Here’s how fraud detection works at most fintech companies: a transaction happens, the system logs it, a rules engine scores it, and if the score is high enough, someone on the fraud team gets an alert. They review the transaction. They decide whether to flag it.
By the time the alert fires, the money is already gone.
The entire industry has built fraud infrastructure around the same assumption: analyze first, act later. Machine learning models score transactions in milliseconds — impressive engineering. But the scoring happens after the transfer has been initiated. The wire is in motion. The crypto is moving. The disbursement has left the building.
You’re not preventing fraud. You’re documenting it.
You’re not preventing fraud. You’re documenting it. The model scores the transaction milliseconds after the money has already moved.
The reactive loop
Today — reactive:
- User initiates transfer
- Money moves
- System scores transaction
- Alert fires (maybe)
- Fraud team reviews
- Attempt recovery
- Money is gone
With Lorica — proactive:
- User initiates transfer
- Lorica verifies human
- JWT issued as proof
- Money moves (or doesn’t)
- Proof exists before transfer
The reactive loop is expensive. Chargebacks cost $15–100 each to process. Wire recall attempts succeed less than 30% of the time. Crypto transactions are irreversible by design. And every fraudulent transaction that makes it through erodes user trust in a way that no post-incident email can repair.
The fraud team isn’t failing. They’re working within a system that by design only gives them information after the damage is done.
Why scoring isn’t enough
Transaction scoring is valuable. It catches patterns. It flags anomalies. But it answers the question “does this transaction look suspicious?” — not “is the right person doing this?”
A fraudster using a compromised account can produce perfectly normal-looking transactions. Right amount range. Right time of day. Right geography. The ML model scores it low-risk because it looks exactly like something the real user would do. The only thing missing is the actual human.
Behavioral analytics help at the margins. Device fingerprinting helps at the margins. Neither of them can tell you with certainty that a specific person is physically present at the moment money moves. They’re probabilistic signals layered on top of a system that already let the action happen.
A perfect fraud score doesn’t mean the right human authorized the action. It means the action looked normal.
What prevention actually looks like
Prevention means verifying the human before the transaction executes — not scoring the transaction after it’s in flight. The verification has to be a gate, not a review.
When a developer integrates Lorica, the API call happens before the money moves. The user completes a biometric check — 292ms warm median — and the system returns a signed JWT confirming a live human authorized the specific action. If the check fails, the transaction never executes. There’s nothing to reverse, nothing to recover, nothing for the fraud team to review.
The JWT exists before the transaction, not after. It’s cryptographic proof created at the moment of authorization, not a risk score generated during settlement. If a dispute arises three months later, the token is there — timestamped, signed, and independently verifiable.
The cost math
A single Lorica verification is sub-cent latency. One API call. Under two seconds of user friction.
A single fraudulent wire costs five to six figures to investigate, attempt recovery, compensate the customer, file regulatory reports, and absorb the reputational damage. And recovery isn’t guaranteed — for crypto, it’s effectively impossible.
Recovery costs $50,000 and a customer.
The question isn’t whether biometric verification before high-risk actions adds friction. It does — two seconds of friction. The question is whether two seconds of friction is worth more than the reactive loop of scoring, flagging, reviewing, and recovering after the money has already moved.
Your fraud team is smart. Give them proof that exists before the transaction, not alerts that arrive after it.
Stop documenting fraud. Start preventing it.