There seems to be a consensus that anti-fraud defense should be “layered”.

The more lines of defense you have, the more fraud you’ll be able to prevent.

But when I see references to these “layers”, it’s often in the context of continuously monitoring a user throughout their journey: from signup, through account activity, to monetization.

What I see less talk of, is the notion that layers can be applied to the same event, but using different approaches. For example: AI and rules.

Instead, I regularly encounter the age-old debate of which one is better.

But let me ask you this:

Which tool does the carpenter prefer? Their hammer or their saw?

Depends on the task at hand.

So today I’d like to share my approach for layering fraud defenses around a single event.

Achieving balance between scale and accuracy

Some fraud prevention approaches excel in their accuracy, while others excel in how easy it is to scale them.

For a modern Fintech to be able to balance the two, they’ll need to weave these approaches together. And specifically, how to optimize their fraud decisions for both scale and accuracy.

My approach is quite simple:

You start with the layer that is most scalable, so you can cheaply make all the easy decisions.

As cases get harder they’ll go through a “step-up” to the next layer, which will require more resources but will be more accurate.

It sounds quite complex, but it’s actually pretty straightforward and easy to implement.

Layer 0: Features

This layer sits outside of our decision engine, but powers it so we need to address it first.

Fraud prevention technology is often used to create additional features to describe the events we’re assessing.

This can be anything from consortium data, velocity checks, and email intelligence, to graph analysis, biometrics, and AI scores.

Yes, you read that right.

AI scores feed and inform our decisions, but they are not deterministic on their own.

When a Signup receives a fraud score of 68, we still need to decide if we approve or block it.

And this decision will only happen in the next layer.

Layer 1: Strategy Rules

The first layer of defense are rules that mostly rely on AI scores to make decisions.

It could be as simple as this rule:

As you can see, you cannot use an AI model without utilizing some form of rules, even if they are very simplistic.

Side note: Hopefully, your Strategy Rules layer will be much more nuanced than the above example. Here’s a guide on how to optimize your AI strategy rules to gain the best performance.

But here’s the thing: transforming your AI scores into decisions isn’t usually the most accurate way to detect fraud.

Don’t believe me? Go ahead and calculate how many of your decisions are driven by AI scores. It’s very likely that you’ll be unpleasantly surprised by your findings.

The main advantage of these rules though, is that they degrade quite slowly and maintaining them requires very little effort.

In fact, if you’re updating them more than once every quarter you’re probably doing it wrong.

So even though AI can fail with hard fraud cases, it’s a cheap and scalable way to automate the easy decisions. The clear good and the clear bad events in your system.

Layer 2: Fraud Rules

Once we “get rid” of the easy decisions, we need to consider what’s left. Which fraud cases would bypass AI models but could be detectable by rules?

Here are a few cases:

New fraud rings that were not part of the model’s training set
Fraud rings that attack specific low-data flows that impact model performance
Fraud patterns that share too many features with good customers

There are plenty of reasons why rules can potentially succeed where models fail.

But the biggest one is this:

It’s all about the score thresholds you configured in the previous layer. It might be that a fraud pattern will get a high score, but not high enough to reach your threshold.

To address this, we employ fraud rules that are designed to fill-in the gaps in our models.

By designing them to deal specifically with patterns our model misses, we can achieve a “local superiority” in terms of accuracy.

However, this is obviously not cheap to scale. Both because of the initial research and testing cost, as well as the need to monitor and tweak rules over time.

I’ve already covered how to design highly accurate rules, but even when you follow these guidelines you cannot escape the reality: rules degrade much faster than models.

Fighting performance degradation costs plenty.

Layer 3: Manual Review

Not every business or fraud threat will require this last layer, but I see it as the last piece in the puzzle.

We’re often so busy cheering for either the AI camp or the rules camp that we tend to forget good ol’ fashion investigations still have their purpose in 2025.

Obviously, this is the most expensive approach to run and scale. In terms of direct costs, as well as in user experience, as it tends to require higher user friction.

But sometimes there’s no substitute for human intervention, especially in particular cases: either very complex ones or when the financial exposure is very high.

Keep in mind though, this is not about deciding who’s smarter: humans or machines.

It’s about making the most out of all the tools at our disposal.

When we conduct manual review we usually have more time, more data, and possibly more touchpoints with the user. All these will translate into better accuracy.

How much of your decisions should end up in manual review? This really depends on your business model and the specific threat vector.

Onboarding tends to have high ratios and I know of mature Fintechs that still review 100% of all new applications.

Payments usually represent the other end of the spectrum with <1% of the flow, if at all.

Side note: Regardless of the above, here’s my guide on how to increase your manual review ROI.

Stacking your layered fraud cake

So how do we layer the different approaches so we can enjoy both worlds: accuracy and scalability?

As I mentioned above: it’s really simple.

First, we need to make sure they are executed sequentially by the order above. Meaning each layer should ideally be exposed to the decisions in the previous layers.

Specifically, all rules should be exposed to the AI scores, and all case investigations should be exposed to both the AI scores and the fired rules.

Then we tailor the different layers to focus on “gray areas” of the layers that come before them.

For example:

If my Strategy Rule declines signups with a fraud_score >=68, my Fraud Rules should have a fraud_score < 68 condition in them.

Another one: if a payment is blocked by a Fraud Rule, there’s no reason to send it to Manual Review.

See? Simple. You’re probably already following some of this structure without realizing it.

The bottom line

In fraud, there’s no “right” approach.

There’s no silver bullet that lets you optimize fraud rates AND user experience.

The only way to achieve growth while keeping your company and users safe is by realizing that every tool has its flaws, but also its uses.

And just like a master craftsman uses many tools to build an heirloom jewelry box, a fraud strategist should use different tools to perfect their system.

The only thing we should say no to are prejudices.

Which other tools do you use for fraud prevention? Hit the reply button and let me know!

In the meantime, that’s all for this week.

See you next Saturday.

P.S. If you feel like you're running out of time and need some expert advice with getting your fraud strategy on track, here's how I can help you:

Free Discovery Call - Unsure where to start or have a specific need? Schedule a 15-min call with me to assess if and how I can be of value.
Schedule a Discovery Call Now »

Consultation Call - Need expert advice on fraud? Meet with me for a 1-hour consultation call to gain the clarity you need. Guaranteed.
Book a Consultation Call Now »

Fraud Strategy Action Plan - Is your Fintech struggling with balancing fraud prevention and growth? Are you thinking about adding new fraud vendors or even offering your own fraud product? Sign up for this 2-week program to get your tailored, high-ROI fraud strategy action plan so that you know exactly what to do next.
Sign-up Now »

Enjoyed this and want to read more? Sign up to my newsletter to get fresh, practical insights weekly!

<

#29 - Beyond AI vs Rules: The 3-Layer Cake of Fraud Defense