Business Context

PayLink processes roughly 8 million card transactions per day across web and mobile checkout. The risk team wants an anomaly detection system that flags suspicious transactions for manual review and requires a clear explanation of why the chosen detection approach is appropriate.

Dataset

You are given 12 months of transaction-level data with historical review outcomes for a subset of transactions. Most transactions are legitimate, labels are incomplete, and fraud patterns change over time.

• Size: 24M transactions, 44 features
• Target availability: only ~6% of transactions have downstream fraud labels from manual review or chargebacks
• Observed fraud rate in labeled data: 0.7%
• Missing data: 18% missing in device/network fields, 4% missing in behavioral aggregates for new users

Success Criteria

A good solution should detect unusual transactions early enough for review, achieve strong ranking quality on labeled data, and provide a defensible explanation for why the chosen method fits sparse labels and evolving fraud behavior.

Constraints

• Real-time scoring must stay under 30 ms per transaction
• Analysts need transaction-level explanations
• False positives are costly because review capacity is capped at 12,000 alerts/day
• The model must be refreshable weekly without heavy retraining cost

Deliverables

1. Propose and justify an anomaly detection approach for this dataset
2. Build a training and evaluation pipeline using the partially labeled data
3. Compare at least one unsupervised method with one supervised baseline
4. Define alert thresholds tied to review capacity
5. Explain how you would communicate and defend your model choice to risk stakeholders