How We Built a Real-Time AI System That Stops Fraud in 200ms
A breakdown of how we built an AI fraud detection system that makes accurate decisions in under 200ms without blocking legitimate transactions.
Author
Date
Book a call
Table of Contents
Financial fraud evolves faster than rule books can be updated. Our internal engineering teams built a high-scale detection system to solve this problem, processing live payment flows across 9 fraud categories under a strict 200ms service level agreement (SLA).
Why Real-Time AI Fraud Detection Is Difficult to Build
Most fraud detection systems face a four-way tension. The system must be fast enough to operate within a live payment flow. It must be accurate enough to avoid false positives. It must be explainable enough for regulators. And it must be adaptive enough to handle fraud patterns that did not exist last month.
The Transaction Pipeline: Seven Agents, One Decision
Every transaction travels through a sequential pipeline. Each agent builds on the output of the previous one, with total end-to-end latency under 200ms in production.
After the pipeline completes, six post-decision tasks execute in parallel without adding to user-facing latency: graph updates, trust score adjustments, shadow mode scoring, database persistence, WebSocket broadcast, and Prometheus metrics recording.
Four Sub-Agents, 30+ Features
Agent A1, the Signal Processor, orchestrates four specialized sub-agents in parallel:
- Device Intelligence: Scores device trust based on age, OS, and emulator detection.
- Geo-Risk Analyzer: Detects impossible travel, VPN/Tor usage, and IP reputation.
- Behavioral Baseline: Computes per-customer Z-scores. It compares each transaction against that specific customer's history, not population averages, making it resistant to account warming strategies.
- Threat Intelligence: Cross-references breach databases and dark web correlation feeds.
The Risk Scorer: 38 Models, One Calibrated Score
The Risk Scorer is where all signals converge. The system uses a four-way adaptive ensemble that blends signal sources based on the type of transaction being evaluated.
| Component | Count | Role | Default Weight |
|---|---|---|---|
| LightGBM | 9 models (one per category) | Primary ML signal | 60% |
| XGBoost | 9 models | Ensemble partner | 40% |
| Isolation Forest | 10 models | Unsupervised anomaly detection | Dynamic |
| Isotonic Calibrators | 9 models | Probability calibration | Post-processing |
| Rule Engines | 9 YAML-driven engines | Domain logic/compliance | Dynamic |
| Graph Scores | NetworkX DiGraph | Network topology risk | Dynamic |
Three blend modes govern runtime weighting. rule_dominant gives rules 50% weight and ML 20%, suited for heavily regulated categories like KYC fraud. ml_dominant inverts that ratio, preferred when novel attack patterns have not yet been encoded into rules. balanced splits at 40/30.
Graph-Level Fraud Detection: Finding Mule Networks
Individual signals have limits. A hundred accounts funneling money through a single intermediary form a mule network, a pattern that only becomes visible at the network level. The Graph Anomaly Agent maintains a live NetworkX directed graph of transaction relationships. It identifies nodes with abnormally high in-degree and circular money flows that would pass undetected if evaluated in isolation.
Decision Logic and Continuous Learning
Every transaction resolves to one of three states: APPROVE, CHALLENGE, or DECLINE. The system also includes a background continuous learning pipeline:
- Drift Detector: Monitors Population Stability Index (PSI) to identify distribution shifts.
- Shadow Mode: Scores live transactions with challenger models without affecting decisions, tracking performance before promotion.
- Adaptive Thresholds: Shifts thresholds when live FPR and FNR drift from targets.
Compliance Reporting: Six Regulatory Frameworks, One Report Per Transaction
Every decision generates a compliance report tailored to the relevant jurisdiction. The Reasoning Generator holds 27 deterministic templates (9 fraud categories x 3 decisions) covering regulatory references, required actions, and audit log entries across RBI, PMLA, FATF, PCI DSS, GDPR, and SOX.
Architecture Decisions That Shaped the System
Three design choices had more structural impact than any others.
Deterministic reasoning over generative explanations.
Structured templates replace LLM-generated compliance reports. Determinism and validation are non-negotiable when an auditor reads the output. The same SHAP factors that drive the risk score drive the human-readable explanation, with no secondary model to introduce drift or inconsistency.
Fire-and-forget post-decision parallelism.
Separating the synchronous decision path from all graph updates, trust adjustments, and database writes made the 200ms SLA achievable and sustainable under load.
Layered intelligence over monolithic models.
Building Trust, One Decision at a Time
Fraud detection is a trust problem. Every false positive erodes customer confidence. Every false negative erodes financial system integrity. The challenge is building a system precise enough to minimize both at scale, in real time.
Related Articles.
More from the engineering frontline.
Dive deep into our research and insights on design, development, and the impact of various trends to businesses.
Apr 7, 2026
Engineering a Microservices-Based AI Pipeline for Healthcare Claim Validation
A technical breakdown of the real-time AI claim validation system we built to reduce healthcare claim denials — using dual-agent reasoning, microservices architecture, and a HIPAA-minded zero-persistence design.
Apr 7, 2026
How We Built an AI Agent That Fixes CI/CD Pipeline Failures Automatically
A deep dive into how we built an autonomous AI agent that detects and fixes CI/CD pipeline failures without human intervention.
Apr 6, 2026
How We Built an AI System That Automates Senior Solution Architect Workflows
Discover how we built a 4-agent AI co-pilot that converts complex RFPs into draft technical proposals in 15 minutes — with built-in conflict detection, assumption surfacing, and confidence scoring.
Apr 6, 2026
AI Code Healer for Fixing Broken CI/CD Builds Fast
A deep dive into how GeekyAnts built an AI-powered Code Healer that analyzes CI/CD failures, summarizes logs, and generates code-level fixes to keep development moving.
Apr 6, 2026
AI-Powered Global Watchtower for Supply Chain Risk Management
An AI-powered platform that monitors global supply chain risks in real time, detecting threats across weather, news, and shipping before they disrupt operations.
Apr 2, 2026
A Real-Time AI Fraud Decision Engine Under 50ms
A deep dive into how GeekyAnts built a real-time AI fraud detection system that evaluates transactions in milliseconds using a hybrid multi-agent approach.