[SEO Subhead]
This Guidance demonstrates how to build a real-time fraud detection system using payment data replicated from your mainframe database. The replicated data powers three parallel workflows. First, it trains an Amazon Fraud Detector machine learning (ML) model to continuously improve detection accuracy. Second, it adds payment history details to authorization request messages, providing more context for merchants. Third, it analyzes data to generate insights and dashboards for business users, with natural language querying capabilities. These functions improve fraud detection capabilities and enable more informed decision-making for both merchants and the card-issuing financial institution.
Note: [Disclaimer]
Architecture Diagram
[Architecture diagram description]
Step 1
Your bank receives the card payment authorization requests on your mainframe.
Step 2
The authorization process makes a real-time call to AWS to get the fraud score using AWS compute.
Step 3
The integration application on AWS enriches the request with customer and merchant historical data stored on Amazon Relational Database Service (Amazon RDS).
Step 4
Artificial intelligence and machine learning (AI/ML) models running on Amazon SageMaker generate the fraud score and return it to the mainframe so that it can approve or decline the transaction.
Step 5
The authorization history message is inserted into an IBM Db2, virtual storage access method (VSAM), or IBM information management system (IMS) database.
Step 6
The Precisely publisher agent captures the database change records and publishes them to the apply agent running on an Amazon Elastic Compute Cloud (Amazon EC2) instance.
Step 7
The Precisely apply agent publishes the change records to Amazon Managed Streaming for Apache Kafka (Amazon MSK).
Step 8
An Amazon MSK connector process reads the messages from Amazon MSK and inserts them into the Amazon RDS history database. The same data is read during scoring.
Step 9
Amazon Data Firehose (successor to Amazon Kinesis Data Firehose) streams the data from Amazon MSK to Amazon Simple Storage Service (Amazon S3).
Step 10
Amazon Redshift consumes data from Amazon MSK. Business dashboards are created using Amazon QuickSight, which also provides the capability to query data using natural language.
Step 11
Amazon Simple Notification Service (Amazon SNS) and Amazon EventBridge send alerts and notifications.
Step 12
SageMaker trains the AI/ML model offline using the transaction data stored in Amazon S3 along with other internal and external data.
Step 1
Your bank receives the card payment authorization requests on your mainframe.
Step 2
The authorization process makes a real-time call to AWS to get the fraud score using AWS compute.
Step 3
The integration application on AWS enriches the request with customer and merchant historical data stored on Amazon Relational Database Service (Amazon RDS).
Step 4
Artificial intelligence and machine learning (AI/ML) models running on Amazon SageMaker generate the fraud score and return it to the mainframe so that it can approve or decline the transaction.
Step 5
The authorization history message is inserted into an IBM Db2, virtual storage access method (VSAM), or IBM information management system (IMS) database.
Step 6
The Precisely publisher agent captures the database change records and publishes them to the apply agent running on an Amazon Elastic Compute Cloud (Amazon EC2) instance.
Step 7
The Precisely apply agent publishes the change records to Amazon Managed Streaming for Apache Kafka (Amazon MSK).
Step 8
An Amazon MSK connector process reads the messages from Amazon MSK and inserts them into the Amazon RDS history database. The same data is read during scoring.
Step 9
Amazon Data Firehose (successor to Amazon Kinesis Data Firehose) streams the data from Amazon MSK to Amazon Simple Storage Service (Amazon S3).
Step 10
Amazon Redshift consumes data from Amazon MSK. Business dashboards are created using Amazon QuickSight, which also provides the capability to query data using natural language.
Step 11
Amazon Simple Notification Service (Amazon SNS) and Amazon EventBridge send alerts and notifications.
Step 12
SageMaker trains the AI/ML model offline using the transaction data stored in Amazon S3 along with other internal and external data.
Get Started
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational ExcellenceRead the Operational Excellence whitepaper
Amazon CloudWatch monitors and tracks the flow of replicated messages. By reconciling messages at different points in the replication pipe, it can detect breaks in the dataflow. It can then alert you so that you can troubleshoot performance issues. Amazon MSK, Amazon Data Firehose, and EventBridge enable you to replay the replicated messages, restarting them from a specified point in time.
-
SecurityRead the Security whitepaper
AWS Identity and Access Management (IAM) lets you control authentication and authorization between various AWS services. To limit unauthorized access to resources, this Guidance scopes all IAM policies down to the minimum permissions required for the service to function properly. Additionally, AWS Secrets Manager securely stores and AWS Key Management Service (AWS KMS) encrypts the credentials used by Amazon RDS and Amazon MSK.
-
ReliabilityRead the Reliability whitepaper
The Precisely apply engine runs on Amazon EC2 and uses standby instances to pick up the replication process if active instances fail. Additionally, Amazon MSK stores multiple copies of the data so that you can quickly recover it in case of failure. You can then replay the data, restarting from a point in time that you specify.
-
Performance EfficiencyRead the Performance Efficiency whitepaper
Amazon MSK can distribute the replicated records into multiple partitions, thus enabling multiple consumers to process the records in parallel. These processes can also consume the messages from a specific Apache Kafka consumer group assigned to the process without interfering with others. Additionally, Amazon Data Firehose and EventBridge help in removing bottlenecks by processing the messages asynchronously.
-
Cost OptimizationRead the Cost Optimization whitepaper
Amazon EC2 automatically scales up and down the number of compute instances that serve the fraud scoring requests coming from the mainframe. This helps you minimize costs because only the minimum number of compute instances required to run at any given time are provisioned. Additionally, SageMaker helps you lower costs by optimizing inferencing. It provides over 70 instance types and sizes for deploying ML models, such as instances powered by ML-optimized AWS Inferentia and AWS Graviton chipsets. Finally, you can use Amazon S3 Intelligent-Tiering to automatically move old data to cheaper storage tiers, lowering your overall storage costs.
-
SustainabilityRead the Sustainability whitepaper
This Guidance runs on AWS infrastructure, which is 3.6 times more energy efficient than the median of surveyed US enterprise data centers. It is also up to 5 times more energy efficient than the average European enterprise data center. As an example of AWS sustainable infrastructure, Amazon EC2 scales automatically to meet demand so that solutions don’t need to provision idle compute. By migrating mainframe data from your data centers to AWS, you can ultimately minimize the environmental impact of your processing workloads.
Related Content
[Title]
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.