Context
The compliance team of a mobile payment operator was drowning in alerts from its rules engine: thousands a day, the vast majority false positives. Real fraud patterns — mule networks, SIM swap, collection accounts — slipped through while analysts processed noise.
The challenge
Multiply alert relevance without degrading detection, explain every score to a regulator or a disputing customer, and keep the system effective over time against fraudsters who adapt within days.
Our approach
- 01
A labelled dataset built from confirmed fraud and analyst decisions (a permanent feedback loop).
- 02
Real-time transaction scoring combining business rules and a behavioral-anomaly model (velocity, amounts, beneficiary graph).
- 03
Weekly graph analytics to surface linked-account networks, with visualization for investigations.
- 04
Model-drift monitoring, governed monthly retraining, and per-alert explainability documentation.
Results
The share of genuinely actionable alerts grew fivefold, average triage time dropped, and two mule networks were dismantled in the first quarter. The system runs 24/7 and every block can be justified, alert by alert.
