Operational Security Assessment of Machine Learning Fraud Detection Systems: A Cybersecurity Perspective Using Stride, Explainability, and Anomaly Gating

Machine learning (ML) enables large-scale analysis of transaction data and has become integral to financial fraud detection. Despite strong predictive performance, ML-based systems remain vulnerable to adversarial manipulation and are often insufficiently aligned with cybersecurity evaluation practices. This paper introduces an operational security assessment framework that shifts the focus from model optimisation toward holistic security evaluation. The framework combines STRIDE threat modelling to systematically identify vulnerabilities such as spoofing, tampering, and denial-of-service. It uses SHapley Additive exPlanations (SHAP) to embed contextual, SOC-ready alerts into Security Information and Event Management (SIEM) workflows and an anomaly-gating mechanism using Isolation Forest to assess resilience against adversarial and out-of-distribution samples. Using the IEEE-CIS dataset as a case study, the framework revealed susceptibility to identity spoofing, sensitivity to targeted feature perturbations and operational bottlenecks under simulated denial-of-service conditions. For Anomaly gating though it reduced false positives and captured adversarial manipulations it also imposed significant recall trade-offs, underscoring the challenge of balancing detection coverage with workload reduction. Embedding SHAP into structured alerts improved interpretability and supported drift-based anomaly identification. The study concludes that effective fraud detection requires moving beyond accuracy-centric evaluation toward integrated methodologies combining threat modelling, explainability and resilience testing. The proposed framework provides a structured blueprint for strengthening the operational security and trustworthiness of ML-driven fraud detection systems.