Rule-Based Fraud Detection Is Costing You Millions
Catch the fraud your rules miss and cut false positives in half, without a six-month ML build, in 90 days.
A cross-border payment gets approved. Then 47 more just like it, across 12 countries, using deepfake identity documents and synthetic profiles your system has never seen. By the time the pattern surfaces in a weekly review, the money has cleared three jurisdictions and is gone.
The FBI recorded over $16 billion in cyber-enabled fraud losses in 2024, a 33% year-over-year increase.1 Deepfakes have doubled in number every six months in recent years, with a projected 8 million expected to circulate in 2025.2 Deloitte projects that generative AI-enabled fraud losses will grow from $12.3 billion in 2023 to $40 billion by 2027.3
Your team is not the problem. Your detection system is.
How ML fraud detection actually works
Rule-based fraud systems apply fixed thresholds: block transactions above $10,000, flag new beneficiaries, restrict certain corridors. Attackers study these rules and route around them.
ML-powered fraud detection works differently. It builds a behavioral profile for every user, every corridor, and every transaction pattern. Then it scores deviations from those profiles in real time.
A remittance sender who sends $500 weekly to a family member in Kenya looks fundamentally different from a first-time sender wiring $8,000 to a new beneficiary in the same corridor. The system learns the difference instead of applying the same rule to both.
Instead of binary block or approve decisions, the model produces a continuous risk score. A score of 45 gets different treatment than a score of 89. ML-based approaches have demonstrated fraud prediction accuracy above 90%, compared to 50-60% for traditional rule-based methods.4
The system in four steps
1. Collect behavioral signals across corridors. Transaction velocity, device fingerprints, geolocation, beneficiary history, time-of-day patterns. For cross-border flows, the model also ingests corridor-specific features: FX pair, sending and receiving country risk profiles, and regulatory regime.
2. Score risk on a continuous scale. Every transaction receives a 0-100 risk score based on hundreds of weighted features evaluated simultaneously. This is what separates ML from rules. No human team can maintain a rule set that weighs 200 variables in real time.
3. Route decisions based on risk level. Clean transactions approve instantly. Medium-risk transactions trigger step-up verification. High-risk transactions block. Edge cases route to human review. The goal is matching friction to actual risk, not applying blanket treatment. This is the same principle behind precision-based fraud detection, applied at the transaction level.
4. Learn and adapt continuously. Every outcome feeds back into the model: confirmed fraud, false positive, confirmed legitimate. The system improves with every transaction. When attack methods shift, detection shifts within days, not quarters.
Three mistakes that leave you exposed
Relying on static rules calibrated for domestic flows. Cross-border fraud exploits corridor-specific weaknesses that domestic rules were never designed to catch. Multi-hop schemes move money through three countries in 48 hours.
Tightening controls across the board after a fraud spike. Fraud loss goes up, so you add stricter velocity checks and lower amount thresholds. False positives spike. You block good customers while sophisticated attackers, who study your thresholds, adjust their patterns within days. In a real-world study, BBVA and MIT researchers found that ML reduced false positives by 54% compared to this kind of blanket rule approach.5
Treating each transaction as an isolated event. Fraud rings do not operate one transaction at a time. They coordinate across corridors, time zones, and synthetic identities. Point-in-time rules miss the pattern because they cannot see the network. As we covered in detecting fraud rings before they scale, shifting from transaction-level to network-level detection is where the real leverage is.
What the numbers say
Put it in mid-market terms. If you process $500 million annually and your fraud rate is 0.8%, you are losing $4 million a year. Cut that to 0.3% with better detection and you save $2.5 million, before accounting for reduced chargebacks, lower false positive costs, and stronger banking partner relationships.
The results are not theoretical. ML-based fraud models achieve prediction accuracy above 90%, compared to 50-60% for rule-based systems.4 Real-world deployment at a major bank showed a 54% reduction in false positives.5
The U.S. Treasury's enhanced fraud detection processes, including machine learning, prevented or recovered over $4 billion in fiscal year 2024, a six-fold increase from the prior year.6 That is a government agency, not a vendor benchmark. The FTC reported $12.5 billion in consumer fraud losses in 2024, a 25% increase from 2023, confirming the trajectory is accelerating.7
Why most teams cannot build this internally
The hard part is not the model. It is everything around it.
Feature engineering across corridors. You need 50 to 100 behavioral features extracted cleanly from transaction history, device signals, and network relationships. Each corridor has different data availability and fraud patterns.
Real-time scoring infrastructure. Decisions must return in under 100 milliseconds during transaction authorization. That requires production ML infrastructure, not a data science notebook.
Continuous retraining pipelines. Fraud patterns shift every 30 to 60 days. A model that is not retraining on recent outcomes degrades fast.
Explainability for regulators. Every decision needs a clear reason code for chargebacks, audits, and compliance reviews. Regulators increasingly expect model documentation and audit-ready explanations for automated fraud decisions, which requires purpose-built explainability infrastructure.
Most mid-market teams have one or two data scientists already stretched across fraud, compliance, and underwriting. Building production-grade ML infrastructure takes months of engineering time that is already allocated to core product. This is the same bottleneck we see in scaling risk ops without scaling headcount.
What to do in the next 90 days
Weeks 1 to 3: Audit your current detection system. Pull 90 days of fraud cases and declined transactions. Calculate your false positive rate by corridor and customer segment. Quantify the revenue impact: declined volume multiplied by net margin.
Weeks 4 to 6: Map your fraud decision logic. Document every rule in production. Identify which rules generate the most false positives and which corridors have the worst fraud-to-detection ratio. Find the three highest-impact areas where ML would replace the broadest rules.
Weeks 7 to 9: Run a retrospective analysis. Score your last 90 days of transactions with an ML model in shadow mode. Measure whether it would have caught the same fraud with fewer false positives. Quantify the opportunity in recovered revenue and reduced investigation time.
Weeks 10 to 12: Pilot on one corridor. Deploy ML scoring alongside your existing rules on your highest-volume corridor. Compare results side by side. Build the internal business case with real data.
How Devbrew builds fraud detection for cross-border teams
Devbrew builds ML-powered fraud detection systems for cross-border payments companies. We handle the feature engineering, real-time scoring infrastructure, continuous retraining, and explainability requirements so your team can stay focused on product.
Every system is custom. Models are trained on your data, your corridors, and your risk profile. We build the data pipelines, ML models, decision APIs, and monitoring that production fraud detection requires. The ROI case starts with the fraud losses and false positive costs you are already absorbing.
Next step
If AI-powered fraud is outpacing what your current system can catch, a short conversation can clarify where the biggest gaps are and what it takes to close them.
The goal is to understand the problem you are trying to solve, what is at stake, and where AI can create meaningful leverage in your payments stack. You will leave with clarity on options, direction, and whether we can help.
Book a 30-minute call or reach out at joe@devbrew.ai.
Footnotes
FBI Internet Crime Complaint Center, "2024 IC3 Annual Report." https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf ↩
European Parliamentary Research Service, "Deepfakes: Detecting and Responding to a Growing Threat." https://www.europarl.europa.eu/RegData/etudes/BRIE/2025/775855/EPRS_BRI(2025)775855_EN.pdf ↩
Deloitte Center for Financial Services, "Deepfake Banking Fraud Risk on the Rise." https://www.deloitte.com/us/en/insights/industry/financial-services/deepfake-banking-fraud-risk-on-the-rise.html ↩
Nature Humanities and Social Sciences Communications, "Financial Fraud Detection Through the Application of Machine Learning Techniques." https://www.nature.com/articles/s41599-024-03606-0 ↩ ↩2
MIT News, "Better Prediction of Financial Fraud With Machine Learning." https://news.mit.edu/2018/machine-learning-financial-credit-card-fraud-0920 ↩ ↩2
U.S. Department of the Treasury, "Treasury Announces Enhanced Fraud Detection Processes, Including Machine Learning AI, Prevented and Recovered Over $4 Billion in Fiscal Year 2024." https://home.treasury.gov/news/press-releases/jy2650 ↩
Federal Trade Commission, "New FTC Data Show Big Jump in Reported Losses to Fraud: $12.5 Billion in 2024." https://www.ftc.gov/news-events/news/press-releases/2025/03/new-ftc-data-show-big-jump-reported-losses-fraud-125-billion-2024 ↩
Let’s explore your AI roadmap
We help payments teams build production AI that reduces losses, improves speed, and strengthens margins. Reach out and we can help you get started.