second. Low-risk transactions clear instantly, the riskiest are blocked, and only the genuinely ambiguous ones route to an analyst, each with the features that drove the score attached.

01
Sub-second scoring in the payment flow
Every card, ACH, and wire transaction is scored in under 100 milliseconds, fast enough to approve, hold, or block before it settles.
02
Behavioral and network features
The pipeline enriches each transaction with the customer's patterns and the relationships between accounts, so the model sees context, not just an isolated charge.
03
Graph models that surface rings
Beyond single-transaction fraud, graph analysis exposes coordinated rings, clusters of accounts funneling money to a shared beneficiary, that point-in-time rules never saw.
04
Explainable by design
Every decision carries the reasons behind it, so analysts can act quickly and risk officers can defend the model to regulators.

The goal was never to flag more. It was to flag the right ones, instantly, and leave the rest alone.

Real-time scoring pipeline: transaction stream, feature enrichment, the risk model, a sub-second decision, and analyst review of the edge cases
FIG.02Each transaction is enriched and scored in flight, cleared, blocked, or routed to an analyst, so humans see only the few cases that genuinely need judgment.

The outcome

In its first year, the platform caught materially more fraud while cutting false positives by more than half, freeing the investigations team to focus on real threats instead of noise. Customers saw fewer wrongful declines, the bank avoided millions in losses, and every decision came with an audit-ready explanation.

Speed and precision used to be a trade-off. Now the bank has both.

The same scoring backbone now extends to new fraud patterns as they emerge: a new model or feature plugs into the pipeline without re-plumbing the payment flow, so the defense keeps pace with the threat.