How Alipay Leverages LSTM to Strengthen Mobile Payment Fraud Detection

Business Background

Mobile payments bring convenience but also expose users to unprecedented network fraud; Alipay alone receives thousands of fraud reports daily, involving millions of dollars. The core challenge is that fraudulent transactions often occur outside the payment system (e.g., via messaging apps), providing limited observable data, and the fraudulent behavior of both victims and perpetrators lacks obvious anomalies.

Fraud‑Risk Identification Challenges

Pre‑fraud actions occur outside the platform, resulting in scarce data.

Victims initiate transactions themselves, so abnormal user behavior is not obvious.

Many fraud‑related bank cards are newly issued, offering little historical information.

Model Upgrade with Deep Learning

The existing risk‑identification framework consists of three layers (trusted, real‑time, offline) and four transaction scenarios (account‑to‑account, account‑to‑card, direct non‑BD merchant, indirect merchant). Variables are grouped into historical summaries, derived features, and relational features.

To capture subtle patterns, Alipay introduced behavior‑sequence features for both victims and fraudsters. Analysis revealed distinct sequences, such as victims checking credit scores before transferring funds, while fraudsters often view account details or change avatars before cashing out. These sequences are encoded via feature engineering or learned directly through deep learning.

Specifically, event sequences based on operations, payments, and browsing actions are fed into an LSTM network, which learns long‑term dependencies and produces risk scores for each sequence.

LSTM Overview

LSTM (Long Short‑Term Memory) is a variant of recurrent neural networks that adds a cell state c and three gates (input, forget, output) to preserve long‑term information. The forward computation involves the current input, the previous hidden state, and the previous cell state, producing updated hidden and cell states. Training follows the standard back‑propagation‑through‑time algorithm.

Fraud Prevention Applications

4.1 Transfer‑to‑Account Scenario – Eight distinct sequences are constructed, covering real‑time and historical events for both payer and payee accounts, as well as combined sequences. Hour‑level vectors summarize real‑time events, while day‑level vectors summarize historical events. Each sequence is modeled with an LSTM; the final hidden state is passed through a fully connected layer to output a risk score. These eight scores are combined with existing variables, improving high‑score case coverage by over 5%.

4.2 Transfer‑to‑Card Scenario – New cards pose a detection difficulty. Card‑level embeddings are learned from sequence data and aggregated into card‑bin features. LSTM models on card‑receipt sequences generate embeddings that are merged with other variables. Experiments with 10‑ and 12‑bit card‑bin truncations show a 2–4% increase in coverage for card transactions.

Conclusion

The exploration of behavior‑sequence modeling for fraud detection is just beginning. Future work includes deeper integration of combined account and RPC sequences, modeling fraudster money‑laundering behavior, and extending sequence‑based features to additional business scenarios.