Telco Payment Fraud Detection Platform
Enterprise-grade real-time payment fraud detection system designed for Telco/MSP environments. Built to handle high-throughput transactions with sub-10ms decision latency.
The Challenge
Payment fraud in the telecommunications industry costs operators billions annually. Traditional batch-processing approaches fail because:
- Too slow: Fraudsters complete SIM activations, device purchases, and service upgrades before detection
- Too rigid: Static rules cannot adapt to evolving attack patterns like SIM farms and device resale fraud
- Poor UX: Blocking legitimate subscribers hurts revenue more than the fraud itself
The Solution
A real-time decisioning engine that:
| Capability | Achievement |
|---|---|
| Decision Latency | Sub-10ms P99 |
| Detection Coverage | 5 fraud signal types |
| Policy Updates | Hot-reload without restart |
| Evidence Trail | Complete audit for disputes |
Key Features
Real-Time Decisioning
Every transaction receives an instant decision:
ALLOW β Proceed normally FRICTION β Request additional verification (3DS, OTP) REVIEW β Queue for manual review BLOCK β Decline transaction
Multi-Signal Detection
The platform analyzes five distinct payment fraud patterns targeting Telco/MSP:
- Card Testing - Rapid small topups probing stolen card validity
- SIM Farm / Velocity Attacks - Multiple SIM activations from same card (fraud ring indicator)
- Device Resale Fraud - Subsidized device upgrades with intent to resell
- Bot/Automation - Emulators, datacenter IPs, Tor exit nodes (automated fraud)
- Friendly Fraud - Historical dispute patterns and subscriber behavioral signals
Configurable Policy Engine
Business rules are defined in YAML and can be updated without deployment:
thresholds:
block_score: 85
review_score: 60
friction_score: 35
rules:
- name: device_upgrade_new_subscriber
condition: event_subtype = device_upgrade AND subscriber_age_days < 30
action: REVIEW
- name: high_risk_sim_swap
condition: event_subtype = sim_swap
action: REVIEWArchitecture at a Glance
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Payment Gateway β
βββββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Fraud Detection API β
β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ β
β β Feature β βDetection β β Risk β β Policy β β
β β Engine β β Engine β β Scoring β β Engine β β
β ββββββ¬ββββββ ββββββ¬ββββββ ββββββ¬ββββββ ββββββ¬ββββββ β
βββββββββΌββββββββββββββΌββββββββββββββΌββββββββββββββΌβββββββββββ
β β β β
ββββββΌβββββ ββββββΌβββββ ββββββΌβββββ ββββββΌβββββ
β Redis β β Detect β β Score β β YAML β
βCounters β β Signals β β Combine β β Config β
βββββββββββ βββββββββββ βββββββββββ βββββββββββ
β
βΌ
βββββββββββββββββββ
β PostgreSQL β
β Evidence Vault β
βββββββββββββββββββTechnical Stack
| Component | Technology | Purpose |
|---|---|---|
| API | FastAPI | High-performance async endpoints |
| Feature Store | Redis | Sub-ms velocity counter lookups |
| Evidence Store | PostgreSQL | Immutable audit trail |
| Monitoring | Prometheus + Grafana | Real-time metrics and alerting |
| Dashboard | Streamlit | Demo and testing interface |
| Infrastructure | Docker Compose | Local development environment |
Results
The Sprint-1 MVP delivers:
- 5 detection signals covering major fraud patterns
- Sub-10ms latency for decision responses
- Hot-reload policy updates without restarts
- Complete evidence capture for dispute resolution
- 45+ unit tests with comprehensive coverage
- Load tested to 1000+ requests/second
Author: Uday Tamma