India’s digital commerce infrastructure is scaling at a speed no fraud detection system was originally designed for. With UPI processing over 228 billion transactions worth ₹300 trillion in 2025, the system has become the backbone of everyday commerce.Thespeed at which online transactions are increasing makes the payments ecosystem both highly efficient and complex to secure.
As digital payments scale, fraud is not just increasing;it’s evolving at the same pace, powered by the same technology: AI. Fraud has entered an AI-vs-AI phase. Attackers are deploying generative models, automated botnets and real-time adaptive techniques to engineer attacks that look indistinguishable from legitimate behaviour. On the other hand, financial institutions continue to rely on machine learning modelstrained on historical data.
The problem lies in one fundamental mismatch: fraud is evolving in real time while detection systems are not. This gap between how fast fraud evolves and how slowly systems adapt is where most real-world failures begin.
CEO & Co-Founder
InstiFi
When the training data becomes the liability
The biggest vulnerability of fraud detection models is that they are built on historical data. These models are the last to know when the fraud pattern changes, and in payments, this causes real-time loss.
Fraud detection models are built on historical data, which makes them inherently reactive. By the time patterns are learned, fraud evolves. Fraudsters understand model behavior better than most compliance teams do by reverse-engineering systems. They probe with small transactions, identify thresholds and strikes when models are under pressure. Synthetic identities are crafted to mimic legitimate user profiles at the aggregate level while committing fraud. At scale, these behaviours blend seamlessly into normal user activity, making it difficult for static models to distinguish between legitimate and fraudulent intent.
Most institutions treat model deployment as a destination and move on. When the model goes live, it achieves a strong initial accuracy and is then left to run. Over time, this leads to silent model degradation, and the performance drops gradually without triggering immediate alarms.
Latency problem: Where speed and accuracy collide
There’s a constraint that real-time payment systems impose that complicates fraud detection in waysoffline or batch-processing environments do not. For instance, UPI expects authorization responses within a few hundred milliseconds. In many cases, even a delay of a few milliseconds can impact transaction success rates, leaving little room for computationally heavy analysis.
The most accurate fraud detection models are deep neural networks, ensemble models that cross-reference dozens of behavioural signals, and graph-based models. They are the heaviest to run, and deploying them in real time is often not feasible. So, production systems sacrifice detection depth and focus on creating a simpler, faster model that meets latency requirements.
A fraudulent transaction can slip through a fast, shallow model that a deeper one would have caught. The way to fix this gap is not to slow down payments but to rethink how to build a smarter detection architecture. This creates a structural trade-off where security is often constrained by speed rather than strategy.
Why detection breaks: The production gap
Three structural problems make fraud detection harder in the real world than in theory. These are nottechnical limitations, but systemic challenges that emerge only at scale.
The first is signal imbalance. Most transactions are real, so each time a model flags too many false alarms, the real fraud goes unnoticed. This also masks the model’s weakness in identifying the real fraud. As a result, models are often optimised for overall accuracy rather than true fraud detection effectiveness.
The second is slow feedback. The information that reaches when a fraud is detected is often delayed by days or weeks. By then, fraudsters have already moved to a newer method. This delay weakens the feedback loop that is critical to improve model performance in dynamic environments.
Third is adversarial adaptation. Unlike most machine learning problems, fraud has an active opponent. A machine learning model that promises to solve, learn and adapt faster than the system. The attacker tries something different each time a fraud attempt is blocked.
Continuous learning
Fixing fraud detection should be about improving the existing infrastructure and not just building better models. The goal should be to detect fraud before it strikes. One should have systems that absorb new fraud signals as they happen and adapt in real time. Acknowledging the urgent need to address the issue, even the Reserve Bank of India has expanded its AI analytics and reinforced safeguards against mule accounts and cyber fraud by rolling out “MuleHunter.AI”, an artificial intelligencemachine learning-based solution for mule account detection.
Layered intelligence: No single model is enough
No single model can solve fraud detection. Effective systems combine a fast, lightweight model for instant decision-making with more advanced models running in parallel to conduct deeper analysis. This ensures that speed is not achieved at the cost of accuracy. Instead of a single yes-or-no outcome, transactions are evaluated across multiple layers of risk, improving detection without compromising latency.
Graph-based analytics also adds another layer of security since fraud usually operates through networks of mule accounts, fake identities and coordinated devices. Models that have the ability to map relationships between accounts, devices and merchants can spot patterns that no single transaction would reveal on its own.
The network effect of fraud intelligence and building infrastructure
Data collaboration across institutions is one of the most underutilised levers in fraud prevention. Fraudsters do not limit themselves to one bank. The same fake identity that attempts fraud at one institution will often try its luck at another, yet most banks and payment ecosystems keep the fraud data to themselves. This makes the other institutions vulnerable to the same fraudster.
This problem can be handled easily by sharing fraud intelligence across institutions. India’s Central Payments Fraud Information Registry, operated by RBI, is in that direction. Banks should be allowed to collectively train smarter fraud models without actually sharing raw customer data with each other.
The greatest strength of UPI is that it works seamlessly across every bank, app and platform. Even fraud intelligence should be built the same way so that it’s shared, connected and visible across the entire ecosystem.
A fraud detection system must be a live system. It should update, react to signals in real time and adjust the level of scrutiny based on each transaction’s risk profile. Even explainability is critical. Black box decisions erode trust and create regulatory risk. Regulators increase scrutiny on automated decision-making, fraud systems that can show their reasoning, like what was flagged, why & what pattern triggered it. Explainability is rapidly becoming a baseline requirement for trust, compliance, and scalability.
The arms race has no finish line
The future of fraud prevention will be defined by how intelligently the entire detection stack is designed to adapt, learn, and collaborate in real time.
In an AI vs AI environment, static systems will continue to fall behind. What’s needed is infrastructure that is inherently dynamic—capable of ingesting live signals, orchestrating multiple layers of intelligence, and responding to threats as they evolve. This includes embedding continuous learning loops, enabling secure data collaboration across institutions, and ensuring every decision is explainable in a regulated landscape.
Fraud prevention must be taken seriously. It must be built into the foundation of the paymentstack, designed to be dynamic, connected and intelligent like the threats. India has already shown the world what bold payment infrastructure looks like. Now it’s time to protect it by using world-class fraud intelligence.
–Authored by Prakash Ravindran, CEO & Co-Founder at InstiFi