Back to Case Studiesfinance

Real-Time Fraud Detection System for Digital Banking Platform

Client: NovaPay Financial · September 20, 2025

ai machine learningworkflow automationexisting product enhancementsinternal tooling
99.2%
Fraud detection rate
73%
False positive reduction
$18.4M
Fraud losses prevented (annual)
<200ms
Average detection latency

What did NovaPay Financial need from this AI project?

NovaPay needed to stop a fraud loss curve that was growing 340% year over year while simultaneously reducing the false positives that were blocking legitimate customers and overwhelming the operations queue. The mandate was specific: detect more fraud, block fewer good transactions, and do both at sub-200ms latency on every authorization.

NovaPay is a digital banking platform with 4M+ customers and a transaction volume that had outpaced its rule-based fraud system years earlier. The legacy stack — hand-written rules layered on top of a vendor scoring service — could not keep up with adaptive fraud patterns: synthetic identity rings, account takeover chains, and bot-driven card testing that mutated faster than analysts could write rules. Off-the-shelf fraud platforms either required NovaPay to ship raw transaction data to a third party (a non-starter for the bank's data residency posture) or shipped models that were too generic to capture the bank's specific customer behavior. The team needed a system that learned from their data, ran inside their environment, and explained itself well enough for fraud investigators to defend a decision to a regulator.

How did Clearframe Labs approach the build?

Phase 1: Streaming data and feature foundation

We built a streaming pipeline on Apache Kafka and Apache Flink that ingests every authorization event and enriches it in flight with historical features pulled from a feature store. The store holds 300+ engineered features spanning transaction velocity, device fingerprints, geolocation drift, behavioral profiles, merchant risk, and graph-derived signals. The same feature definitions serve both training and online inference, eliminating the train/serve skew that quietly poisons most ML fraud systems.

Phase 2: Multi-stage detection model

A single model cannot catch every class of fraud, so we layered three. A gradient-boosted model (LightGBM) scores every transaction in under 50ms with per-feature SHAP attributions, giving investigators the "why" behind every flag. A graph neural network runs on a slower cadence to detect coordinated rings — accounts that share devices, IPs, or transaction patterns that look benign individually but obvious in aggregate. An unsupervised anomaly detector flags novel attack vectors that do not match any known fraud type, which is how the system catches the fraud the supervised model has never seen.

Phase 3: Closed-loop learning and investigator workflow

The fraud operations dashboard surfaces flagged cases with model explanations, contributing features, and recommended actions. Investigator decisions — confirmed fraud, false positive, escalation — feed back into the training pipeline through a labeled-event store, and models are retrained on a weekly cadence with shadow evaluation before promotion. The closed loop is what keeps detection rates from decaying as fraud patterns shift.

Phase 4: Production hardening and latency budget

Every component in the authorization path is held to a strict latency budget: feature lookup under 30ms, model inference under 50ms, total end-to-end under 200ms p99. We deployed the scoring service on Kubernetes with horizontal autoscaling, used a low-latency feature cache for hot keys, and ran the GNN and anomaly models off the critical path on a near-real-time schedule (sub-second) so they can flag without blocking authorization.

What were the results?

Within six months of full rollout, NovaPay was catching dramatically more fraud while approving more legitimate transactions, and the operations team was processing investigations roughly four times faster.

  • Fraud detection rate: 99.2% on labeled fraud events
  • False positive reduction: 73% versus the legacy rule-based system
  • Fraud losses prevented (annual): $18.4M
  • Average detection latency: <200ms p99 on 2M+ daily transactions

The dollar number matters, but the ratio matters more. NovaPay is approving more good customers (fewer false declines, fewer support escalations) while catching more bad ones — the rare combination that justifies the build versus a vendor product.

What technical decisions made this work?

  • One feature store for training and serving: the same feature definitions power offline training and online scoring, eliminating train/serve skew. Most fraud systems silently drift because their training features and production features diverge; we solved that on day one rather than chasing the drift later.
  • Three models, three latency budgets: we put the gradient-boosted scorer on the critical authorization path, and ran the graph neural network and anomaly detector off-path on near-real-time cadence. This is what made sub-200ms feasible without sacrificing the network analysis that catches coordinated rings.
  • SHAP attributions in the investigator UI: every flag carries the top contributing features, ranked. Investigators trust a flag they can see the reasoning for, and the bank can defend any decision to a regulator with the same evidence.
  • Closed-loop labeled-event store: investigator decisions are first-class training data, captured at the moment of resolution. This is the difference between a fraud system that decays in three months and one that improves quarter over quarter.
  • Kept inside NovaPay's environment: the streaming pipeline, feature store, and model serving all run in the bank's own infrastructure. No transaction data leaves the perimeter, which solved the data residency objection that ruled out every vendor product on the shortlist.

Lessons for teams considering similar projects

  • Feature engineering and feature freshness matter more than model architecture for fraud. A simple gradient-boosted model with rich, fresh features will outperform a sophisticated model with stale ones — every time.
  • Explainability is not optional for fraud detection. Investigators will not trust a black-box flag and regulators will not accept one. Build SHAP or equivalent attribution into the system from day one.
  • Closed-loop learning is the only way to stay current. Fraud patterns evolve faster than any release cadence, so the system has to learn from investigator decisions automatically.
  • Reducing false positives is not a UX nicety — it is a fraud strategy. Every false positive trains your customers to ignore real fraud alerts, and every legitimate decline ages out a paying customer.
  • Run heavy models off the critical path. Graph and anomaly analysis are too valuable to skip and too slow to inline in authorization. Decouple them.

What's next

NovaPay is extending the same streaming and feature infrastructure to credit risk and AML monitoring, using the investigator-feedback loop as a template for human-in-the-loop ML across the bank's risk surface.

Ready to Transform Your Business with AI?

Let's discuss how our AI solutions can drive growth, reduce costs, and create competitive advantages for your organization.

Schedule a Consultation