![Native[risk]](http://images.squarespace-cdn.com/content/v1/65704856a75e450a6d17d647/f3aa0ca7-8a4d-4034-992f-9ae514f1127e/Native+risk_logo-invert.png?format=1500w){kind=logo}
#61 - Real-time fraud defense has a fatal flaw
When we talk about fraud prevention systems, we usually mean real-time fraud prevention systems.
But here's what most teams miss: even if you layered your real-time defenses, it’s still just one defensive line. And as we already discussed, defensive lines are meant to be breached.
How?
It all comes down to their fundamental constraint: speed. You have 100-300 milliseconds to make a decision.
This speed constraint cascades into everything: you can only use pre-computed data, call fast APIs, run quick algorithms, and look at what's immediately available.
But fraudsters don’t care about your latency requirements. And this means we need to think about a higher-level abstraction for layered defenses.
So today I want to go back in time to the magnificent ‘90s and talk about the solution. You guessed it—batches.
Let’s explore three use cases where batches can outperform real-time systems.
Use Case 1: go back in time
Real-time systems give you one chance to stop a fraudulent attempt, and one chance only.
But think about your velocity checks. Let’s take an example: you are blocking account creation if the same device was used to create two other accounts in the past day.
That’s a standard velocity check that would likely be quite accurate.
The problem? You let the first two attempts go through. And if you’re only counting on real-time decisions, you can only do the clean-up manually.
But if you run your velocity checks in batch overnight? It’s a completely different picture.
You can catch and act against the entire ring.
You can have compute-heavy velocity checks that run on fuzzy logic (i.e., normalized address).
You can catch patient fraud rings that trickle events over extended periods of time.
You can even run full-fledged entity resolution analysis that lets you traverse multiple levels of connections between events.
Use Case 2: break data silos
This is something I rarely see mentioned, even though it’s likely affecting you.
You have tons of fraud-relevant data in your organization. It exists right now. But due to legacy architecture or integration complexity, it never makes it into your real-time decisioning.
Your customer support system knows which users filed complaints. Your payment processor sends disputes to an SFTP as PDF files. Your marketing stack isn’t passing through referral URLs.
These are all valuable fraud signals, but none of them are in your real-time fraud vendor API call.
Why? Because piping that data into real-time requires engineering work, building integrations, and maintaining data pipelines with different data formats or refresh rates.
But batch removes this constraint. You can join data across every system you have: Customer support tickets, payment failure history, account tenure data, CRM information about customer value—everything.
Use Case 3: think slow
Some fraud signals are incredibly predictive, but are too slow for real-time decisioning.
Deep email verification takes 2-10 seconds. It checks if the inbox actually exists, searches breach databases, analyzes reputation across networks. You can't wait 5 seconds at checkout.
On the other hand, some data is produced by batches in and of itself: sanction lists, social media intelligence, dark web breach lists.
If you want to incorporate these to also be relevant to your recent traffic (and not just from now on), you’ll need to do that with a batch yourself.
Finally, and I’ve seen it as well, being able to run slow, heavy computation has another benefit: you can run non-optimized ML models.
I see it mainly in teams that train their own ML models in-house, and don’t necessarily want to completely give them up once a vendor enters the frey with a real-time model.
Running them in batch is the perfect solution if you have the data science chops, but are lacking the resources to implement an optimized model in production.
Why bother if fraud already happened?
Here's the objection I always hear: "What's the point? The fraud already went through. The money's gone."
Not quite.
First, it's not always too late. Even if you can only recover funds in 10% of cases—through refunds, freezing accounts, or working with other banks—that's still a massive ROI on batch analysis that costs you almost nothing to run.
But the bigger win isn't about recovering past losses. It's about stopping future ones from happening.
Batch gives you labels fast. You don't need to wait 45 days for chargeback notifications. You can identify fraud within hours based on behavioral patterns, support tickets, and network analysis.
Those fast labels let you fine-tune your system immediately: update lists, tweak rules, and retrain models.
It’s a mechanism designed to keep your main, real-time defense layer up to date.
The bottom line
Real-time is your first line of defense, and it's crucial. But it's constrained by speed.
Batch isn't just "slower real-time." It's a fundamentally different capability that lets you go back in time to catch fraud rings, break through data silos, and run analysis that's too slow or too infrequent for real-time.
The best fraud teams don't choose between real-time and batch. They layer them.
Real-time makes fast decisions. Batch validates those decisions, discovers what real-time missed, and feeds intelligence back to make tomorrow's real-time better.
What fraud-relevant data exists in your organization but never makes it to your real-time decisioning? Hit reply—I'm curious what you're sitting on.
In the meantime, that’s all for this week.
See you next Saturday.
P.S. If you feel like you're running out of time and need some expert advice with getting your fraud strategy on track, here's how I can help you:
Free Discovery Call - Unsure where to start or have a specific need? Schedule a 15-min call with me to assess if and how I can be of value.
Schedule a Discovery Call Now »
Consultation Call - Need expert advice on fraud? Meet with me for a 1-hour consultation call to gain the clarity you need. Guaranteed.
Book a Consultation Call Now »
Fraud Strategy Action Plan - Is your Fintech struggling with balancing fraud prevention and growth? Are you thinking about adding new fraud vendors or even offering your own fraud product? Sign up for this 2-week program to get your tailored, high-ROI fraud strategy action plan so that you know exactly what to do next.
Sign-up Now »
Enjoyed this and want to read more? Sign up to my newsletter to get fresh, practical insights weekly!
