# How Machine Learning Detects Fraud: A Practical Breakdown > Source: > Published: 2026-06-20 00:27:28+00:00 Machine learning detects fraud by learning the patterns of past fraudulent transactions and flagging new transactions that match those patterns — combining models trained on known fraud cases with anomaly-detection methods that catch fraud patterns no one has seen before. Most production fraud systems use both approaches together, not one or the other. Here's how that actually works, and what makes fraud detection a harder problem than it first looks. Older fraud systems ran on fixed rules: flag any transaction over $5,000, flag any purchase from a new country, flag any card used twice in 10 minutes. Rules are easy to understand, but they break down fast: Machine learning replaces fixed thresholds with learned patterns that adjust per customer, per merchant, and per context automatically. Banks and payment processors have years of transactions already labeled fraudulent or legitimate (often confirmed by customer disputes or investigations). A supervised model trains on that history, learning which combinations of features tend to appear in fraud cases. **Common features fed into the model:** The model doesn't apply a fixed rule to any single feature — it learns the *combination* of signals that historically correlates with fraud, which is why it catches cases a simple rule would miss entirely. Supervised models are only as good as their training data — they're built to catch fraud patterns that have already happened before. **New fraud techniques won't be in the training data**, which is exactly where Unsupervised models don't need a label called "fraud." Instead, they learn what *normal* behavior looks like for a customer or system, and flag anything that deviates significantly — whether or not it matches a known fraud pattern. This is what catches genuinely new fraud techniques before enough labeled examples exist to train a supervised model on them. Fraud decisions for card transactions typically need to happen in well under a second — the transaction is either approved or declined before the customer's payment terminal moves on. This puts real constraints on the system: Every fraud system makes a trade-off: There's no setting that eliminates both. Most systems use a **risk score** rather than a binary yes/no, routing borderline transactions to additional verification (a text message confirmation, a manual review) instead of an outright block — reducing customer friction while still catching high-risk cases. A customer who normally spends $50-$150 per transaction in their home city suddenly has a $2,000 transaction from a country they've never shopped in, at 3 a.m. local time, on a new device. No single feature here is automatically fraud — large purchases, travel, and new devices all happen legitimately. But the **combination**, scored against the customer's typical pattern, produces a high risk score, and the transaction gets flagged for extra verification rather than an automatic block. Fraud detection works best as a layered system: supervised models catch known fraud patterns with high accuracy, unsupervised models catch novel patterns supervised models haven't seen yet, and a risk-scoring layer on top decides whether to block, allow, or verify — balancing fraud prevention against the cost of frustrating legitimate customers.