TL;DR: AI-powered fraud scoring processes hundreds of transaction, device, and behavioral signals in milliseconds to produce risk scores that can approve, step up, or block payments, according to Sift. The real issue is not whether models can score faster, but whether organisations can tune thresholds, governance, and review paths without creating blind spots or excessive friction.
NHIMG editorial — based on content published by Sift: AI Fraud Score: How AI Calculates Transaction Risk in Real Time
By the numbers:
- Global payment fraud losses reached $48.2 billion in 2024, making real-time fraud detection more critical than ever.
- 70% compared with traditional rule-based systems., % compared with traditional rule-based systems.
Questions worth separating out
Q: How should security teams tune AI fraud scores without creating too much customer friction?
A: Start by defining score bands that map to clear actions, such as approve, step-up authentication, manual review, or decline.
Q: Why do AI-related fraud threats matter to IAM teams?
A: AI-related abuse matters because it increases the speed and quality of deceptive interactions that target identity controls.
Q: What breaks when fraud scores are treated as static rules?
A: Static thresholds quickly fall behind attacker adaptation and normal customer behaviour shifts.
Practitioner guidance
- Map score bands to explicit control outcomes Define what each risk band does in production, including approve, step-up authentication, manual review, and decline.
- Validate model inputs against fraud and identity telemetry Check that transaction, device, location, and account signals are actually available and current before relying on the score.
- Track false positives as a business control metric Measure blocked legitimate transactions, manual review rates, and abandonment alongside fraud capture.
What's in the full article
Sift's full article covers the operational detail this post intentionally leaves for the source:
- The score-band logic used to decide when a transaction is approved, stepped up, reviewed, or blocked.
- The specific data categories and model inputs that influence scoring behaviour in production.
- The operational tuning approach for balancing fraud reduction against false positives and checkout friction.
- The vendor's examples of how different industries apply the score across payments, account access, and bot risk.
👉 Read Sift's analysis of how AI fraud scores calculate transaction risk in real time →
AI fraud scoring in payments: what security teams need to know?
Explore further
AI fraud scoring is becoming a governance control, not just a detection model. Once organisations use scores to approve, decline, or step up transactions, they have moved from analytics into policy enforcement. That means ownership, threshold review, exception handling, and auditability matter as much as model accuracy. Practitioners should manage fraud scoring as a governed control plane, not a black box.
A question worth separating out:
Q: Who is accountable when AI-driven defence blocks legitimate users or misses fraud?
A: The organisation remains accountable, not the model. Security, fraud, and identity owners need a shared governance model that defines decision rights, exception handling, and auditability. If an AI system affects access or customer trust, it needs the same accountability discipline as any other identity control.
👉 Read our full editorial: AI fraud scoring is reshaping real-time transaction risk decisions