Turn mountains of transaction data into one score that helps banks say yes—or hold on—when linking outside accounts. Learn the ingredients, model, and how to explain it to non‑data‑nerds.
TL;DR — We turn mountains of transaction data into a single risk score that helps banks say yes or hold on when you link an outside account. In this post you'll learn what's inside that score, why it matters, and how to explain the math to your favorite non‑data‑nerd.
Why Should You Care?
Linking a new checking or crypto wallet is the digital‑age equivalent of handing a stranger your house keys. Banks need a quick way to spot trouble without blocking legitimate customers. That's where an enhanced fraud‑risk model powered by open banking comes in.
Imagine an airport security line that scans luggage in milliseconds and flags only the suspicious bags for closer inspection. That's exactly what we're building for open‑banking connections.
The Raw Ingredients
| Bucket |
What's Inside |
Why It Helps |
| Transactions | 60–90 days of amounts, timestamps, payment types | Reveals spending rhythms & sudden spikes |
| Context | Device ID, IP, geo‑location, account age | Spots unusual logins or brand‑new accounts |
| External Signals | Credit score, blacklist hits, TPP reputation | Adds crowd‑sourced risk clues |
Wait—what's SHAP?
If "why did the model say no?" keeps you up at night, SHAP (SHapley Additive exPlanations) is the antidote. Picture the model as a team project: SHAP fairly splits the credit—or blame—among every feature, so you can see exactly how a jump in transaction velocity or a strange geo‑hop nudged the score higher. That transparency keeps auditors happy and lets analysts explain decisions in plain English.
Turning Data into Signals
Raw data is a big, noisy cocktail party. Features are how we tap guests on the shoulder and get their one‑line introductions so the model can hold an intelligent conversation. Here's our quick‑fire cheat sheet:
| Signal |
What it's really asking |
Quick math sketch |
| Txn Velocity | "Are you moving money faster than most?" | Count tx 24 h/7 d/30 d |
| Account Age | "How long has the account existed?" | Today – open_date |
| Device Consistency | "Same device or new gadget at 3 a.m.?" | Entropy of devices |
| Geo Consistency | "How far did you travel between logins?" | Haversine distance |
| Amount Dispersion | "Do transfers jump from pennies to paychecks?" | max/mean + std dev |
| Credit/Debit Ratio | "Did inflows flip to outflows?" | credits / debits |
| Blacklist Hit | "On a watch list?" | Binary flag |
| TPP Risk | "Is the provider high‑risk?" | Rolling fraud rate |
A Peek Inside the Model
Below is a simulated picture of how the model behaves[7]. No production data, just lego bricks for your imagination.
Most accounts cluster under 0.30 (low risk) while a long tail creeps toward 0.70+. We set business rules right on those cut‑off cliffs.
Velocity rules the roost, but even modest signals like a blacklist ping can tip the scales.
Keeping Humans(and Agents) in the Loop
Risk scores alone don't shut accounts. They prioritize —
- < 0.30 → auto‑approve, smooth UX.
- 0.30–0.60 → light extra checks (e.g., micro‑deposits).
- 0.60 → analyst review or instant block.
LLM Multiplier – Autonomous LLM agents become turbo‑assistants for fraud analysts. The agent will:
- Pull the complete feature footprint for every 0.30–0.60 "yellow‑zone" account.
- Enrich it with device/geo history, sanctions lists, consortium fraud scores, and recent TPP risk events.
- Generate a concise, SHAP‑backed case memo (and pre‑draft a Suspicious Activity Report when thresholds are met).
- Recommend an action code—approve, challenge, or deny—with a confidence rating that improves as analysts give feedback.
- Loop analyst dispositions back into the training set so recommendations get sharper over time.
Platforms such as Lucinity's Luci Copilot and Oscilar's autonomous risk agents report 50–60 % fewer false positives and case review times dropping from ~15 minutes to under 2 minutes, letting humans focus on truly ambiguous edge cases.
This tiered workflow catches bad actors and spares genuine users the headache.
Takeaways You Can Quote at Lunch
- Fraud detection is pattern‑spotting, not crystal‑ball magic. The better the features, the smarter the model.
- Explainability tools (SHAP) turn black‑box scores into bank‑ready audit trails.
- Continuous feedback (analyst dispositions, charge‑back data) is the oxygen that keeps models alive.
Bottom line: A well‑tuned fraud‑risk model makes open banking safer without flattening user experience. Now you can drop "transaction velocity anomaly" into a conversation and watch heads nod. 😉
Questions or thoughts? Comment below or reach out — I love geeking out on risk models!
Sources
- Lucinity — Luci Copilot: Generative‑AI Assistant for AML Analysts. Product whitepaper, 2024.
- Oscilar — Autonomous Risk Agents: Cutting False Positives in Fraud Detection. Solution brief, 2024.
- European Banking Authority — Guidelines on Fraud Reporting Under PSD2. Final report, 2023.
- Lundberg, S. M. & Lee, S.‑I. — "A Unified Approach to Interpreting Model Predictions." Advances in Neural Information Processing Systems, 2017 (origin of SHAP methodology).
- Stripe — "Machine Learning Infrastructure for Real‑Time Fraud Prevention." Engineering blog, 2023.
- ComplyAdvantage — "Real‑Time Transaction Monitoring in Open‑Banking Ecosystems." Industry report, 2024.
- Author's simulation — Risk‑score distribution generated with a Beta(2, 8) random draw of 1,000 points; feature importance derived from an example Gradient‑Boosting model trained on the same synthetic dataset using SHAP values.
