Monday, June 30, 2025

Why I Chose AI + Rules for Fraud Detection (Instead of Reinventing the Wheel)


“Smart systems don’t always mean new ideas. Sometimes they mean proven ones, applied well.”


🧭 Introduction

When I started designing the architecture for Fraud-Free Swarajya, I spent time analyzing how successful real-world payment platforms like Stripe, Razorpay, Adyen, and PayPal combat fraud.

The pattern was clear:

🔁 They use AI models to detect patterns and Rules to enforce business logic.

It wasn’t a choice between the two — it was both.

That insight changed how I designed the system.


🧠 Why Not Just Use AI?

There’s no doubt — modern fraud detection depends heavily on machine learning. AI can detect complex, evolving fraud techniques that rules simply can't catch. And that’s what my module tanaji does.

But here’s what these platforms taught me:

AI predicts. Rules enforce.
AI adapts. Rules protect.
AI learns. Rules ensure compliance.

So I didn’t try to invent something fancy.

I used the established combo:
🔹 AI (for learning & scoring)
🔹 Rules (for deterministic decisions)


🤖 Tanaji – The AI Fraud Scoring Engine

I built tanaji using Python and FastAPI. It runs a Random Forest model that accepts transaction data and returns:

  • A fraud score between 0 and 1

  • An explanation (e.g., “High amount”, “Risky country”)

  • List of factors that influenced the score

AI is great for:

  • Learning from past fraud trends

  • Handling edge cases and evolving behavior

  • Detecting subtle correlations (e.g., device + merchant + time pattern)

But it’s not perfect.


⚠️ The Limitations of AI (and Why Big Players Use Rules Too)

  1. AI is probabilistic – It predicts likelihood, not certainty

  2. AI needs training data – Rare fraud types may get missed

  3. AI can’t enforce business policies – Like limits, geofencing, KYC rules

That’s where dadoji enters — our Rule Engine module.


🧭 Dadoji – Business Rules That Make the System Accountable

Each rule in dadoji is:

  • Independent

  • Explainable

  • Easy to test and extend

For example:

  • HighAmountRule – Flags transactions above ₹50,000

  • RiskyLocationRule – Flags based on IP or country

  • GiftCardLimitRule – Rejects large gift card purchases

These are not data-driven — they’re policy-driven.

💡 Even Stripe uses this dual approach — using AI to assess risk, but backing it up with strict rules and thresholds that can override decisions.


🔄 How They Work Together

When a transaction hits sindhudurg (our API gateway):

  1. It first goes to tanaji for fraud scoring

  2. Then passes through dadoji for rule evaluation

  3. The final decision is made using both

Example:

  • Score = 0.93 → Suggests FLAG

  • Rules violated: HighAmount & RiskyMethod → Recommendation: REJECT

This way, business certainty and predictive intelligence work hand-in-hand.


💬 Why This Was the Right Decision

  • ✅ It mirrors what industry leaders are already doing

  • ✅ It gives us flexibility to improve either layer independently

  • ✅ It keeps the system transparent and testable

  • ✅ It simplifies compliance and auditing

I didn’t want to reinvent the wheel.

I just wanted to build it with precision and purpose.


⚔️ Why “Tanaji” and “Dadoji”?

Because Tanaji was the fierce warrior — bold, quick, instinctive.

And Dadoji Konddev was the calm strategist — enforcing rules, discipline, and logic.

Every fraud system needs both.


🛠️ What’s Next

  • A Feedback Loop module (santaji) to learn from false positives

  • Notifications & asynchronous workflows

  • Admin dashboard for monitoring and tuning


🔗 GitHub

Code & commits: https://github.com/pcm1984/fraud-free-swarajya


No comments:

Post a Comment