Designing Real-Time Fraud Detection Pipelines
Architecture for Sub-100ms Decisioning
As a frontend engineer working on banking interfaces, fraud detection can feel like someone else's problem. The model runs somewhere upstream, a decision arrives, and your job is to render it — a declined transaction screen, a step-up authentication prompt, a risk flag in the case management dashboard. What happens between the moment a customer submits a payment and the moment your Angular component receives a response is, in practice, a distributed systems problem of significant complexity.
Understanding that architecture is not academic. The latency budget, the shape of the decisioning payload, the reliability guarantees of the pipeline — all of these directly affect what you can build on the frontend and how you reason about failure states. This article walks through the architecture of a production-grade fraud detection pipeline, with attention to what it means for the engineers interfacing with it.
The Latency Budget and Why It Starts with You
Sub-100ms fraud decisioning is a system-wide constraint, not just a backend target. If the payment gateway expects a fraud decision within 80ms, and your Angular application adds 15ms of network overhead on the request path, the pipeline has 65ms left to do feature computation, model inference, and response serialisation. That budget gets tighter with every layer.
This means frontend engineers need to be deliberate about where fraud check calls are initiated and how they are structured. Calls should originate as close to the point of transaction submission as possible — not after UI validation layers, not after redundant state checks. Payload size matters too: sending unnecessary fields to the decisioning API adds serialisation overhead on both ends. Work with the backend team to define a minimal, stable contract for the fraud request payload, and treat that contract as a performance artefact, not just an API spec.
Stream Processing: Kafka and Flink in the Decision Path
The fraud pipeline begins upstream of your API call. Transaction events enter a Kafka topic the moment they are initiated — often before the user has finished the submission flow. Kafka acts as the durable, high-throughput event backbone: it buffers transaction events, decouples producers from consumers, and provides the replay capability that makes audit trails possible under DORA.
Apache Flink sits downstream of Kafka, consuming the transaction stream and performing real-time feature computation. This is where behavioural signals are assembled: transaction velocity over a rolling window, deviation from a customer's historical spend pattern, geographic anomalies relative to recent activity. Flink's stateful stream processing allows these features to be computed continuously, without waiting for a batch job to run overnight.
For the frontend engineer, the implication is that by the time your API call reaches the decisioning service, a significant portion of the feature vector has already been computed. The request you send is not triggering feature computation from scratch — it is triggering a model inference step against a feature set that the pipeline has been maintaining in real time.
Online Feature Stores and Model Serving
The computed features produced by Flink are written to an online feature store — a low-latency key-value store (Redis and Feast are common choices) optimised for point lookups at inference time. When the decisioning service receives your request, it fetches the pre-computed features for the relevant customer and transaction context from this store, typically in under 5ms.
Model inference runs on a dedicated serving layer — commonly built on Triton Inference Server or a similar framework — which handles batching, versioning, and hardware acceleration. The model returns a fraud probability score, which the decisioning service then evaluates against configurable thresholds to produce a structured decision: approve, decline, or escalate to step-up authentication.
What you receive in the API response is the output of this chain. Design your Angular components to handle all three decision states explicitly, including the escalation path. A step-up authentication trigger is not an error — it is a valid, expected response that requires a distinct UI flow.
Explainability and the Regulator's Requirement
Regulators operating under PSD2 and the EBA's guidelines on internal governance require that automated decisions affecting customers be explainable. A fraud model cannot simply return a score; it must be able to surface the contributing factors in a form that can be presented to a customer or reviewed by a compliance officer.
This has direct consequences for the frontend. The decisioning API response in a compliant pipeline will typically include a structured explanation payload alongside the decision — a ranked list of contributing features or risk signals. Your case management interface needs to render this payload in a way that is meaningful to a fraud analyst: not raw feature names from the model, but human-readable labels that map to the underlying signals.
Build this rendering layer with compliance in mind. The explanation payload is not auxiliary information — in a regulated environment, it is part of the decision record. Treat it accordingly in your data model, and ensure it is preserved and surfaced in audit views.
Handling Failure States at the Integration Boundary
Production fraud pipelines are not uniformly available. Model serving infrastructure can experience latency spikes; the online feature store can experience cache misses that force a slower fallback lookup; Kafka consumer lag can introduce delays during traffic peaks. Your integration layer needs to account for these scenarios explicitly.
Define a clear timeout policy for fraud check calls — 150ms is a reasonable ceiling before falling back to a default policy. That default policy should be defined in collaboration with the risk team, not inferred by the frontend. Common approaches include approving low-value transactions below a defined threshold, routing to manual review, or applying a conservative decline. Whatever the policy, it should be encoded in the backend and returned as a structured response, not handled silently in the UI.
Instrument your Angular service layer to capture fraud API response times and timeout rates. These metrics belong in your frontend observability pipeline — they are signals about pipeline health that the backend team may not have direct visibility into from your vantage point.
The Frontend as a Compliance Surface
Fraud detection in banking is not a backend concern that surfaces occasionally in the UI. The frontend is the compliance surface where decisions become visible to customers, analysts, and auditors. Designing that surface well — with explicit handling of all decision states, accurate rendering of explanation payloads, and reliable observability of the integration layer — is as much a part of the fraud pipeline as the Kafka topics and Flink jobs running upstream.
Understanding the architecture end to end is what makes that design possible.
