Reading List
Fraud Operator Reading List
Fraud operations have shifted faster than most teams' tooling — foundation models score in milliseconds, attack patterns drift in weeks, and the cost of false positives now rivals fraud losses in many CNP channels. This reading list builds the operator picture in order: a KPI scorecard that defines what you are measuring, the detection architecture that delivers those metrics, the attack categories that drive most volume, the model and rule governance that keeps controls calibrated, and finally the chargeback spillover where upstream gaps surface as downstream P&L.
Who this is for
Fraud teams, payments engineers building fraud decisioning into the authorisation path, risk leaders setting tooling and team strategy, and any operator who needs to distinguish scheme-enforced compliance thresholds from internal operating targets.
Reading order
The full reading list
-
Fraud Operations KPIs: Metrics, Targets, and Escalation Triggers
The operator scorecard: 18 KPIs across loss exposure, detection, customer friction, operational efficiency, model and rule quality, and chargeback spillover — with PSI thresholds, escalation triggers, and reporting cadence. Start here because every downstream piece is a control on one or more of these metrics.
15 min read
-
Real-Time Fraud Decisioning: How Payment AI Makes Sub-100ms Calls
How sub-100ms fraud scoring is built in production — feature stores, model cascades, latency budgets, and the accuracy trade-off most teams underestimate. The architecture chapter for any team putting ML inline in the authorisation path.
11 min read
-
Account Takeover Detection: The ML Stack Behind ATO Prevention
ATO happens at authentication, before the payment ever loads — which means transaction-only fraud detection misses it entirely. Device intelligence, session signals, credential stuffing patterns, and the ML stack required to catch ATO before a fraudulent payment is even attempted.
11 min read
-
Card Testing and Enumeration Attacks: How to Detect and Stop Them
Card testing is both a fraud problem and a VAMP compliance problem — Visa includes enumeration-flagged transactions in the VAMP ratio calculation. Attack anatomy, velocity detection, BIN clustering, and the operator playbook to shut down an active campaign without breaking legitimate traffic.
10 min read
-
Why You Still Need Rule Engines in 2026
Rules are not legacy. They still win on regulatory explainability, instant deployment, and long-tail edge cases that ML cannot reach in time. When each layer makes sense and how to architect the handoff between them.
8 min read
-
Payment AI MLOps: Model Drift, Retraining, and Production Monitoring
Fraud models decay — chargebacks arrive 60–120 days late, ground-truth labels lag, and PSI drifts well before performance degrades the loss rate. The production monitoring discipline that keeps models accurate between scheduled retrainings.
13 min read
-
First-Party Fraud: Friendly Fraud and the Largest Chargeback Category
First-party fraud — the customer disputing a transaction they authorised — now accounts for the majority of e-commerce dispute volume at most merchants. Detection logic, dispute prevention tooling, and where the fraud and chargeback scorecards begin to converge.
11 min read
-
Chargeback Operations KPIs: Metrics, Targets, and Escalation Triggers
The downstream view: once fraud passes through controls and becomes a dispute, this is the operational scorecard — 16 KPIs across scheme compliance, representment execution, win rate by reason code, and cost per recovered dollar. Reconcile the fraud chargeback share metric here against the fraud KPI scorecard at item 1.
15 min read
Subscribers get the PSP Selection RFP Kit — 60+ structured questions, evaluation scorecard, and negotiation playbook — delivered to your inbox instantly.