Case study · Financial Services

Real-time fraud detection for a US regional bank.

A rules-based fraud engine that hadn't moved in five years was missing modern attack patterns and drowning the analyst team in false positives. We replaced it with a streaming ML pipeline on AWS — and stood up the AI governance frame the bank's regulators were starting to ask about.

Client: US regional bank(anon.)
Industry: Financial Services
Duration: 9 months
Team: 5 senior engineers + CORTEX co-pilot
Model: Project-Based Delivery

The challenge

What stood in the way.

The bank's fraud engine was a five-year-old rules-based system that had accreted hundreds of hand-tuned thresholds. New attack patterns — synthetic identities, ATO via SIM-swap, mule-network laundering — were missing the rules entirely. False positives had crept above 5%, exhausting the analyst team and pushing legitimate customers into call centers.

Three constraints made this a hard project: (1) the bank's regulators had begun asking about model governance and the bank had no model-card or evaluation framework; (2) the rules engine was load-bearing and couldn't be turned off during cutover; (3) the analyst team's existing workflow tools — case management, alert triage, customer communication — had to keep working through the migration.

5+ year old rules engine, hand-tuned thresholds, no model governance
False-positive rate exceeding 5% — analyst team capacity exhausted
Regulators beginning to ask for model cards, eval evidence, audit logs
Existing analyst workflow tools must stay functional through cutover

Our approach

How we framed it.

We took a strangler-fig approach. Instead of replacing the rules engine in one cutover, we ran the new ML pipeline in shadow mode for three months, then in active-decision mode for low-risk segments, then migrated the high-risk segments last with a documented rollback path.

Streaming pipeline architecture

The new pipeline ran on AWS Kinesis + Lambda + SageMaker, with Redis for low-latency feature lookup. We co-designed the feature store with the bank's data team so the engineered features could be reused across other ML use cases (credit risk, marketing personalization) on the same substrate.

Governance from day one

Model cards, evaluation harnesses, and audit logging shipped alongside the first model — not after. Every prediction logs the model version, feature snapshot, decision threshold, and downstream action. Regulators got the audit pull they needed in a one-day evidence run, not a six-week scramble.

The solution

What we built.

The deployed system uses a two-tier ensemble: a fast linear scorer for sub-50ms decisions on the hot path, and a deeper gradient-boosted model for asynchronous secondary review. Both feed an analyst case-management UI we co-built with the bank's fraud ops team — preserving their muscle memory while surfacing the new model's reasoning.

Streaming ingestion: AWS Kinesis (transactions, auth events, customer signals)
Feature store: Redis hot cache + DynamoDB durable layer + offline parquet
Models: Linear scorer (hot path) + LightGBM (review path) + drift monitors
Analyst UI: re-skin of existing case-management tool with new model context
Governance: model registry, eval harness, audit logging, monthly drift reports

Results

What changed.

Six months after full cutover, the new system catches 37% more fraud than the legacy rules engine while cutting false positives by 42%. The analyst team's queue is back under control, and the bank's regulators completed an unscheduled exam in two weeks instead of the eight they'd budgeted.

+37% fraud catch rate vs prior 12-month baseline
−42% false positive rate, restoring analyst capacity
$11M annualized fraud loss avoided (audited by internal finance)
Regulator exam completed in 2 weeks vs 8 budgeted
Substrate now serves credit-risk and marketing-personalization use cases

In their words

“Prosigns didn't just replace our fraud engine — they gave us a model governance frame our regulators are happy with and our data team can run.”

Head of Fraud Operations · Risk & Compliance · US regional bank

Stack

Tools used in production.

AWS Kinesis
AWS Lambda
SageMaker
Redis
DynamoDB
Python
LightGBM
Terraform
Datadog

Practices

Practices on the engagement.

Talk to us

Have a similar problem? Bring it to a senior engineer.

A senior engineer plus the relevant department lead joins the first call. No discovery gauntlet, no junior reps.

Book a discovery call All case studies

Real-time fraud detection for a US regional bank.

Client

US regional bank(anon.)

Industry

Financial Services

Duration

9 months

Team

5 senior engineers + CORTEX co-pilot

Model

Project-Based Delivery