OTP Bank

Qualysoft delivered a real-time fraud monitoring platform that scores transactions, triages alerts, and streamlines investigations—cutting false positives, accelerating response, and strengthening compliance across digital and card channels.

OTP Bank

Key Results

Real-time scoring and alerting for card, e-banking, and payments.
Fewer false positives through adaptive rules and ML-model integration.
Faster investigations with a unified case-management console and workflow.
End-to-end auditability for internal controls and regulatory reviews.
Cloud-native reliability and scale with containerized microservices.

Summary

Build a centralized platform to detect, prioritize, and investigate fraudulent activity in real time across multiple channels and products

Client

OTP Bank, a leading financial services provider in Central and Eastern Europe

Industry

Banking / Financial Services

Location

Europe

Size

Tier-1 regional bank with multi-country footprint

Services

Solution architecture, backend & frontend development, systems integration, DevOps/SRE, QA automation, rollout & training

Technologies

Java 11, Spring Boot, Oracle Database, Angular, Docker, Kubernetes, REST APIs

Allocated Team

Solution architect, Java/Spring engineers, Angular engineer(s), integration engineer, QA automation, DevOps/SRE, product owner proxy

Cooperation period / Project duration

Multi-phase rollout with continuous enhancements

Client Challenge

OTP Bank needed to move from siloed controls and manual reviews to a unified, real-time detection capability.

The platform had to connect to internal systems and third-party scoring engines, support adaptive rules, provide investigator tooling with strong audit trails, and scale elastically during traffic peaks.

In the same time, the platform needed to align with the latest security and privacy standards.

Qualysoft Solution
  • Real-Time Detection & Scoring – Spring Boot microservices ingest transaction events via REST, apply rules and call external scoring models; suspicious activity is flagged instantly.

  • Alert Triage & Case Management – Angular web app for analysts with queues, playbooks, evidence timelines, annotations, and role-based approvals; link to customer and account context.

  • Adaptive Controls – Centralized rules editor with AB testing and versioning; API hooks to plug in ML models for high-risk patterns and device/behavioral signals.

  • Integrations & Data – Oracle as the system of record for alerts, decisions, and audit logs; connectors to core banking, card switches, e-banking, KYC/identity, and third-party intelligence.

  • Reliability & Scale – Containerized services on Docker/Kubernetes with autoscaling, health checks, and blue/green deployments; centralized logging, metrics, and tracing.

  • Quality & Compliance – Automated tests (unit, API contract, regression), configurable retention policies, full audit trails, and separation of duties for investigator actions. 

Results
  • Reduced false positives and alert fatigue through better rules precision and model-assisted scoring.

  • Faster time-to-decision with prioritized queues, playbooks, and one-click dispositions.

  • Higher recovery and prevention rates via real-time interdiction (block/step-up auth) and post-event workflows.

  • Operational transparency with complete auditability of alerts, actions, and outcomes.

  • Future-ready platform that onboards new channels and models without disrupting production.