An Event-Driven Streaming Architecture for Real-Time Payment Anomaly Detection: Formal Framework with Hybrid Transformer-Ensemble Detection and Analytical Performance Modeling

Author(s): Anath Bandhu Chatterjee, Suman Basak

Publication #: 2606049

Date of Publication: 08.06.2026

Country: United States

Pages: 1-14

Published In: Volume 12 Issue 3 June-2026

DOI: https://doi.org/10.62970/IJIRCT.v12.i3.2606049

Abstract

Real-time authorization decisioning in payment networks requires anomaly detection that operates within the 100–200ms latency budget imposed by card scheme SLAs, while maintaining accuracy across the full transaction lifecycle—from ISO 8583 authorization requests through clearing and settlement. Legacy front-end processor (FEP) architectures relying on log-based batch analysis on closed fault-tolerant platforms cannot meet these requirements at scale. This paper presents a formally grounded architectural framework for real-time payment anomaly detection, integrating Apache Kafka for durable partitioned ingestion, Apache Flink for stateful complex event processing with exactly-once semantics, and a Redis cluster deployed within a PCI-DSS-scoped zone as a feature store augmented with probabilistic data structures. We formulate detection as constrained optimization over streaming event sequences with explicit P99 latency, throughput, and false positive bounds tied to authorization timeout constraints. The detection layer combines LightGBM ensembles for interpretable pattern-based screening with an Anomaly-Attention Transformer that exploits association discrepancy—a fundamentally stronger signal than LSTM-Autoencoder reconstruction error—for unsupervised behavioral anomaly scoring. We validate detection performance through measured experiments on a synthetic dataset calibrated to payment transaction statistical properties, and derive pipeline performance bounds through stage analysis and Little’s Law, projecting P99 latency budgets, throughput scaling characteristics, and cascade inference efficiency as a function of the suspicion threshold. A 53-feature taxonomy grounded in ISO 8583 field semantics, a systematic ablation study design, and comparison against five baselines establish the evaluation methodology.

Keywords: payment authorization, anomaly detection, Anomaly Transformer, ISO 8583, event-driven architecture, complex event processing, PCI-DSS, analytical performance modeling, concept drift

Download/View Paper's PDF

Download/View Count: 3

Share this Article