Problem

A leading regional bank (under NDA) needed to strengthen its fraud prevention capabilities in the face of a new fraud scheme spreading across countries. Fraud officers lacked tools to detect suspicious activity in near real time and had no way to block fraudulent transactions directly.

However, their core banking platform — built on Oracle 11g — couldn’t be modified without breaching vendor warranty conditions, but vendor work took months and significant investments.

The bank needed a flexible, fast-to-deploy solution that would integrate safely into their infrastructure while allowing near real-time detection and action.

Our Solution

To meet the bank’s security, infrastructure, and operational requirements, we built a standalone fraud detection web solution using Java 8 and Spring MVC. Key components of the solution included:

• Data Access:

  • The module polls a materialized view in the banking core Oracle 11g every minute to retrieve recent transaction data without affecting core system performance.

  • No changes were made to the core, ensuring vendor warranty remained intact.

  
  

• Fraud Detection Logic:

  • We implemented a pattern-matching algorithm designed to detect suspicious transaction sequences.

  • The detection rule parameters were decoupled from the codebase — allowing full control over parameters without redeployment.

    
    

• Configuration Management:

  • Parameter values are stored in a local config file, modifiable via the same web interface.

  • To avoid reading the file on every request, we used Spring Cache with a 7-day TTL.

  • A cache invalidation mechanism was implemented to clear and reload parameters instantly after any update.

    
    

• Interface & Access Control:

  • An internal web dashboard was built for fraud officers to review and act on alerts.

  • Single Sign-On (SSO) was integrated using Microsoft Active Directory, allowing secure access with existing bank credentials.

    
    

• Fraud Action Workflow:

  • When a match is detected, the officer receives a near-real-time notification.

  • After manual verification, if required, the officer can cancel the reversal transaction via a single button, which triggers a PL/SQL procedure call — stopping fraud.

This modular, low-impact architecture allowed the system to be deployed independently, with minimal risk and full operational flexibility.

Outcome

The module was developed, tested, and deployed in under two weeks — with zero changes to the core banking system. The bank began preventing $50,000 to $75,000 in fraud losses per month.

The solution ran reliably and was easily adjustable by non-technical staff, reducing response times and operational overhead.

By the end of the year, the bank was named the “Best Fraud Prevention Bank” in the country.