Real-Time Fraud Detection: The Core as First Line of Defense

WAU Marketing
a few seconds ago
4 min read

If your anti-fraud system learns about the fraud when you read the next day's report, you've already lost. With instant payments, the fight isn't won by investigating—it's won or lost in the milliseconds before you approve the transaction.

It's worth separating two things people tend to blur. AML—money-laundering prevention—is slow-pattern work: tracing where money comes from, over weeks. Transactional fraud is the opposite: it's the charge you don't recognize, the transfer leaving your account right now toward a mule account. And on instant rails—PIX in Brazil, SPEI in Mexico—that money is gone and won't come back. The challenge is no longer to detect; it's to detect in time. And "in time" means before you hit "approve."

The new problem: the instant payment is irreversible

For decades, the card model offered a cushion: a transaction could be disputed and reversed via chargeback. Instant payments broke that cushion. Once the transfer completes, it's final; the victim has almost no recourse, explains anti-fraud vendor Feedzai. The region's most brutal case made it plain: in July 2025, an attack on the PIX ecosystem diverted between R$800 million and R$1 billion through more than 140 receiving accounts, and months later only about 2% had been recovered, as Colombia Fintech reported.

This isn't a one-off mega-attack. It's the physics of the system. Brazil's Central Bank created a Special Refund Mechanism (MED) precisely to try to recover funds transferred by fraud, and even so, in 2025 only about 9.3% of disputed amounts were recovered on average under the original MED, per the Central Bank's own data in the MED 2.0 documentation. Translation: once money leaves on an instant rail, you recover it one in ten times, at best. The only moment that matters is before.

The numbers already hitting the region

This isn't a hypothesis for the future. In Mexico, during the first half of 2025 users filed 2.48 million complaints over possible fraud—a 5.2% annual rise—for 10,714 million pesos, equal to 72% of everything claimed against banks; banks returned barely a quarter, about 2,556 million, per Condusef figures reported by Vanguardia. The same source notes that digital fraud now represents more than 60% of complaints.

In Brazil, PIX fraud losses reached R$4.9 billion, growing 70%, per Central Bank data obtained under the Freedom of Information law, as CNN Brasil reported. And the trend is structural, not regional: in the European Economic Area, fraud losses on credit transfers rose 24% in a year, while fraudulent transactions on instant payments surged 175%, according to the joint EBA-ECB payment fraud report. Where instant payment arrives, instant fraud arrives.

Why a "batch" core arrives too late

Here's the point almost no one says out loud. Many institutions in the region run their anti-fraud as a process that looks at transactions afterward: by the hour, at night, at end-of-day. That worked when money took time to move. Not anymore.

The technical standard for real-time fraud is brutal: the decision—approve, challenge with authentication, or block—must be made in a few hundred milliseconds or less, and every millisecond of added latency risks either letting fraud through or frustrating a legitimate customer, as vendor Aerospike describes. Some systems do the fraud check in under 10 milliseconds. A core that only exposes data in batches—that can't deliver balance, history, and customer context in that instant—can't take part in that decision. It arrives once the money is already out. It's not that the bank lacks models; it's that the model lacks the data in time, because the core doesn't hand it over.

The core is the first line, not the fraud team

Real-time detection isn't a module you buy and plug in. It's a capability that depends on the architecture beneath. A good scoring model needs, at the exact moment of the transaction: the customer's historical behavior, spending pattern, usual device, transaction velocity, the destination. All of that lives in the core. If the core exposes it via API, in real time, the model decides in time. If the core keeps it in silos reconciled overnight, the model decides late—and "late" in instant payments means "you've already lost the money."

That's why the core isn't the bystander to fraud; it's the first line of defense. It's the difference between a system that approves first and reviews later, and one that scores before approving. The first generates complaints; the second prevents them.

It's not just blocking: it's not breaking the experience

There's a hidden cost in overdoing it. If your defense is to over-block, you punish good customers with false positives: legitimate payments declined, cards frozen, calls to the call center. The beauty of real-time scoring with good data is the graduated response: most transactions pass with no friction, doubtful ones request a second factor, and only the clearly fraudulent ones are stopped. That precision—less fraud and fewer false positives at once—is only possible when the model sees rich, fresh data. Again: the core.

How we see it at WAU

At WAU we build the core that lets you fight fraud on the only ground where it's won: real time. We expose balance, history, customer context, and transaction events via API, in milliseconds, so your scoring engine—yours or the one you prefer—decides before approving, not after a complaint. We don't sell you the anti-fraud model; we give you the architecture that makes it capable of stopping a fraudulent PIX or SPEI while there's still time. A batch core turns fraud detection into an autopsy. A real-time core turns it into defense.

If your fraud losses are rising and your anti-fraud still looks at yesterday, let's talk. We'll help you see what your architecture needs to decide in milliseconds. 👉 Book a conversation with our team.