Building Real-Time Fraud Detection with Amazon Bedrock and Claude AI - (Let's Build 🏗️ Series)

Imagine a fintech or e-commerce platform where you want to detect suspicious transactions in real time. Instead of writing complex rules only, you use AI + event-driven architecture.

In this article, I will design an architecture that detects fraudulent traffic and malicious activity in a system using AI and Amazon Bedrock.

The main parts of this article:
1- Architecture
2- Flow Step-by-Step, AWS Bedrock (Claude)
3- Key Takeaways

---

1- Architecture

I used Amazon EventBridge as an example here, but you might be using Amazon API Gateway or even AWS Step Functions in your architecture.

---

2- Flow Step-by-Step

A. Transaction Happens

A user makes a payment:

{
  "detail": {
    "user_id": "123",
    "amount": 2500,
    "country": "unknown VPN location",
    "device": "new device",
    "time": "03:12 AM"
  }
}

Event is sent to EventBridge.

B. Lambda Trigger

Lambda receives the transaction and prepares a prompt.

C. Amazon Bedrock (Claude)

import boto3
import json

bedrock = boto3.client("bedrock-runtime")

def lambda_handler(event, context):
    tx = event["detail"]

    prompt = f"""
    You are a fraud detection system.

    Analyze the transaction and return:
    - risk_score (0-100)
    - decision (ALLOW / REVIEW / BLOCK)
    - reason

    Transaction:
    {tx}
    """

    response = bedrock.invoke_model(
        modelId="eu.anthropic.claude-haiku-4-5-20251001-v1:0",
        body=json.dumps({
            "anthropic_version": "bedrock-2023-05-31",
            "messages": [
                {"role": "user", "content": prompt}
            ],
            "max_tokens": 200
        })
    )

    result = json.loads(response["body"].read())
    return result

D. AI Output Example

{
      "type": "text",
      "text": "# Fraud Detection Analysis\n\n**risk_score:** 78\n\n**decision:** REVIEW\n\n**reason:** Multiple risk factors detected:\n- **Unknown VPN location** - Unable to verify legitimate geographic origin; suggests attempted anonymization\n- **New device** - First transaction from unrecognized device; increases fraud probability\n- **Unusual transaction time** (03:12 AM) - Outside typical user activity windows\n- **Moderate-high amount** ($2,500) - Significant transaction value amplifies risk\n\n**Recommendation:** Require additional verification (2FA, identity confirmation, or customer contact) before processing."
}

E. Action Taken

Depending on response:

• BLOCK → reject transaction
• REVIEW → send to manual review queue
• ALLOW → proceed normally

---

3- Key Takeaways

Together, these capabilities make AI-powered event-driven systems far more powerful than traditional rule-based approaches, as they can understand context instead of relying on static thresholds, make real-time decisions as events occur without batch delays, scale effortlessly from a few transactions to millions thanks to serverless architectures, and continuously adapt to new fraud patterns or behaviors. This combination enables systems that are not only scalable and efficient, but also intelligent, dynamic, and resilient to changing environments.

Happy coding 👨🏻‍💻

💡 Enjoyed this? Let’s connect and geek out some more on LinkedIn.