Those who believe that risk decisions can be fully delegated to “the AI” underestimate modern payment systems. Successful fraud prevention depends on the interplay between clear rules, data-driven models, and operational fine-tuning. This is also a matter of corporate responsibility.

Few topics in the payment and risk sector are discussed as emotionally, or, at times, as simplistically, as the use of artificial intelligence (AI) in fraud prevention. In many conversations, you get the impression that a set of historic rules could simply be switched off and replaced by an AI model: plug in the AI, switch off fraud. The reality, as is so often the case, is far less black and white and decidedly more demanding. The implicit consensus in the market today is rather this: the current world still requires tried-and-tested fraud rules, with AI as an addition, not as a temporary solution, but as a long-term target state.

Rules as the Foundation of Modern Fraud Prevention

Rule-based systems have an image problem. They're seen as inflexible, unmanagable, and supposedly incompatible with modern data-driven approaches. Yet, it is often overlooked that these very rules provide a stable framework in which any model can operate effectively. They define hard boundaries, non-negotiable exclusion criteria, regulatory guardrails, and well-known fraud patterns. In other words, the system’s seat belts.

But, and this is crucial: no one should run rigid rules on a “set it and forget it” basis. Rules, too, must continuously adapt to new fraud patterns, regulatory requirements, and market changes. Fraud is dynamic, and any static system inevitably loses effectiveness unless it is maintained.

At Unzer, we have worked with exactly this approach for many years - long before AI became the buzzword of the day. Logistic regressions, scorecards, and rule-based decision logics are not new inventions but established methods that underpin many of the most robust and successful risk systems for years. These methods meet all the criteria that define AI: they automate decisions, learn from historical data, identify patterns, and derive probabilities. Most importantly, they are explainable, a non-negotiable aspect in regulated payments.

Responsibility Transforms Systems

In practice, for us, this means that we make real-time decisions every year on tens of millions of transactions. The data foundation for this is very slim: essentially what you’d find in a telephone directory, plus the email address. There is neither manual review nor any retrospective corrections; no “we’ll review that again later”. Every decision must be correct at the moment the transaction occurs.

What makes this approach particularly challenging is the economic responsibility behind it. Models work differently when you bear the liability yourself. Unzer carries the full default risk for around €1.5 billion annually processed through our platform. If you carry the risk, you need a deep understanding of decision logics, rules, and conversion effects. Fraud prevention and revenue optimisation for the merchant are no longer opposites but two sides of the same coin.

Where Data is Limited, Processing Counts

How resilient this interplay of rules, models, and economic responsibility is becomes especially evident in use cases with high uncertainty and limited data, such as in the Buy Now, Pay Later (BNPL) sector. Here, by nature, only a limited amount of primary data is available: whilst classical credit information is accessible, it is often not insightful for fraud detection. The decisive lever is not the amount of data, but its intelligent processing.

Key importance is attached to so-called weak signals, such as device fingerprints, timestamps, address patterns, or behavioural sequences. Taken individually, these pieces of information might seem insignificant; in combination, however, they enable the formation of an accurate risk profile. This not only lowers the fraud rate but also boosts acceptance. Every avoided false rejection is a win for merchants, customers, and providers alike.

Modern AI models address exactly this point: they are capable of deriving robust risk indicators from fragmented, weakly correlated information, without sacrificing transparency or traceability. In this way, they extend classical algorithms.

Another advantage lies in the automated detection of anomalies: unusual patterns can be pinpointed more rapidly, more precisely, and with significantly less manual effort than in traditional setups. This increases response speed and reduces the burden on operational teams - an important factor amid rising cost pressures.

If Risk Is Ambiguous

Despite all progress, there remains an uncomfortable truth: even with advanced models, up to one in 20 applications may be declined for particular payment types due to insufficient data. At the same time, we know that not all of these are fraudulent. A significant proportion are bona fide customers whose profiles simply cannot be sufficiently validated. The art is in continuously refining models so as to narrow this gap, without uncontrolled risk increases. Risk management remains a balancing act.

A particularly difficult aspect to detect is what's known as first-party fraud, sometimes referred to as “friendly fraud”. This is where cardholders dispute a fundamentally legitimate transaction by claiming they did not authorise the transaction, did not receive the goods, or that the goods were not as described. This category includes, for example, a child using their parents’ credit card without their knowledge, or people claiming a refund despite having received their goods.  

For small and medium-sized merchants in particular, this can become expensive very quickly. AI-based methods for spotting anomalies help identify such patterns early, often more effectively, and with significantly less manual effort than classical review processes.

The context also matters: without a suitable payment partner and reliable logistics, the problem can quickly escalate. The good news is that European card issuers are now actively addressing this issue and putting countermeasures in place. In the United States, however, much older attitudes to chargebacks often still prevail - a difference anyone active in those markets should be aware of.

What Matters Most: Acceptance, Risk, and Ongoing Fine-Tuning

The statistics prove that this effort pays off. Using simple in-house models, it is possible to reliably process around four out of five purchases in markets like Germany. With specialist providers like Unzer, acceptance rates above 90 percent are realistic. But this success is not based on a static setup; it’s the result of the constant fine-tuning of rules, thresholds, and models. The outcome is a true win-win-win situation: merchants generate revenue, customers enjoy a smooth purchase process, and the payment service provider only earns when a transaction is successful.

The key takeaway from practice is this: rigid rules are no anachronism, they are a vital foundation. They define regulatory minimum standards, clear exclusion criteria, and comprehensible guidelines. AI builds upon these, prioritises, learns, and optimises. Real risk intelligence is achieved where stability and learning capacity intersect. Those who master this create robust systems, even in a world where fraud is becoming ever more creative. AI is no magic wand. But in the hands of risk management, it is a damned good tool.

‍