Personal Wiki

Catch Me If You Can: A Multi-Agent Framework for Financial Fraud Detection

4 min read

Catch Me If You Can: A Multi-Agent Framework for Financial Fraud Detection

Abstract

This Medium article by Maria Prokofieva argues that traditional ML-based fraud detection — rules engines, XGBoost ensembles, logistic regression — fails modern fraud because it cannot keep pace with concept drift, produces unacceptable false-positive rates, and lacks the interpretability required for regulatory compliance. The proposed solution is a six-agent orchestrated pipeline where each agent owns one narrow responsibility: contextual feature extraction, pattern divergence scoring, risk synthesis, explanation generation, decision recommendation, and feedback integration. The architecture is event-triggered per transaction, runs in real time or batch depending on risk level, and is designed with analyst intervention as a first-class concern. Early results reported include an 18% precision improvement and a 30% false-positive reduction compared to the prior monolithic system.

Key Concepts

  • Concept Drift: The phenomenon where the statistical properties of fraud patterns change over time as attackers adapt, causing static models to degrade in production without retraining — the central failure mode the article addresses.
  • Six-Agent Pipeline: A sequential orchestration where each agent consumes the output of its predecessor:
    1. Contextual Feature Extractor — vector search on prior labeled transactions; enriches metadata with merchant behavior, device fingerprint anomalies, cross-session irregularities
    2. Pattern Divergence Analyst — compares transaction to a dynamic behavioral profile built from embeddings and time-series forecasting; scores deviations in size, time, geo, device, and frequency
    3. Risk Synthesizer — fuses deviation scores with industry risk signals (MCC code scores, BIN lookup history, geolocation tiers) using an LLM reasoning template; produces human-readable rationales
    4. Explanation Generation Agent — writes plain-language audit justifications citing risk rationale, transaction history, and known fraud trends; caches outputs for compliance indexing
    5. Decision Recommender — weighted decisioning over risk score, confidence thresholds, customer tier, and historical false-positive rate; outputs one of: approve, soft decline (OTP), hard block, or route to manual review
    6. Feedback Integration Loop — ingests analyst overrides, post-event fraud labels, and customer dispute resolutions; fine-tunes agent-specific prompting and weights without full model retraining
  • Perceive–Reason–Act in Fraud Context: The six agents collectively implement a perceive-reason-act loop — the extractor perceives context, the synthesizer reasons over signals, the recommender acts with an auditable rationale. Compare to the generic ReAct loop studied in the NCP-AAI material.
  • Human-in-the-Loop Design: Manual review is not an afterthought — the Decision Recommender explicitly routes to analysts, and the Feedback Loop ingests their overrides. This is a first-class architectural feature, not an error fallback.
  • Zero-Day Fraud: Novel fraud patterns not present in historical training data; signature-based and ensemble ML systems cannot detect these; agentic architectures can adapt through the feedback loop and contextual reasoning.

Key Algorithms

  • Vector Search on Transaction History: The Contextual Feature Extractor retrieves semantically similar past transactions using embeddings, enabling few-shot-style contextual enrichment at inference time without retraining.
  • Time-Series Behavioral Profiling: The Pattern Divergence Analyst builds rolling user profiles from embedded transaction histories and forecasts expected behaviour, scoring the current transaction against the forecast.
  • LLM-Driven Reasoning Template (Risk Synthesizer): An LLM receives structured risk signals and generates a natural-language rationale — the synthesis step converts numeric scores into auditable reasoning chains.
  • Weighted Decisioning (Decision Recommender): Combines risk score, confidence threshold, customer tier, and false-positive rate history into a final action decision; customer tier gates apply differential treatment (high-value customers bypass soft declines).

Key Claims and Findings

  • Traditional ML fraud systems fail not due to model quality but due to architectural rigidity: inability to adapt to concept drift, poor interpretability, and brittle pipelines where rule changes cause downstream failures.
  • Multi-agent decomposition provides four structural advantages over monolithic models: explainability (every decision is narratively justified), scalability (agents scale independently), domain adaptability (swap or fine-tune per region or risk category), and resilience (partial failure does not halt the pipeline).
  • Early production results: 18% precision improvement, 30% false-positive reduction; analysts adopted the Explanation Agent output directly into review workflows.
  • Planned evolution: real-time LLM embeddings via streaming Kafka, real-time feature stores replacing SQL-based signal generation, and reinforcement-learning policies for optimal risk actioning.

Terminology

TermDefinition
CNP fraudCard-not-present fraud — transactions where the physical card is not used (e-commerce, phone orders)
MCC codeMerchant Category Code — four-digit ISO code classifying a merchant’s business type; used as a risk signal
BIN lookupBank Identification Number lookup — first six digits of a card identify the issuing bank; used to assess card-level risk
Soft declineA transaction rejection that can be overridden by the customer via OTP or additional authentication
Hard blockAn unconditional transaction rejection with no customer override path

Connections

Graph View

Backlinks