LAKESHORELABS
← All work

US Convenience-Store Chain (Texas) · FOUNDER TRACK RECORD

Real-time transaction anomaly detection

Streaming anomaly detection over point-of-sale transactions for a US convenience-store chain, flagging fraudulent activity in real time with time-series models.

2019 – 2021 completed
Real-time POS anomaly detection: store transaction streams scored by TensorFlow time-series models, flagged transactions routed to store operations, confirmed fraud fed back into the modelsREAL-TIME POS ANOMALY DETECTION / DATA FLOWMETAPRISE / 2019-2021STORE NETWORKPOS TERMINALSLANE EVENTSCARD AUTHEVENTSVOIDS / REFUNDSNO-SALESUS CONVENIENCE-STORE CHAIN / TXSTREAMING PIPELINESTREAM INGEST / EVENT BUSORDERED TX STREAMSLIDING FEATURE WINDOWSPER STORE / TERMINAL / CLERKFEATURE VECTORSANOMALY SCORERTENSORFLOW TIME-SERIES MODELSSUB-SECOND SCORING PATHSCORESDISPOSITION / ACTIONRISK ROUTERSCORE VS TSCORE ABOVE T / FLAGSTORE OPERATIONSALERT REVIEW + ACTIONBELOW T / PASSSETTLEMENTNORMAL FLOWCONFIRMED FRAUD + FALSE POSITIVE LABELSLABEL STORERETRAIN + THRESHOLD UPDATEMODEL UPDATEST: ADAPTIVE PER-STORE THRESHOLD, TUNED FROM CONFIRMED-FRAUD FEEDBACK

This project is part of our founder track record. It was delivered at Metaprise Systems between 2019 and 2021, before Lakeshore Labs was founded.

The challenge

A Texas convenience-store chain was bleeding margin through transaction fraud, and the worst part was the lag. Voided sales, suspicious refunds, no-sale drawer openings, and card-auth irregularities were scattered across many stores, each incident small enough to hide in the noise of normal trading. The losses only became visible at month-end reconciliation, weeks after the money was gone, when the trail back to a specific terminal, shift, or clerk had already gone cold.

Batch reporting could say what had happened, never what was happening. The brief was to close that gap: catch fraudulent activity while the register is still open, not after the books close.

What we built

A streaming pipeline, built in Python with TensorFlow time-series models, that scores every point-of-sale transaction in real time.

Stream ingest from the store network

Three event streams flow off the store network into a central event bus: POS terminal lane events, card-auth events, and the voids, refunds, and no-sales that fraud most often hides behind. The bus merges them into a single ordered transaction stream, one coherent timeline per store rather than three disconnected feeds.

Sliding feature windows per store, terminal, and clerk

Raw transactions are not enough to spot fraud; context is. The pipeline maintains sliding feature windows keyed at three levels: per store, per terminal, and per clerk. A refund that is unremarkable chain-wide can be a glaring outlier for one clerk on one lane during one shift. Windowing at all three levels lets the system learn what normal looks like for each entity individually, which is what makes low-and-slow fraud detectable at all.

TensorFlow time-series scoring

Feature vectors from the windows feed TensorFlow time-series models that produce an anomaly score for each transaction on a sub-second path. Real-time scoring is the point: a batch report can only document a loss, while a score delivered while the transaction is still warm gives store operations a chance to intervene during the same shift.

Risk router and human review

Scores pass through a risk router that compares each one against an adaptive per-store threshold. Transactions below the threshold continue to settlement untouched, so honest commerce never feels the system. Transactions above it are flagged to store operations for alert review and action. Humans stay in the loop deliberately: an anomaly score is evidence, not a verdict, and personnel decisions need a person behind them.

Confirmed-fraud retraining loop

Every reviewed alert produces a label, confirmed fraud or false positive, that lands in a label store. Those labels drive periodic retraining and per-store threshold updates, so the models sharpen on the chain’s actual fraud patterns over time and reviewers see fewer of the alerts that wasted their attention last quarter.

How it was delivered

The work was delivered at Metaprise Systems as an end-to-end engagement, from fraud-pattern discovery with the chain’s loss-prevention team through production operation. It began with historical transaction analysis to establish per-entity baselines and validate that the signal existed, moved to a live pilot on a subset of stores with the review loop in place, and then rolled out across the chain once thresholds had been tuned against real reviewer feedback. The retraining loop was part of the design from the start, so the system improved continuously in production rather than degrading after handover.

What shipped

The result was a shift in posture: fraud surfaced during the shift it occurred in rather than at month-end, with a system that kept getting better at telling the chain’s real anomalies from its ordinary noise.

PythonTensorFlowtime-series analysis

Want something like this running against your data?

Start a prototype sprint