Semi-Supervised Bayesian GANs with Log-Signatures for Uncertainty-Aware Credit Card Fraud Detection

Abstract

We present a novel deep generative semi-supervised framework for credit card fraud detection, formulated as a time series classification task. As financial transaction data streams grow in scale and complexity, traditional methods often require large labeled datasets and struggle with time series of irregular sampling frequencies and varying sequence lengths. To address these challenges, we extend conditional Generative Adversarial Networks (GANs) for targeted data augmentation, integrate Bayesian inference to obtain predictive distributions and quantify uncertainty, and leverage log-signatures for robust feature encoding of transaction histories. We propose a composite Wasserstein distance-based loss to align generated and real unlabeled samples while simultaneously maximizing classification accuracy on labeled data. Our approach is evaluated on the BankSim dataset, a widely used simulator for credit card transaction data, under varying proportions of labeled samples, demonstrating consistent improvements over benchmarks in both global statistical and domain-specific metrics. These findings highlight the effectiveness of GAN-driven semi-supervised learning with log-signatures for irregularly sampled time series and emphasize the importance of uncertainty-aware predictions.

1. Introduction

As technology evolves rapidly and the volume of financial transactions surges, digital banking is experiencing unprecedented growth. Consequently, financial systems are increasingly vulnerable to fraudulent activities, such as credit card or online payment fraud [1,2,3]. Reliable fraud detection has, therefore, become a priority for financial institutions. Traditional methods often rely on point estimates and require large amounts of labeled data [4]. Class imbalance is mainly approached through oversampling and undersampling techniques [5,6,7].

Existing methods can be broadly divided into two groups: classifiers using single-transaction features or sequential models that incorporate historical customer behavior [8,9]. The former often lack robustness, since what constitutes suspicious activities for one customer may be entirely normal for another. Sequential models usually rely on fixed-size time windows of transaction histories. Such windows may truncate long-term dependencies or, in the case of new accounts, include potentially misleading transactions from other customers. A more natural approach is to include each individual customer’s full transaction history. However, these transaction time series are usually irregularly sampled and vary in length, which cannot be handled easily by existing approaches, highlighting the need for effective feature extraction techniques.

Handcrafted features, typically derived from expert knowledge or general statistics, such as mean, variance, skewness, and kurtosis, have been widely studied and can provide insights (see e.g.,  [2,10]). However, they generally fail to capture the temporal order of transactions, which is essential in anomaly detection for time series. To address these limitations, we propose encoding transaction histories using (log-)signatures. Log-signatures provide a mathematical representation of a path, gradually encoding details until fully characterizing it under mild conditions. They are robust to irregular sampling frequencies and varying time series lengths [11].

Classical machine learning models for time series classification (TSC) [12] typically rely on large labeled datasets, which are often costly to acquire. Semi-supervised learning (SSL) mitigates this by leveraging abundant unlabeled data to learn representations that capture shared structures and reduce dependence on scarce labeled data [13]. In practice, however, fraud datasets are constrained not only by the lack of labels but also by a shortage of unlabeled samples, in addition to severe class imbalance. Consequently, data augmentation has become an essential component of regularization-based SSL and classification tasks [6]. Inspired by successes in computer vision and natural language processing [14], we extend generative SSL techniques to sequential financial data. As common augmentation methods, such as rotation and cropping, may disrupt temporal dependencies, we employ generative models for data augmentation.

Another key challenge in fraud detection is evaluation. Global measures such as ROC AUC or PR-AUC provide useful overall summaries, but they do not reflect operational constraints, where only a very small fraction of transactions can be manually reviewed. To address this, we introduce a dual evaluation framework combining standard global metrics with domain-specific head metrics. In particular, we evaluate based on Precision@K, Recall@K, and a cost-sensitive Expected Cost@K measure that incorporates the monetary impact of missed frauds and false alerts within the top K% of alerts ranked by fraud predictions. This enables comparison not only in terms of statistical performance but also in terms of real-world business impact.

Further, to quantify uncertainty in predictions, a vital aspect in high-risk areas such as fraud detection, we propose using Bayesian inference. In a Bayesian setting, a distribution is placed over network weights, resulting in a predictive distribution rather than point estimates. This allows fraud likelihood prediction while enabling uncertainty quantification. Such uncertainty is particularly valuable, as point estimates may appear highly confident, yet the underlying distribution can reveal substantial variance. By modeling this uncertainty, our approach provides calibrated confidence information and increases robustness in the top $K\%$ ranking of fraud predictions.

In this paper, we integrate recent advances in generative semi-supervised learning from computer vision to developments in credit card fraud detection. Specifically, we extend GAN-based SSL from the image domain to sequential transaction data. Our main contributions are as follows:

• We propose a composite loss that integrates supervised risk with a Wasserstein-based IPM in the log-signature space, designed to unify input dimensions, effectively capture temporal dependencies in transaction sequences, and minimize discrepancies between generated and real unlabeled samples, while maximizing classification accuracy on labeled data.
• We introduce a conditional generator to produce tailored augmentations by controlling categorical feature combinations (e.g., customer age or risk group), ensuring realistic and context-aware synthetic samples.
• We enhance generalization and robustness by integrating Bayesian inference over network weights, thereby providing predictive distributions and principled uncertainty estimates for fraud detection.
• We provide a comprehensive dual evaluation framework combining statistical and domain-specific, cost-sensitive metrics, ensuring practically relevant performance assessment.

Our approach is validated on the BankSim dataset [15] under varying proportions of labeled data. As access to real-world financial data is extremely restricted, due to privacy and regulatory concerns, many studies rely on simulated data. In particular, BankSim is an agent-based simulator designed to mimic real banking behavior and has become a widely adopted benchmark in this domain. Results demonstrate improvements over benchmark models in terms of both global and domain-specific head metrics, while providing distributional outputs and uncertainty measures.

The remainder of this paper is organized as follows: Section 2 reviews related literature on SSL and path signatures for time series modeling. Section 3 briefly recaps necessary background on GANs, Bayesian neural networks and log-signature. Section 4 introduces the proposed network architecture, loss functions and training procedure for our approach. Section 5 describes the BankSim dataset, outlines the evaluation process and presents the numerical results. Section 6 draws the conclusions and discusses directions for future work.

2. Literature Review

Semi-supervised Learning (SSL): Methods for extracting additional information from unlabeled data range from deep label propagation [16] to more recent approaches [17], unifying regularization with pseudo-labels into a single framework. Despite their successes, most of these methods were not initially designed for the TSC tasks, and therefore, ignore temporal relations [14].

SSL for Time Series: For time series data, SSL approaches typically fall into two categories: self-learning methods, where unlabeled samples are iteratively assigned pseudo-labels, and regularization-based methods that exploit shared structures across labeled and unlabeled data. Recent work explores enhanced data augmentation strategies [18] or training a model jointly for supervised classification on labeled data and an auxiliary forecasting task on all samples [19]. GAN-based techniques extend this line by regenerating signals and combining unsupervised representation learning with supervised loss components [20].

GAN-based SSL: Ref. [21] proposes labeling generated samples as a new $(K+1)$th class and solving a $(K+1)$-class classification problem using a GAN. Ref. [22] provides theoretical insights on suboptimal generators potentially improving SSL by moving the discriminator’s decision boundaries to high-density areas of the data manifold. As in an SSL framework, the discriminator might perform well, whereas the generator might still produce visually unrealistic samples [23] introduced Triple GAN, containing three neural networks. Three-player GANs for missing value imputation were proposed by [24]. Ref. [25] provides a comprehensive overview of SSL-GAN training enhancements and proposes semi-supervised GANs with spatial coevolution for image datasets. Ref. [26] used a WGAN-based semi-supervised approach for anomaly detection.

Signatures for feature engineering: Signatures, first introduced by [27] in the 50s, became widely recognized in the mathematical community through Terry Lyons’ development of Rough Path theory [28]. More recently, they gained considerable traction in the machine learning community. In particular (log-)signatures have emerged as non-parametric and mathematically principled dimension reduction technique for time series data [29], which has led to successful applications across a broad range of domains, including pricing derivatives [30], human action and gesture recognition [31,32] and more recently sports analytics [33]. In financial time series encoding and generative modeling, ref. [34] developed a market simulator trained on path signatures and [35] combined log-signatures with recurrent neural networks to learn neural stochastic differential equations. Other works exploit signatures to measure time series similarities [36], detect market anomalies [37] and enhance deep learning architectures, such as transformers for time series modeling and deep hedging [38,39].

3. Preliminary

3.1. Problem Setting

We formulate the fraud detection problem as a general classification task with K classes and two available datasets ${\mathcal{D}}_{ul}={\left\{x^{\left(i\right)}\right\}}_{i=1}^N$ of N unlabeled samples of multivariate time series, including continuous and categorical features and ${\mathcal{D}}_l={\{x_k^{\left(i\right)},y_k^{\left(i\right)}\}}_{i=1}^{N_l}$ a set of $N_l$ samples with the corresponding class labels $y_k^{\left(i\right)}$ where $k=1,\dots ,K$ indicates the class and $N_l\ll N$ holds. The goal of conditional GAN-based semi-supervised learning is to simultaneously train a generative model G to simulate samples $G(z,cond)$ given a latent input z and some condition $cond$. Those samples are used to train a classification model D on all available data ${\mathcal{D}}_l\cup {\mathcal{D}}_{ul}\cup \left\{x\right|x=G(z,cond)\}$, exploiting generative representation of the data to improve classification performance beyond what could be achieved using labeled data alone.

3.2. Wasserstein Generative Adversarial Networks (WGANs)

Introduced by [40] for image generation, GANs contain two neural networks playing a min-max game. They are trained simultaneously on each other’s feedback. While the first model, referred to as generator G, is a map that transports a latent distribution $p\left(z\right)$ to a model distribution $p_{model}$ to best approximate the real data distribution $p_{data}$, the second model, called discriminator D, classifies whether a given sample is real or generated.

Wasserstein GANs [41] use a continuous learning curve even for non-overlapping distributions. Therefore, the distance between distributions $\mu$ and $\nu$ is measured by the Wasserstein metric,

$$W_1(\mu ,\nu )=\underset{\gamma \in \Pi \left(\mu ,\nu \right)}{inf}{\mathbb{E}}_{(X,Y)\sim \gamma }\left[d(X,Y)\right],$$

where $\Pi \left(\mu ,\nu \right)$ denotes the set of all joint distributions with marginals $\mu$ and $\nu .$ Joint distributions cannot be observed from market data, hence the Kantorovich–Rubinstein dual representation

$$W_1\left(\mu ,\nu \right)=\underset{{\parallel f\parallel }_L\le 1}{sup}{\mathbb{E}}_{X\sim \mu }\left[f\left(X\right)\right]-{\mathbb{E}}_{Y\sim \nu }\left[f\left(Y\right)\right],$$

where ${\parallel .\parallel }_L$ denotes the Lipschitz norm, which is used for implementations. The test function f is approximated by a neural network D. To enforce Lipschitz continuity of D, ref. [41] proposed clipping the weights to a compactum $[-c,c]$ and [42] added a gradient penalty term penalizing D for gradients unequal to 1.

3.3. Bayesian Inference in GANs

Bayesian GANs were first introduced by [43] to model uncertainty and mitigate model collapse by enhancing the diversity of generated data samples. They propose placing prior distributions $p({\theta }_g,{\alpha }_g)$ and $p({\theta }_d,{\alpha }_d)$ with parameters ${\alpha }_g$ and ${\alpha }_d$ over network weights ${\theta }_g$ and ${\theta }_d$ and utilizing the Stochastic Gradient Hamiltonian Monte Carlo (SGHMC) [44] algorithm to marginalize the corresponding posterior distributions. For a latent vector z and an observed data sample X, they draw weight samples iteratively from the conditional posteriors by combining the network likelihood functions with chosen priors. During each iteration, batches of generated and unlabeled and all available labeled samples are used. Ref. [45] proposed a general framework for updating beliefs on $\theta$ given information x, minimizing the expected loss of $l(x,\theta )$, rather than the traditional likelihood functions, as follows

$${\theta }_0=arg\underset{\theta \in \Theta }{inf}\int l(\theta ,x)\mathrm{d}{F}_0\left(x\right),$$

where $F_0\left(x\right)$ is an unknown distribution from which i.i.d. observations arise. For prior beliefs $\pi \left(\theta \right)$ and x observed from $F_0$,

$$p(\theta \mid x)\propto exp\{-l(\theta ,x\left)\right\}p\left(\theta \right),$$

is a valid and coherent update to the posterior $p(·\mid x).$

3.4. Log-Signatures for Feature Encoding

Path signatures offer a unique and compact characterization of sequences while capturing their structural properties in a mathematically rigorous manner [46]. This property is particularly valuable when dealing with variable-length time series of irregularly sampled time intervals, as is typically the case for transaction data. First defined for continuous paths of bounded variation and later extended to discrete paths by linear interpolation [47], the signature transformation of a d-dimensional time series $x={\left(x_i\right)}_{i=1,\dots ,n}$ and its piece-wise linear interpolation $X={\left(X_t\right)}_{t\in [t_1,t_n]}$ with $X_{t_i}=x_i$ for $t_1,\dots ,t_n$ is defined as follows:

Definition 1.

For a continuous path with finite variation $X:[t_1,t_n]\to {\mathbb{R}}^d$ from a compact time interval $[t_1,t_n]$ to ${\mathbb{R}}^d$, the signature is defined by

$$S{\left(X\right)}_{[t_1,t_n]}{=(1,S\left(X\right)}_{[t_1,t_n]}^{\left(i\right)},\dots ,{\left.S{\left(X\right)}_{[t_1,t_n]}^{\left(i_1,\dots ,i_N\right)}\dots \right)}_{i_1,\dots ,i_N=1}^d,$$

where for any $\left(i_1,\dots ,i_k\right)\in {\{1,\dots ,d\}}^k$,

$$S{\left(X\right)}_{[t_1,t_n]}^{\left(i_1,\dots ,i_k\right)}={\int }_{t_1\le u_1<\dots <u_k\le t_n}\dots \int \mathrm{d}{X}_{u_1}^{i_1}\dots \mathrm{d}{X}_{u_k}^{i_k}\in \mathbb{R}.$$

The truncated signature of X of degree M is denoted as 

$$S_M{\left(X\right)}_{[t_1,t_n]}=\left(1,S{\left(X\right)}_{[t_1,t_n]}^{\left(1\right)},\dots ,S{\left(X\right)}_{[t_1,t_n]}^{\left(M\right)}\right).$$

The error made by the truncation at level M decays with factorial speed as $\mathcal{O}(1/M!)$; see [48]. Note that for piece-wise linear paths computation no longer requires integrals, but by Chen’s identity, they can be constructed directly from contributions of the individual line segments.

Log-signatures are parsimonious representations of signatures, removing redundancies and reducing the dimension compared with the signature [36]. According to the shuffle product ([47] (Theorem 1.14)), every polynomial function on signatures can be expressed as a linear combination of signature terms, which introduces repeated information, e.g., $S{\left(X\right)}_{s,t}^{i,i}={\displaystyle \frac{1}{2}}{\left(S{\left(X\right)}_{s,t}^i\right)}^2.$ These redundancies are removed by the log-signature, retaining the same information in fewer terms.

To define the log-signature, we recap the definition of the logarithm $log\left(a\right)$ of an element a in a Tensor algebra space.

Definition 2.

Let $a=(a_0,a_1,\dots ,a_n)$ be an element in a tensor algebra $T\left(\left({\mathbb{R}}^d\right)\right)$ such that $a_0=1$ and $t:=(a-1)$. Then, the logarithm is defined by,

$$log\left(a\right)=log(t+1)=\sum _{n=1}^{\infty }{\displaystyle \frac{{(-1)}^{n-1}}{n}}{t}^{\otimes n},\forall a\in T\left(\left({\mathbb{R}}^d\right)\right).$$

Definition 3.

The log-signature of a path $X:[t_1,t_n]\to {\mathbb{R}}^d$, denoted as $LogSig{\left(X\right)}_{[t_1,t_n]}$, is defined as the logarithm of the signature. The truncated log-signature of degree M is denoted by $LogSi{g}_M{\left(X\right)}_{[t_1,t_n]}$.

Log-signatures are robust to irregular sampling and uniquely determine the path up to tree-like equivalences [46]. A detailed discussion of the log-signature in machine learning, including its dimension reduction capabilities and suitable path augmentations to enrich the original path, is given by [11].

4. Proposed Model

To recap, our proposed GAN-based SSL approach relies on three main ideas: (1) Constructing a conditional generator to simulate meaningful samples by controlling for categorical feature combinations. (2) Introducing a novel loss function based on the Wasserstein distance and log-signatures that unifies input dimension and efficiently extracts temporal features of time series data to simultaneously minimize the discrepancy between real and generated unlabeled samples and classify real samples as a supervised learning task. (3) Placing distributions over network weights to avoid model collapse, enhance generalization of the discriminator and estimate the probability of the target variable rather than a point estimate.

4.1. Network Architecture

Generator: For the generator, we generate samples directly representing log-signatures of augmented transaction histories conditioned on a vector $cond$. Log-signatures provide fixed-length encodings of transaction histories that are irregularly sampled and vary in length, allowing both G and D to operate in a uniform feature space. Without this encoding, G would be limited to producing histories of fixed length, thereby reducing data variability. To ensure a suitable combination of categorical values, $cond$ is sampled from real training data. Formally, we train a network G that maps a latent vector z and a vector $cond=(c_1,\dots ,c_n)$ to an output $X_{fake}$ using tanh activation functions and residual layers defined as

Definition 4.

Let $F:{\mathbb{R}}^n\to {\mathbb{R}}^n$ be an affine transformation and ϕ a tanh function. Then, a residual layer $R:{\mathbb{R}}^n\to {\mathbb{R}}^n$ is defined by

$$R\left(x\right)=x+\varphi \circ F\left(x\right),$$

where ϕ is applied component-wise.

First, each categorical feature is passed through an embedding layer, which maps it to a vector with dimension, $emb\_dims=({\#}_{distinct}\left(c_1\right),\dots ,{\#}_{distinct}\left(c_n\right))$, determined by the number of distinct values of the feature in the training data, followed by a tanh activation function. Second, we concatenate the output with the latent vector and apply two residual layers followed by a tanh and a fully connected layer, as illustrated in Figure 1.

Discriminator: Similar to [43], we aim for a discriminator D that takes into account class labels. We, however, propose a discriminator that returns a vector of raw scores with values in ${\mathbb{R}}^{(K+1)}$ instead of estimating the probability that sample $x^{\left(i\right)}$ belongs to class $y^{\left(i\right)}$, where class label 0 represents a sample produced by the generator. To do so, we construct a feedforward neural network D using tanh activation functions and residual layers.

Further, if given a real sample X containing both time series data $ts$ and a categorical feature vector $cond=(c_1,\dots ,c_n)$, we add a preprocessing step to extract meaningful information. We first augment the time series using a time augmentation, a lead-lag augmentation and an invisibility-reset augmentation. Second, we apply a piece-wise linear interpolation and finally compute the truncated log-signature of order four. These augmentations follow prior literature on log-signature modeling [11,36] and ensure the uniqueness of the log-signature, capture information on the quadratic variation in the process and add extra information about the starting point. The truncation of order four is a widely used compromise [36]: higher truncation orders capture more path information, but also increase dimensionality, which can reduce efficiency and stability. In this case, the dimension of a d-dimensional time series increases to $2d+3$. A detailed overview of possible path augmentation and their classification is given by [11]. Finally, in the generator, each categorical feature is passed through an embedding layer, mapping it to a vector with dimension $emb\_dims=({\#}_{distinct}\left(c_1\right),\dots ,{\#}_{distinct}\left(c_n\right))$. Concatenating the embeddings with the log-signature yields a final 271-dimensional representation for each transaction history. This is applied consistently to both real and synthetic samples.

For a given log-signature of length l and a vector $cond$ of n categorical features, the discriminator network can be illustrated as Figure 1.

4.2. Loss Functions

Let ${\left\{x^{\left(i\right)}\right\}}_{i=1}^N$ be N unlabeled observations and ${\{x_k^{\left(i\right)},y_k^{\left(i\right)}\}}_{i=1}^{N_l}$ be $N_l$ labeled real samples with class labels $y_k^{\left(i\right)}\in \{1,\dots ,K\}$. We label generated data as class 0. For any given time series X, we form the augmented path and its truncated log-signature $\psi \left(X\right)={LogSig}_M\left(\mathrm{Aug}\left(X\right)\right)\in {\mathbb{R}}^d$.

Discriminator: Our network $D:{\mathbb{R}}^d\to {\mathbb{R}}^{K+1}$ outputs raw scores $D\left(\psi \left(X\right)\right)=(d_0,\dots ,d_K)$. For the discriminator we adopt a composite loss consisting of (i) a supervised classification part on labeled data, (ii) an unsupervised Wasserstein-style IPM term on real vs. generated samples and (iii) a gradient penalty ensuring 1-Lipschitz continuity of the network [42].

We use a fixed linear projection

$$T:{\mathbb{R}}^{K+1}\to \mathbb{R},T\left(x\right)={\mathbf{v}}^{\top }x,\mathbf{v}={\displaystyle \frac{1}{\sqrt{K+1}}}(1,-1,\dots ,-1),$$

which has operator norm ${\parallel T\parallel }_2={\parallel \mathbf{v}\parallel }_2=1$ to obtain the scalar critic $f_{\theta }=T\circ D_{\theta }$.

On labeled real samples, we train the class scores $(d_1,\dots ,d_K)$ with cross-entropy:

$$L_{labeled}=-{\displaystyle \frac{1}{N_l}}\sum _{i=1}^{N_l}\sum _{k=1}^K{y}_k^{\left(i\right)}log\left({\widehat{y}}_k^{\left(i\right)}\right),$$

with

$${\widehat{y}}_k^{\left(i\right)}={\displaystyle \frac{exp\left(d_k^{\left(i\right)}\right)}{{\sum }_{j=1}^{K}exp\left(d_j^{\left(i\right)}\right)}}$$

being the probability that sample $X^{\left(i\right)}$ belongs to class $y_k^{\left(i\right)}$.

On unlabeled real $X_r$ and generated $X_g=G(z;{\theta }_g)$ we minimize an Integral Probability Metric (IPM) estimated with the scalar critic $f_{\theta }$:

$$L_{unlabeled}={\displaystyle \frac{1}{n_d}}\sum _{i=1}^{n_d}{f}_{\theta }\left(\psi \left(X_g^{\left(i\right)}\right)\right)-{\displaystyle \frac{1}{n_d}}\sum _{i=1}^{n_d}{f}_{\theta }\left(\psi \left(X_r^{\left(i\right)}\right)\right).$$

By Kantorovich–Rubinstein duality [49], minimizing this objective is equivalent to maximizing the Wasserstein-1 distance in its dual formulation, restricted to the critic class $f_{\theta }=T\circ D_{\theta }$. We enforce 1-Lipschitzness of $f_{\theta }$ via a gradient penalty [42] on interpolated features $\widehat{\psi }\sim {\mathbb{P}}_i$:

$$\mathrm{GP}={\mathbb{E}}_{\widehat{\psi }\sim {\mathbb{P}}_i}\left[{\left({∥{\nabla }_{\widehat{\psi }}{f}_{\theta }\left(\widehat{\psi }\right)∥}_2-1\right)}^2\right].$$

Note this applies the penalty to the scalar $f_{\theta }$, avoiding ambiguity for vector outputs.

Finally, for a latent input z, a categorical vector $cond$, a sample X, scaling factors $\lambda$ and $\gamma$ and network weights ${\theta }_d$ and ${\theta }_g$ the loss function for the discriminator is defined as follows:

$$\begin{array}{cc}\hfill {\mathcal{L}}_D\left({\theta }_d\mid z,cond,X,{\theta }_g\right)& =L_{unlabeled}+\lambda L_{labeled}+\gamma GP\hfill \end{array}$$

Together, these components can be interpreted as follows: $L_{\mathrm{labeled}}$ performs empirical risk minimization on the scarce labeled data, $L_{\mathrm{unlabeled}}$ enforces distributional alignment between real and generated log-signatures through an IPM, which is a standard technique in semi-supervised learning and domain adaptation [21,50] while a gradient penalty $GP$ enforces the scalar critic remains 1-Lipschitz, a condition necessary for the IPM term to coincide with the Wasserstein–1 distance [42].

Generator: The generator is trained to generate samples that are classified as real by the scalar critic. Hence, for a latent input z, a categorical vector $cond$ and network weights ${\theta }_d$ and ${\theta }_g$, the loss for a mini-batch of $n_g$ samples is

$${\mathcal{L}}_G\left({\theta }_g\mid z,cond,{\theta }_d\right)=-{\displaystyle \frac{1}{n_g}}\sum _{i=1}^{n_g}{f}_{\theta }\left(\psi \left(X_g^{\left(i\right)}\right)\right).$$

Integral Probability Metric (IPM) and theoretical grounding: Our unlabeled objective can be formally understood as an Integral Probability Metric (IPM) in log-signature space. Given two distributions $p,q$ and a function class $\mathcal{F}$, the IPM is defined as 

$$d_{\mathcal{F}}(p,q)=\underset{f\in \mathcal{F}}{sup}\left|{\mathbb{E}}_{X\sim p}\left[f\left(X\right)\right]-{\mathbb{E}}_{X\sim q}\left[f\left(X\right)\right]\right|.$$

When $\mathcal{F}$ is the set of 1-Lipschitz functions, $d_{\mathcal{F}}$ equals the Wasserstein–1 distance by the Kantorovich–Rubinstein duality [49]. Our unlabeled loss takes the form

$$L_{\mathrm{IPM}}=\underset{f_{\theta }\in \mathcal{F}}{sup}\left({\mathbb{E}}_{X_r\sim p_{data}}\left[f_{\theta }\left(\psi \left(X_r\right)\right)\right]-{\mathbb{E}}_{X_g\sim p_{model}}\left[f_{\theta }\left(\psi \left(X_g\right)\right)\right]\right),$$

where $f_{\theta }=T\circ D_{\theta }$ is a scalar critic obtained by a fixed unit-norm projection T of the discriminator outputs. Since ${\parallel T\parallel }_2=1$, $f_{\theta }$ is 1-Lipschitz whenever $D_{\theta }$ is. In practice, the supremum is approximated by optimizing $\theta$ under a gradient penalty that enforces 1-Lipschitz. Thus $L_{\mathrm{IPM}}$ is an empirical estimate of $W_1(P_{\mathrm{real}},P_{\mathrm{gen}})$ restricted to this critic class, providing a principled Wasserstein-based IPM tailored to log-signature features rather than an ad-hoc design. Because T is fixed with ${\parallel T\parallel }_2=1$, $f_{\theta }$ is 1-Lipschitz whenever $D_{\theta }$ is, ensuring the constraint is enforced. In summary, the discriminator’s composite loss can be interpreted as supervised risk minimization regularized by a Wasserstein discrepancy under a Lipschitz constraint.

Beyond Wasserstein-based IPMs, widely used distributional discrepancy measures, including MMD [51] or f-divergences [52] could be incorporated into our framework without changing the overall architecture. In the context of signature features, however, mainly MMD- and Wasserstein-based objectives have been explored: for example, refs. [53,54] introduced MMD with a signature kernel, for statistical tests and training generative models, while [36,48] integrate the Wasserstein-1 distance directly in signature space for time-series generation. These works highlight that both families of metrics are principled options in signature space. We adopt the Wasserstein formulation because it is well established in the literature, offers stable training dynamics, and aligns naturally with the geometric representation provided by log-signatures. A broader empirical comparison with alternative divergences, including signature-based MMD, remains an interesting direction for future work.

4.3. Posterior Sampling

To approximate the posterior over network weights, we follow the general Bayesian updating framework (see Section 3.3) and employ Stochastic Gradient Hamiltonian Monte Carlo (SGHMC), introduced in [44]. SGHMC is very closely related to momentum-based stochastic gradient descent (SGD), but injects calibrated Gaussian noise to simulate posterior samples while using mini-batches for scalability. Hence, parameter settings, such as learning rate and momentum terms, can be imported from standard optimizers.

Following [43], we set parameters ${\alpha }_g$ and ${\alpha }_d$ for the prior distributions $p\left({\theta }_g\mid {\alpha }_g\right)$ and $p\left({\theta }_d\mid {\alpha }_d\right)$ of the generator and discriminator weights, respectively. Initial weights ${\left\{{\theta }_g^j\right\}}_{j=1}^{M{C}_g}$ and ${\left\{{\theta }_d^j\right\}}_{j=1}^{M{C}_d}$ are drawn from these priors and updated with SGHMC (see Algorithm 1) using $n_g$ noise samples ${\left\{z^{\left(i\right)}\right\}}_{i=1}^{n_g}$ from the latent distribution $p\left(z\right)$ and a mini-batch of $n_d$ real data samples $X_{real}=(ts,cond)$. Posterior samples yield predictive distributions; for evaluation against baselines, we use the posterior mean prediction in Section 5.5.1, while uncertainty analyses rely on the full posterior predictive in Section 5.5.3. For clarity, we present one SGHMC iteration in Algorithm 1 using a standard momentum-based SGD. In practice, consistent with [43], we achieved more stable performance using ADAM-style momentum updates within the SGHMC framework. Choosing a prior distribution is a crucial part of Bayesian inference, which often relies on expert knowledge. We avoid any exogenous assumptions or domain expert knowledge and follow the Glorot normal initialization [55] to maintain a high information flow across layers. Network weights are randomly drawn from a centered normal distribution

$$p\left({\theta }_g\right)\sim \mathcal{N}\left(0,{\sigma }_{\mathrm{prior}}^2{I}_J\right),$$

with variance

$${\sigma }_{\mathrm{prior}}^2=g^2·{\displaystyle \frac{2}{\mathrm{fan}\mathrm{in}+\mathrm{fan}\mathrm{out}}},$$

with scaling factor g and fan in and fan out denoting the input and output dimensions of a network layer. As we use small layers down to 32 nodes, we choose $g=1$ to keep the variance reasonably small. Hyperparameters were adopted from commonly used settings in the literature, with minimal additional tuning of the learning rate. Based on this tuning study

Table A2. Performance of our model under different learning rates. Values are reported as mean (standard deviation) across random unlabelings.

Learning Rate	Sample Size	Expected Cost	Macro F1	Cross-Entropy Loss
0.0001	2595	199,930 (12,345)	0.557 (0.030)	0.054 (0.005)
	5190	166,067 (6721)	0.600 (0.019)	0.043 (0.001)
	25,946	152,893 (650)	0.606 (0.008)	0.040 (0.000)
0.001	2595	126,633 (29,351)	0.702 (0.035)	0.071 (0.016)
	5190	72,263 (4378)	0.838 (0.003)	0.026 (0.001)
	25,946	66,377 (357)	0.859 (0.003)	0.020 (0.000)
0.005	2595	130,644 (39,320)	0.684 (0.053)	0.065 (0.017)
	5190	72,251 (3609)	0.832 (0.000)	0.027 (0.001)
	25,946	66,648 (632)	0.859 (0.004)	0.020 ( 0.000)

, we selected learning rates of 0.0001 for the generator and 0.005 for the discriminator in the final evaluation. The much higher learning rate for the discriminator D is based on the fact that it has to learn both classification and discrimination quickly, while the generator only learns through D’s signal [56]. The mini-batch size for both G and D is chosen as $n_g=n_d=2048$ and $\lambda =10.$ For efficiency, we run one chain and train the generator/discriminator with alternating update steps using $n_{critic}=5$ discriminator updates per one generator update for 1000 iterations. Convergence is monitored heuristically via stabilization of losses.

Algorithm 1 One training epoch of SGHMC with SGD-style update with friction term ${\alpha }_{g,d}$, learning rate ${\eta }_{g,d}$, $M{C}_g$ and $M{C}_d$ parallel running Markov Chains and previous posteriors samples ${\left\{{\theta }_g^j\right\}}_{j=1}^{M{C}_g}$ and ${\left\{{\theta }_d^j\right\}}_{j=1}^{M{C}_d}$.

for $j=1,\dots ,M{C}_g$ do    - sample noise batch ${\left\{z^{\left(m\right)}\right\}}_{m=1}^{n_g}$ from $p\left(z\right)$    - Update ${\theta }_g^j$ using SGHMC with $ϵ\sim \mathcal{N}(0,2{\alpha }_g{\eta }_{g}I)$: $$\begin{array}{c}{\theta }_g^j\leftarrow {\theta }_g^j+\nu ;\hfill \\ \nu \leftarrow (1-{\alpha }_g)\nu +{\eta }_g{\displaystyle \frac{\partial {\sum }_{k=1}l\left({\theta }_g^j\mid z,{\theta }_d^k\right)}{\partial {\theta }_g^j}}+ϵ\hfill \end{array}$$    - append ${\theta }_g^j$ to sample set. end for for $j=1,\dots ,M{C}_d$ do    for $i=1,\dots ,n_{critic}$ do      - sample a batch of real data real from $P_{\mathrm{data}}$: $X_{real}=\{X_{real}^{\left(1\right)},\dots ,X_{real}^{\left(n_d\right)}\}$      - sample noise batch $z={\left\{z^{\left(m\right)}\right\}}_{m=1}^{n_d}$ from $p\left(z\right)$.      - Generate $X_{fake}=G\left(z\right)$, hence $\mathbf{X}=X_{real}\cup X_{fake}$      - Update ${\theta }_d^j$ using SGHMC with $ϵ\sim \mathcal{N}(0,2{\alpha }_d{\eta }_{d}I)$: $$\begin{array}{c}{\theta }_d^j\leftarrow {\theta }_d^j+\nu ;\hfill \\ \nu \leftarrow (1-{\alpha }_d)\nu +{\eta }_d{\displaystyle \frac{\partial {\sum }_{k=1}l\left({\theta }_d^j\mid z,\mathbf{X},{\theta }_g^k\right)}{\partial {\theta }_d^j}}+ϵ\hfill \end{array}$$      - append ${\theta }_d^j$ to sample set.    end for end for

Our approach constitutes an approximate Bayesian treatment of neural network weights via SGHMC. The resulting predictive distributions provide uncertainty estimates, which are central in fraud detection (e.g., for thresholding or human review). While a non-Bayesian variant may yield sharper point estimates, it would lack principled uncertainty estimates. We, therefore, regard Bayesian inference as an integral design choice, rather than an optional module for ablation.

5. Empirical Evaluation

5.1. Dataset and Preprocessing

The BankSim dataset is publicly available on Kaggle [15] and simulates financial transactions over approximately six months, based on data provided by a bank in Spain. Because access to real banking records is restricted by privacy and regulatory constraints, BankSim has become a common benchmark in fraud detection research, providing a common ground for methodological comparison. While not including any personal or legally sensitive customer information, it effectively replicates realistic transaction patterns, comprising 594,643 records, of which 7200 are fraudulent transactions. As a result, it serves as a robust foundation for developing and evaluating fraud detection models, serving both academic researchers and practitioners. The dataset contains ten columns, including seven categorical (customer, age, gender, zipcodeOri, merchant, zipMerchant and category), two continuous (step and amount) and a fraud label. Importantly, BankSim inherently exhibits irregular sampling, as customers’ transactions are executed at uneven intervals, and histories vary in length and frequency. This naturally evaluates an approach’s ability to handle missing and non-uniform temporal information.

In this paper, we do not work directly with single transaction features but rather formulate the fraud detection problem as a time series classification task. We, therefore, group transactions based on customer, resulting in a dataset of 4112 individual customers, of which 12 were excluded due to missing gender. Out of the remaining 4100 customers, 1479 contain fraudulent transactions. Each customer has conducted between 5 and 265 transactions of up to 8330 Euros. Since our sequential model requires a minimum transaction history before making predictions, we begin predicting after the first four transactions, ensuring each customer contributes at least one labeled sample. After an initial investigation, we observed that common transaction-level models such as Random Forest exhibit a disproportionately high dependence on the amount feature. In fact, merely scaling this single variable substantially changed the results, indicating a lack of robustness to variations such as different currencies (see

Table A1. Performance of baseline models with and without scaling of the amount feature. Values are means across random unlabelings.

${\mathit{N}}_{\mathit{l}}$	Metric	NB		LReg		LReg-SSL		KNN		SVM		RF
		Unscaled	Scaled	Unscaled	Scaled	Unscaled	Scaled	Unscaled	Scaled	Unscaled	Scaled	Unscaled	Scaled
2595	Macro F1	0.640	0.013	0.532	0.215	0.505	0.376	0.536	0.499	0.640	0.497	0.691	0.558
	CEL	1.332	33.987	0.048	8.163	0.094	5.105	0.333	0.373	0.048	0.062	0.046	0.488
	PR-AUC	0.498	0.506	0.155	0.558	0.194	0.577	0.163	0.035	0.417	0.082	0.661	0.277
3893	Macro F1	0.639	0.013	0.530	0.200	0.510	0.314	0.548	0.502	0.692	0.508	0.725	0.612
	CEL	1.371	33.992	0.047	8.509	0.087	6.926	0.316	0.365	0.042	0.062	0.044	0.493
	PR-AUC	0.503	0.506	0.187	0.548	0.236	0.548	0.214	0.056	0.500	0.166	0.683	0.355
5190	Macro F1	0.641	0.013	0.531	0.366	0.515	0.329	0.548	0.502	0.728	0.515	0.742	0.530
	CEL	1.334	33.992	0.045	5.117	0.082	6.125	0.301	0.361	0.035	0.061	0.044	0.507
	PR-AUC	0.505	0.506	0.209	0.610	0.254	0.557	0.239	0.062	0.580	0.229	0.696	0.369
12,973	Macro F1	0.643	0.013	0.580	0.152	0.548	0.338	0.600	0.511	0.800	0.520	0.817	0.471
	CEL	1.313	33.998	0.042	14.521	0.067	4.416	0.265	0.344	0.031	0.060	0.040	0.596
	PRAUC	0.505	0.506	0.300	0.528	0.338	0.573	0.359	0.100	0.663	0.212	0.754	0.440
25,946	Macro F1	0.645	0.013	0.617	0.229	0.560	0.225	0.644	0.525	0.822	0.522	0.837	0.597
	CEL	1.295	33.997	0.038	6.422	0.057	11.258	0.242	0.329	0.029	0.060	0.038	0.546
	PR-AUC	0.504	0.506	0.384	0.568	0.407	0.524	0.443	0.146	0.688	0.191	0.772	0.518

). To address this and ensure fair comparability, we trained all models, except the sequential baseline, on our prepared log-signature data. This further allows each model to exploit the richer information contained in customers’ transaction histories, rather than relying on isolated single transactions.

We remove all identifiers for cardholders and merchants to encourage generalization and only keep a small set of raw features comparable to previous work [2,10]. We prepare the continuous features,

• step difference: Elapsed time since last transaction,
• amount: Amount of money involved in the transaction,

• and divide them by their maximum values in the train dataset, augment the path using a time augmentation, a lead-lag augmentation and an invisibility-reset augmentation and compute the log-signature of order four of the complete customer’s prefix history. Further, we add the categorical features:

• age: Most recent age category of the customer,
• gender: Most recent gender of the customer,
• risk level: Risk level of the customer. A customer’s risk level at time t is determined as the weighted average of its past transaction risk levels up to t, weighted by the sequential order of the transactions.

• Risk level categories are derived once from the training set and then applied consistently across both training and test sets. Transactions are grouped into five broad categories according to fraud prevalence: [0,2], (2,10], (10,30], (30,50], and (50,100] percent. This serves as a domain-driven dimensionality reduction step: instead of passing raw categorical identifiers, which would lead to a sparse feature space, we map them into a small number of stable, interpretable groups. The result is a categorical feature (level 1–5) reflecting typical expert practice in applied fraud detection, where transaction categories are routinely segmented into low- and high-risk bands.

5.2. Baseline Models

In addition to our proposed approach, we trained a diverse set of benchmark models for comparison. These include both traditional supervised machine learning classifiers and semi-supervised extensions. Following previous work in fraud detection [57], we selected nine representative baseline models covering linear, non-linear, tree-based and neural structures.

As classical benchmarks, we trained a Naive Bayes (NB), a logistic regression (LReg), a k-nearest neighbour (KNN) and a support vector machine (SVM). We further include a random forest as a widely used ensemble method in fraud detection and a fully supervised feed-forward neural network (FNN). The FNN uses the same architecture as our discriminator (see Figure 1), except the final layer produces two logits and the model is trained with standard cross-entropy loss. For a semi-supervised baseline, we include a self-training variant of logistic regression (LReg-SSL), utilizing the semi-supervised wrapper available in the scikit-learn Python package [58] and a Mean Teacher (MT) model [59] using the same architectures as our discriminator network.

While sequential models such as GRUs [60] are widely applied to sequential data, they face well-known limitations when histories are irregularly sampled and of variable length [61]. Their use typically requires ad hoc preprocessing (e.g., windowing, padding, time embeddings), or complex architectural adaptations. For completeness, we include a GRU baseline as a representative sequential model to provide a point of comparison. Peak performance from GRUs, however, typically requires substantial tuning and tailored design choices, which we explicitly leave for future work. Our focus here is on demonstrating that our Bayesian log-signature GAN naturally handles irregular sequences without imposing artificial structure.

5.3. Evaluation Procedure

Evaluating the performance of semi-supervised models requires special caution due to factors such as the selection of the labeled data points [14]. Ref. [62] provides guidelines for the realistic evaluation of semi-supervised models to guarantee unbiased and fair comparison results. This improved procedure includes splitting a fully labeled dataset $\mathcal{D}$ into a small labeled dataset ${\mathcal{D}}_l$ and a large unlabeled dataset ${\mathcal{D}}_{ul}$ with artificial unlabeling of randomly drawn samples. By varying the amount of labeled samples, we obtain insights into how performance decreases in very limited label regimes.

For our primary setting, we aim for a 90/10 split in ${\mathcal{D}}_{train}$ and ${\mathcal{D}}_{test}$ in a customer-disjoint manner, mirroring deployment conditions where models encounter previously unseen customers. To approximate stratification, we apply a greedy algorithm assigning customers, beginning with those having the highest number of fraud or non-fraud cases, but due to fraud clustering, this reduces test-set prevalence from around 1% to around 0.45%. To stress-test robustness, we, therefore, also report results using a stratified split in Appendix D, which preserves the global prevalence. Customer identifiers are excluded from the features, so the models cannot directly exploit customer identity. Together, these results illustrate both a realistic deployment case (customer-disjoint) and the general performance potential of the models (stratified), ensuring that our conclusions remain robust across alternative splitting strategies.

We train each model $f(·|\theta )$ on ${\mathcal{D}}_{train}$ with varying amounts of labeled samples $N_l\in \{2594,3890,5187,12,965,25,930\}.$ Model performance is compared on ${\mathcal{D}}_{test}$. To stress-test robustness against unfavorably selected labeled samples, we repeat the unlabeling step $\mathcal{D}=({\mathcal{D}}_l,{\mathcal{D}}_{ul})$ five times, which is also in line with [18]. All reported means and standard deviations are computed across these five unlabelings, capturing sensitivity to the choice of labeled subset rather than training stochasticity or test set uncertainty.

5.4. Performance Metrics

Performance evaluation is particularly important for highly imbalanced datasets such as those encountered in fraud detection [1]. In this setting, only a very small fraction of transactions can be manually investigated or automatically blocked, meaning that model performance in the head of the ranked distribution is of primary interest. Recent work by [63] has shown that the choice of evaluation methodology often has a greater impact on reported performance than model complexity itself.

In this work, we adopt a comprehensive set of evaluation metrics combining standard global measures for imbalanced data with domain-specific, cost-sensitive metrics. The global measures include area under the precision recall curve (PR-AUC), macro F1 score and cross-entropy loss. Although providing an initial overview of overall performance, such global metrics are less informative in practice because they aggregate over thresholds that are rarely relevant for real-world operation [1]. To address these limitations, and in line with common practice in information retrieval [64] and fraud detection research [1,10], we complement them with the head metrics Precision@K, Recall@K, partial PR-AUC, and Expected Cost@K to directly reflect operational constraints. Let TP, FP, TN, FN denote the number of true positives, false positives, true negatives and false negatives, respectively. Then precision and recall are defined as $\mathrm{Precision}=\mathrm{TP}/(\mathrm{TP}+\mathrm{FP})$ and $\mathrm{Recall}=\mathrm{TP}/(\mathrm{TP}+\mathrm{FN})$. The F1 score combines them as

$$\begin{array}{cc}\hfill \mathrm{F}1& =2{\displaystyle \frac{\mathrm{Precision}·\mathrm{Recall}}{\mathrm{Precision}+\mathrm{Recall}}}={\displaystyle \frac{2\mathrm{TP}}{2\mathrm{TP}+\mathrm{FP}+\mathrm{FN}}}.\hfill \end{array}$$

The macro F1 score is obtained by averaging the F1 scores for the two classes (fraud and non-fraud), ensuring equal importance of both despite the class imbalance. The PR curve plots precision as a function of recall and PR-AUC, denoting the area under this curve, summarizing performance across thresholds.

Beyond point classification, we also assess the quality of predictive distributions using the cross-entropy loss. For N transactions, it is given by

$$\mathrm{Cross}-\mathrm{Entropy}=-{\displaystyle \frac{1}{N}}\sum _{i=1}^N\left({\mathbb{1}}_{\left\{a_i=fraud\right\}}·log\left(f_i\right)+(1-{\mathbb{1}}_{\left\{a_i=fraud\right\}})·log(1-f_i)\right),$$

where $f_i$ denotes the predicted probability that transaction $a_i$ is fraudulent.

To focus on the operationally most relevant part of the distribution, we evaluate head metrics with respect to the top $K\%$ of transactions ranked by predicted fraud probability. Particularly,

$$\begin{array}{cc}\hfill \mathrm{Precision}@\mathrm{K}& ={\displaystyle \frac{{\mathrm{TP}}_{@K}}{{\mathrm{TP}}_{@K}+{\mathrm{FP}}_{@K}}},\hfill \\ \hfill \mathrm{Recall}@\mathrm{K}& ={\displaystyle \frac{{\mathrm{TP}}_{@K}}{{\mathrm{TP}}_{@K}+{\mathrm{FN}}_{@K}}},\hfill \end{array}$$

where ${\mathrm{TP}}_{@K}$ and ${\mathrm{FP}}_{@K}$ denote the number of true and false positives within the top $K\%$ and ${\mathrm{FN}}_{@K}$ denotes the false negatives outside of this subset. We additionally employ partial PR-AUC, a restricted variant of standard PR-AUC. Instead of integrating precision over the full recall range $[0,1]$, partial PR-AUC is computed only over a recall interval $[0,r]$ for fixed $r<1$ as,

$$\mathrm{Partial}{\mathrm{PR}-\mathrm{AUC}}_r={\int }_0^{r}P\left(s\right)ds,$$

where $P\left(s\right)$ denotes the precision at recall level s. This restriction reflects the reality that financial institutions rarely operate at very high recall values due to limited investigation capacity. By focusing on realistic recall ranges, partial PR-AUC better reflects the ranking quality of models in the operational regime.

Finally, to incorporate financial impact, we adopt Expected Cost@K in line with cost-sensitive learning frameworks [10,65]. A false negative (missed fraud) is assigned the full amount (${\alpha }_a=1$), representing reimbursement to the customer, whereas a false positive (legitimate transaction flagged as fraud) is assigned a fixed fraction ${\alpha }_2=0.02$ of the transaction, representing the lost transaction fees and operational overhead. For transaction amounts $a_i$ this yields,

$$\mathrm{Cos}\mathrm{t}@\mathrm{K}={\alpha }_1\sum _{i\in {\mathrm{FN}}_{@K}}{a}_i+{\alpha }_2\sum _{i\in {\mathrm{FP}}_{@K}}{a}_i.$$

This cost-based measure enables direct comparison of models in terms of their business impact, complementing the global statistical metrics.

5.5. Numerical Results

5.5.1. Discriminative Performance Evaluation

We evaluate the performance of all trained models using labeled subsets of size $N_l\in \{2594,3890,5187,12,965,25,930\}$, corresponding to 0.5%, 0.75%, 1%, 2.5% and 5% of available training samples. The labeled subsets were randomly selected while preserving the original class distribution, resulting in $N_f=31,46,62,153,306$ fraudulent transactions, respectively. To obtain a global comparison across different training sizes, we report three complementary metrics, namely macro F1, PR-AUC and cross-entropy loss (CEL) (see Section 5.4). These capture balanced classification performance across classes, ranking quality under class imbalance and probabilistic calibration. As expected, we observe higher volatility across all metrics and models for smaller labeled subsets, with performance stabilizing as $N_l$ increases. Further, the fully supervised neural network (FNN) displays a steeper performance curve, gradually catching up, and in some cases surpassing our semi-supervised model as the amount of labeled data grows and the benefit of semi-supervised learning diminishes.

Macro F1 results are reported in

Table 1. Macro F1 scores across models and training sizes. Values are mean (standard deviation). Best values are in bold.

${\mathit{N}}_{\mathit{l}}$	NB	LReg	LReg-SSL	KNN	SVM	RF	FNN	Our Model	GRU	MT
2594	0.717 (0.03)	0.518 (0.01)	0.510 (0.01)	0.500 (0.00)	0.606 (0.09)	0.761 (0.04)	0.817 (0.02)	0.832 (0.01)	0.775 (0.04)	0.611 (0.05)
3890	0.750 (0.01)	0.523 (0.01)	0.508 (0.01)	0.518 (0.02)	0.645 (0.07)	0.763 (0.04)	0.822 (0.03)	0.843 (0.01)	0.756 (0.02)	0.587 (0.04)
5187	0.782 (0.03)	0.525 (0.01)	0.506 (0.00)	0.533 (0.04)	0.698 (0.06)	0.760 (0.04)	0.826 (0.02)	0.849 (0.01)	0.741 (0.03)	0.587 (0.06)
12,965	0.799 (0.02)	0.552 (0.01)	0.532 (0.01)	0.591 (0.07)	0.786 (0.02)	0.809 (0.04)	0.860 (0.01)	0.854 (0.01)	0.756 (0.03)	0.606 (0.06)
25,930	0.809 (0.01)	0.563 (0.01)	0.539 (0.00)	0.635 (0.06)	0.827 (0.01)	0.845 (0.02)	0.864 (0.01)	0.855 (0.01)	0.766 (0.02)	0.625 (0.06)

. Across all sample sizes, either our proposed approach or the FNN achieved the highest scores.

In terms of CEL, our model consistently outperformed all benchmark models across all labeled training sizes (

Table 2. Cross-entropy loss across models and training sizes. Values are mean (standard deviation). Best values per row are in bold.

${\mathit{N}}_{\mathit{l}}$	NB	LReg	LReg-SSL	KNN	SVM	RF	FNN	Our Model	GRU	MT
2594	0.284 (0.06)	0.024 (0.00)	0.043 (0.00)	0.137 (0.02)	0.022 (0.00)	0.019 (0.00)	0.021 (0.00)	0.013 (0.00)	0.034 (0.00)	0.024 (0.01)
3890	0.216 (0.03)	0.024 (0.00)	0.040 (0.00)	0.139 (0.01)	0.020 (0.00)	0.019 (0.00)	0.018 (0.00)	0.012 (0.00)	0.030 (0.00)	0.034 (0.01)
5187	0.162 (0.06)	0.023 (0.00)	0.038 (0.00)	0.136 (0.02)	0.018 (0.00)	0.020 (0.00)	0.017 (0.00)	0.011 (0.00)	0.027 (0.00)	0.035 (0.01)
12,965	0.135 (0.03)	0.021 (0.00)	0.031 (0.00)	0.132 (0.01)	0.015 (0.00)	0.019 (0.00)	0.011 (0.00)	0.011 (0.00)	0.023 (0.00)	0.034 (0.00)
25,930	0.127 (0.01)	0.020 (0.00)	0.027 (0.00)	0.122 (0.01)	0.014 (0.00)	0.017 (0.00)	0.010 (0.00)	0.010 (0.00)	0.020 (0.00)	0.031 (0.00)

). However, we again observe a narrowing gap as the FNN benefits from larger datasets.

For PR-AUC, our model achieved the highest scores for low amounts of labeled data, whereas FNN and RF take over when more labeled training data become available (see

Table 3. PR-AUC across models and training sizes. Values are mean (standard deviation). Best values per row are in bold.

${\mathit{N}}_{\mathit{l}}$	NB	LReg	LReg-SSL	KNN	SVM	RF	FNN	Our Model	GRU	MT
2594	0.555 (0.02)	0.322 (0.03)	0.265 (0.09)	0.259 (0.06)	0.569 (0.08)	0.655 (0.06)	0.660 (0.03)	0.678 (0.02)	0.189 (0.06)	0.499 (0.11)
3890	0.572 (0.02)	0.343 (0.04)	0.345 (0.02)	0.246 (0.10)	0.618 (0.05)	0.654 (0.06)	0.666 (0.05)	0.696 (0.02)	0.218 (0.07)	0.471 (0.06)
5187	0.602 (0.03)	0.363 (0.02)	0.389 (0.03)	0.262 (0.12)	0.628 (0.05)	0.677 (0.05)	0.674 (0.04)	0.708 (0.02)	0.299 (0.07)	0.472 (0.08)
12,965	0.620 (0.02)	0.415 (0.02)	0.476 (0.01)	0.342 (0.12)	0.635 (0.02)	0.730 (0.02)	0.730 (0.03)	0.726 (0.02)	0.411 (0.05)	0.499 (0.08)
25,930	0.629 (0.01)	0.485 (0.01)	0.544 (0.01)	0.399 (0.06)	0.651 (0.01)	0.758 (0.02)	0.744 (0.01)	0.726 (0.02)	0.447 (0.02)	0.511 (0.05)

).

While the given global metrics provide a useful statistical model comparison, in financial fraud detection, the expected financial cost of errors is often more relevant in practice. Therefore, we adopt Expected Cost@K as our primary domain-specific metric, where K controls the fraction of transactions to be blocked or investigated. A visual comparison for $K=0.5\%$ is given in Figure 2. Our model achieved the lowest expected cost, reducing financial cost relative to the statistically strong RF baseline by approximately 24–44% across labeled training sizes. Moreover, our approach exhibits the smallest variance across unlabelings, indicating higher generalization ability and stability compared with baselines. A detailed comparison for multiple values of K is reported in

Table A3. Expected Cost@K for different models, training sizes and values of K. Values reported as mean (standard deviation) in thousands. Bold values indicate the best result per row.

K	${\mathit{N}}_{\mathit{l}}$	NB	LReg	LReg-SSL	KNN	SVM	RF	FNN	Our Model	GRU	MT
0.1	2594	110.4 (10.8)	89.1 (5.4)	88.6 (9.5)	107.4 (8.7)	61.3 (3.2)	75.0 (7.5)	57.7 (2.0)	57.2 (1.2)	86.6 (8.3)	94.4 (19.7)
	3890	116.4 (3.9)	84.2 (4.8)	81.6 (5.9)	107.8 (8.7)	57.9 (1.0)	72.3 (4.2)	64.0 (14.6)	60.8 (9.3)	91.8 (3.0)	79.4 (6.3)
	5187	104.9 (6.5)	82.1 (4.4)	76.1 (1.8)	103.8 (9.6)	58.3 (1.2)	73.1 (5.4)	67.4 (12.5)	57.5 (2.0)	92.2 (8.2)	78.0 (9.3)
	12,965	101.7 (7.5)	76.0 (1.1)	68.3 (1.5)	97.9 (6.4)	57.0 (0.6)	70.8 (6.1)	66.3 (13.1)	56.8 (9.3)	90.2 (9.3)	76.8 (9.1)
	25,930	104.2 (5.4)	69.3 (1.3)	66.1 (1.7)	97.4 (13.3)	56.9 (0.4)	67.0 (4.2)	64.8 (11.1)	56.1 (0.4)	88.7 (3.2)	74.7 (5.7)
0.2	2594	94.8 (11.8)	81.3 (6.2)	80.2 (8.9)	100.4 (4.6)	41.5 (8.2)	46.4 (4.0)	31.2 (1.1)	31.0 (0.7)	59.2 (16.6)	75.4 (5.1)
	3890	98.0 (12.5)	72.5 (7.4)	71.7 (3.8)	90.7 (11.7)	35.0 (2.3)	47.2 (4.7)	39.1 (13.9)	33.6 (5.2)	71.3 (7.9)	69.7 (3.4)
	5187	81.0 (8.4)	66.4 (4.4)	66.2 (4.5)	93.0 (11.2)	33.8 (1.8)	45.1 (4.9)	41.1 (10.6)	31.6 (1.3)	61.7 (10.2)	62.3 (5.6)
	12,965	77.3 (12.9)	58.0 (2.1)	55.2 (3.8)	84.7 (7.3)	32.4 (0.8)	42.1 (3.0)	40.0 (12.3)	30.7 (1.3)	62.0 (17.5)	62.8 (8.3)
	25,930	80.6 (10.7)	53.9 (0.5)	47.3 (2.3)	76.8 (7.4)	32.1 (0.6)	40.7 (1.2)	33.7 (3.9)	30.0 (0.8)	60.7 (8.8)	64.8 (3.2)
0.5	2594	56.3 (22.9)	61.1 (7.4)	64.0 (13.1)	95.7 (9.4)	18.3 (3.9)	17.9 (7.5)	12.9 (1.2)	12.4 (1.1)	20.4 (5.3)	60.6 (8.9)
	3890	60.8 (16.6)	56.7 (7.4)	53.3 (1.7)	83.8 (12.9)	15.1 (1.4)	16.3 (6.7)	14.3 (4.9)	11.5 (0.9)	26.3 (3.3)	59.4 (6.5)
	5187	33.4 (19.8)	51.6 (1.8)	49.6 (2.3)	79.7 (16.6)	14.2 (2.1)	13.9 (4.7)	13.7 (2.5)	10.3 (0.9)	28.9 (10.9)	47.6 (3.1)
	12,965	20.4 (9.8)	48.3 (1.4)	35.8 (2.8)	66.5 (17.1)	13.3 (1.0)	11.2 (3.0)	9.5 (1.5)	9.3 (1.0)	27.2 (10.5)	39.6 (3.7)
	25,930	17.6 (4.2)	36.6 (1.9)	27.4 (1.6)	53.6 (10.5)	12.4 (1.0)	11.5 (2.2)	8.4 (1.1)	8.7 (0.3)	21.8 (2.8)	34.3 (5.5)
1.0	2595	10.9 (4.9)	58.2 (5.3)	58.0 (15.4)	93.9 (9.9)	13.1 (3.8)	6.6 (1.5)	10.0 (0.8)	9.3 (1.1)	13.7 (3.4)	58.3 (10.1)
	3890	8.6 (0.6)	53.6 (4.7)	49.3 (2.4)	82.7 (13.3)	11.1 (2.1)	6.3 (2.2)	10.1 (0.9)	8.2 (1.0)	13.5 (1.8)	53.0 (12.4)
	5187	8.6 (0.6)	49.6 (0.6)	46.6 (1.6)	79.4 (16.7)	10.0 (1.8)	5.3 (0.9)	9.6 (0.6)	7.7 (1.3)	15.4 (2.2)	43.5 (6.4)
	12,965	8.3 (0.9)	46.9 (0.8)	31.1 (2.0)	66.4 (17.2)	9.6 (0.7)	5.8 (1.4)	7.2 (1.0)	7.2 (1.2)	15.3 (2.9)	34.2 (4.7)
	25,930	8.1 (0.2)	34.1 (1.3)	23.9 (2.8)	53.6 (10.6)	9.6 (0.8)	5.5 (1.1)	6.7 (0.8)	7.0 (0.6)	13.8 (3.6)	26.0 (1.7)

.

For the main evaluation, we fix the penalty weights for false negatives and false positives to ${\alpha }_1=1$ and ${\alpha }_2=0.02$, respectively. To assess robustness, we additionally vary $\alpha =({\alpha }_1,{\alpha }_2)$ across four alternative settings. The full results, including comparisons across labeled training sizes and multiple K values, are reported in Figure A1, where the relative ranking remains stable across settings.

We further report Precision@K for $K=0.5$ in

Table 4. Precision@K for $K=0.5$ for different models and training sizes. Values are mean (standard deviation). Bold numbers indicate the best performance per row.

${\mathit{N}}_{\mathit{l}}$	NB	LReg	LReg-SSL	KNN	SVM	RF	FNN	Our Model	GRU	MT
2594	0.429 (0.16)	0.420 (0.02)	0.318 (0.11)	0.175 (0.11)	0.571 (0.07)	0.596 (0.07)	0.616 (0.03)	0.628 (0.02)	0.543 (0.06)	0.277 (0.11)
3890	0.388 (0.12)	0.419 (0.04)	0.413 (0.03)	0.189 (0.09)	0.592 (0.02)	0.610 (0.07)	0.629 (0.04)	0.641 (0.02)	0.517 (0.04)	0.282 (0.07)
5187	0.550 (0.07)	0.436 (0.03)	0.431 (0.03)	0.206 (0.12)	0.599 (0.04)	0.634 (0.07)	0.631 (0.03)	0.654 (0.02)	0.494 (0.05)	0.374 (0.07)
12,965	0.598 (0.04)	0.462 (0.02)	0.494 (0.01)	0.268 (0.13)	0.597 (0.02)	0.688 (0.02)	0.670 (0.03)	0.662 (0.02)	0.524 (0.04)	0.470 (0.02)
25,930	0.614 (0.02)	0.512 (0.01)	0.548 (0.01)	0.349 (0.07)	0.611 (0.01)	0.700 (0.02)	0.674 (0.01)	0.659 (0.01)	0.539 (0.03)	0.499 (0.04)

. Our model achieved higher scores for limited labeled sample sizes, whereas the FNN and RF gradually overtook as more labeled samples became available. Full results for additional k values are presented in

Table A4. Precision@K for different models, training sizes and values of K. Values reported as mean (standard deviation). Bold values indicate the best result per row.

K	${\mathit{N}}_{\mathit{l}}$	NB	LReg	LReg-SSL	KNN	SVM	RF	FNN	Our Model	GRU	MT
0.1	2594	0.524 (0.32)	0.690 (0.03)	0.645 (0.15)	0.486 (0.22)	0.955 (0.02)	0.955 (0.03)	0.966 (0.00)	0.966 (0.00)	0.810 (0.16)	0.497 (0.18)
	3890	0.352 (0.22)	0.690 (0.02)	0.710 (0.09)	0.355 (0.15)	0.966 (0.00)	0.945 (0.05)	0.969 (0.01)	0.966 (0.00)	0.797 (0.10)	0.617 (0.16)
	5187	0.638 (0.23)	0.686 (0.01)	0.783 (0.09)	0.383 (0.14)	0.962 (0.01)	0.938 (0.03)	0.966 (0.00)	0.966 (0.00)	0.803 (0.15)	0.666 (0.14)
	12,965	0.586 (0.09)	0.700 (0.02)	0.914 (0.07)	0.528 (0.17)	0.966 (0.00)	0.962 (0.04)	0.972 (0.01)	0.966 (0.00)	0.831 (0.09)	0.779 (0.14)
	25,930	0.655 (0.16)	0.845 (0.07)	0.948 (0.00)	0.569 (0.10)	0.966 (0.00)	0.972 (0.02)	0.969 (0.01)	0.966 (0.00)	0.855 (0.07)	0.779 (0.10)
0.2	2594	0.453 (0.21)	0.574 (0.02)	0.484 (0.16)	0.381 (0.20)	0.848 (0.09)	0.869 (0.05)	0.969 (0.02)	0.978 (0.01)	0.745 (0.14)	0.472 (0.15)
	3890	0.429 (0.23)	0.634 (0.04)	0.591 (0.04)	0.383 (0.19)	0.926 (0.06)	0.826 (0.05)	0.955 (0.04)	0.978 (0.01)	0.716 (0.11)	0.486 (0.12)
	5187	0.636 (0.13)	0.664 (0.04)	0.631 (0.04)	0.350 (0.17)	0.938 (0.06)	0.836 (0.05)	0.960 (0.03)	0.976 (0.01)	0.743 (0.11)	0.621 (0.07)
	12,965	0.648 (0.16)	0.753 (0.04)	0.759 (0.05)	0.445 (0.14)	0.957 (0.01)	0.900 (0.03)	0.971 (0.02)	0.981 (0.00)	0.776 (0.11)	0.653 (0.08)
	25,930	0.621 (0.10)	0.814 (0.01)	0.831 (0.01)	0.538 (0.11)	0.960 (0.01)	0.924 (0.03)	0.981 (0.00)	0.983 (0.00)	0.783 (0.07)	0.619 (0.00)
0.5	2594	0.429 (0.16)	0.420 (0.02)	0.318 (0.11)	0.175 (0.11)	0.571 (0.07)	0.596 (0.07)	0.616 (0.03)	0.628 (0.02)	0.543 (0.06)	0.277 (0.11)
	3890	0.388 (0.12)	0.419 (0.04)	0.413 (0.03)	0.189 (0.09)	0.592 (0.02)	0.610 (0.07)	0.629 (0.04)	0.641 (0.02)	0.517 (0.04)	0.282 (0.07)
	5187	0.550 (0.07)	0.436 (0.03)	0.431 (0.03)	0.206 (0.12)	0.599 (0.04)	0.634 (0.07)	0.631 (0.03)	0.654 (0.02)	0.494 (0.05)	0.374 (0.07)
	12,965	0.598 (0.04)	0.462 (0.02)	0.494 (0.01)	0.268 (0.13)	0.597 (0.02)	0.688 (0.02)	0.670 (0.03)	0.662 (0.02)	0.524 (0.04)	0.470 (0.02)
	25,930	0.614 (0.02)	0.512 (0.01)	0.548 (0.01)	0.349 (0.07)	0.611 (0.01)	0.700 (0.02)	0.674 (0.01)	0.659 (0.01)	0.539 (0.03)	0.499 (0.04)
1.0	2594	0.358 (0.02)	0.227 (0.01)	0.191 (0.07)	0.093 (0.06)	0.325 (0.03)	0.366 (0.02)	0.347 (0.01)	0.353 (0.01)	0.314 (0.03)	0.149 (0.05)
	3890	0.364 (0.01)	0.233 (0.01)	0.233 (0.01)	0.098 (0.05)	0.332 (0.02)	0.379 (0.02)	0.352 (0.02)	0.364 (0.02)	0.319 (0.02)	0.167 (0.06)
	5187	0.362 (0.01)	0.236 (0.00)	0.234 (0.01)	0.105 (0.06)	0.337 (0.02)	0.390 (0.01)	0.357 (0.01)	0.367 (0.01)	0.312 (0.02)	0.206 (0.04)
	12,965	0.366 (0.01)	0.243 (0.00)	0.272 (0.00)	0.136 (0.07)	0.337 (0.01)	0.393 (0.01)	0.378 (0.01)	0.374 (0.01)	0.314 (0.02)	0.257 (0.01)
	25,930	0.367 (0.00)	0.271 (0.00)	0.298 (0.01)	0.176 (0.04)	0.342 (0.00)	0.404 (0.01)	0.378 (0.01)	0.371 (0.01)	0.317 (0.02)	0.286 (0.01)

.

Similarly, Recall@K for $K=0.5$ is reported in

Table 5. Recall@K for $K=0.5$ for different models and training sizes. Values are mean (standard deviation). Bold numbers indicate the best performance per row.

${\mathit{N}}_{\mathit{l}}$	NB	LReg	LReg-SSL	KNN	SVM	RF	FNN	Our Model	GRU	MT
2594	0.447 (0.17)	0.438 (0.02)	0.332 (0.11)	0.183 (0.11)	0.596 (0.07)	0.622 (0.08)	0.642 (0.03)	0.655 (0.02)	0.566 (0.07)	0.288 (0.11)
3890	0.405 (0.13)	0.437 (0.05)	0.431 (0.03)	0.197 (0.09)	0.617 (0.03)	0.637 (0.08)	0.656 (0.04)	0.669 (0.02)	0.540 (0.04)	0.294 (0.08)
5187	0.574 (0.08)	0.455 (0.03)	0.450 (0.03)	0.214 (0.13)	0.624 (0.04)	0.661 (0.07)	0.658 (0.04)	0.682 (0.02)	0.516 (0.05)	0.390 (0.07)
12,965	0.624 (0.05)	0.482 (0.02)	0.515 (0.01)	0.279 (0.13)	0.623 (0.02)	0.717 (0.02)	0.699 (0.03)	0.691 (0.02)	0.547 (0.04)	0.490 (0.03)
25,930	0.641 (0.02)	0.535 (0.01)	0.572 (0.01)	0.364 (0.08)	0.637 (0.01)	0.730 (0.02)	0.703 (0.01)	0.688 (0.01)	0.563 (0.03)	0.521 (0.05)

. Our model performs best for limited labeled sample sizes, while the FNN and RF surpass it once larger sample sizes are used. Additional Recall@K results are given in

Table A5. Recall@K for different models, training sizes and values of K. Values reported as mean (standard deviation). Bold values indicate the best result per row.

K	${\mathit{N}}_{\mathit{l}}$	NB	LReg	LReg-SSL	KNN	SVM	RF	FNN	Our Model	GRU	MT
0.1	2594	0.109 (0.07)	0.144 (0.01)	0.135 (0.03)	0.101 (0.05)	0.199 (0.01)	0.199 (0.01)	0.201 (0.00)	0.201 (0.00)	0.169 (0.03)	0.104 (0.04)
	3890	0.073 (0.05)	0.144 (0.00)	0.148 (0.02)	0.074 (0.03)	0.201 (0.00)	0.197 (0.01)	0.202 (0.00)	0.201 (0.00)	0.166 (0.02)	0.129 (0.03)
	5187	0.133 (0.05)	0.143 (0.00)	0.163 (0.02)	0.080 (0.03)	0.201 (0.00)	0.196 (0.01)	0.201 (0.00)	0.201 (0.00)	0.168 (0.03)	0.139 (0.03)
	12,965	0.122 (0.02)	0.146 (0.00)	0.191 (0.02)	0.110 (0.04)	0.201 (0.00)	0.201 (0.01)	0.203 (0.00)	0.201 (0.00)	0.173 (0.02)	0.163 (0.03)
	25,930	0.137 (0.03)	0.176 (0.01)	0.198 (0.00)	0.119 (0.02)	0.201 (0.00)	0.203 (0.00)	0.202 (0.00)	0.201 (0.00)	0.178 (0.02)	0.163 (0.02)
0.2	2594	0.189 (0.09)	0.240 (0.01)	0.202 (0.07)	0.159 (0.08)	0.354 (0.04)	0.363 (0.02)	0.404 (0.01)	0.408 (0.00)	0.311 (0.06)	0.197 (0.06)
	3890	0.179 (0.10)	0.265 (0.02)	0.247 (0.02)	0.160 (0.08)	0.386 (0.03)	0.345 (0.02)	0.399 (0.02)	0.408 (0.00)	0.299 (0.05)	0.203 (0.05)
	5187	0.265 (0.06)	0.277 (0.02)	0.263 (0.02)	0.146 (0.07)	0.391 (0.02)	0.349 (0.02)	0.401 (0.01)	0.407 (0.01)	0.310 (0.04)	0.259 (0.03)
	12,965	0.271 (0.07)	0.314 (0.02)	0.317 (0.02)	0.186 (0.06)	0.399 (0.00)	0.376 (0.01)	0.405 (0.01)	0.409 (0.00)	0.324 (0.05)	0.273 (0.04)
	25,930	0.259 (0.04)	0.340 (0.01)	0.347 (0.00)	0.224 (0.05)	0.401 (0.00)	0.386 (0.01)	0.409 (0.00)	0.410 (0.00)	0.327 (0.03)	0.258 (0.00)
0.5	2594	0.447 (0.17)	0.438 (0.02)	0.332 (0.11)	0.183 (0.11)	0.596 (0.07)	0.622 (0.08)	0.642 (0.03)	0.655 (0.02)	0.566 (0.07)	0.288 (0.11)
	3890	0.405 (0.13)	0.437 (0.05)	0.431 (0.03)	0.197 (0.09)	0.617 (0.03)	0.637 (0.08)	0.656 (0.04)	0.669 (0.02)	0.540 (0.04)	0.294 (0.08)
	5187	0.574 (0.08)	0.455 (0.03)	0.450 (0.03)	0.214 (0.13)	0.624 (0.04)	0.661 (0.07)	0.658 (0.04)	0.682 (0.02)	0.516 (0.05)	0.390 (0.07)
	12,965	0.624 (0.05)	0.482 (0.02)	0.515 (0.01)	0.279 (0.13)	0.623 (0.02)	0.717 (0.02)	0.699 (0.03)	0.691 (0.02)	0.547 (0.04)	0.490 (0.03)
	25,930	0.641 (0.02)	0.535 (0.01)	0.572 (0.01)	0.364 (0.08)	0.637 (0.01)	0.730 (0.02)	0.703 (0.01)	0.688 (0.01)	0.563 (0.03)	0.521 (0.05)
1.0	2594	0.746 (0.03)	0.473 (0.01)	0.399 (0.14)	0.194 (0.12)	0.678 (0.07)	0.764 (0.03)	0.724 (0.03)	0.737 (0.03)	0.655 (0.05)	0.310 (0.11)
	3890	0.760 (0.02)	0.486 (0.01)	0.486 (0.01)	0.204 (0.09)	0.694 (0.04)	0.791 (0.05)	0.734 (0.04)	0.760 (0.03)	0.665 (0.03)	0.348 (0.13)
	5187	0.755 (0.01)	0.493 (0.01)	0.488 (0.03)	0.219 (0.13)	0.704 (0.04)	0.813 (0.03)	0.745 (0.03)	0.766 (0.02)	0.651 (0.04)	0.429 (0.09)
	12,965	0.763 (0.02)	0.508 (0.01)	0.567 (0.01)	0.284 (0.14)	0.703 (0.02)	0.821 (0.02)	0.788 (0.03)	0.781 (0.02)	0.656 (0.03)	0.535 (0.03)
	25,930	0.765 (0.01)	0.565 (0.01)	0.622 (0.01)	0.368 (0.08)	0.713 (0.01)	0.842 (0.01)	0.789 (0.01)	0.774 (0.02)	0.661 (0.05)	0.596 (0.02)

.

Finally, partial PR-AUC with a recall threshold $r=0.7$ is reported in

Table 6. Partial PR-AUC at $r=0.7$ across different training sizes. Values are mean (standard deviation). Bold numbers indicate the best performance per row.

${\mathit{N}}_{\mathit{l}}$	NB	LReg	LReg-SSL	KNN	SVM	RF	FNN	Our Model	GRU	MT
2594	0.457 (0.00)	0.317 (0.03)	0.263 (0.09)	0.491 (0.04)	0.548 (0.06)	0.582 (0.05)	0.625 (0.02)	0.634 (0.01)	0.480 (0.10)	0.189 (0.06)
3890	0.457 (0.00)	0.336 (0.03)	0.338 (0.02)	0.467 (0.06)	0.596 (0.04)	0.573 (0.05)	0.626 (0.03)	0.640 (0.01)	0.453 (0.06)	0.218 (0.07)
5187	0.517 (0.06)	0.355 (0.02)	0.377 (0.02)	0.453 (0.04)	0.603 (0.04)	0.591 (0.04)	0.629 (0.03)	0.645 (0.01)	0.454 (0.07)	0.299 (0.07)
12,965	0.522 (0.06)	0.399 (0.01)	0.458 (0.01)	0.488 (0.03)	0.608 (0.02)	0.630 (0.02)	0.653 (0.02)	0.654 (0.01)	0.484 (0.08)	0.409 (0.05)
25,930	0.543 (0.05)	0.463 (0.01)	0.523 (0.01)	0.502 (0.02)	0.620 (0.01)	0.647 (0.02)	0.664 (0.01)	0.654 (0.01)	0.497 (0.05)	0.440 (0.02)

. Here, our model achieved the best performance across all sample sizes except the largest, where the FNN wins. Extended results for different recall thresholds are provided in

Table A6. Partial PR-AUC comparison of models across different recall thresholds r and training sizes. Values reported as mean (standard deviation). Bold values indicate the best result per row.

r	${\mathit{N}}_{\mathit{l}}$	NB	LReg	LReg-SSL	KNN	SVM	RF	FNN	Our Model	GRU	MT
0.5	2594	0.376 (0.00)	0.301 (0.02)	0.248 (0.08)	0.351 (0.03)	0.441 (0.03)	0.453 (0.02)	0.483 (0.01)	0.482 (0.00)	0.386 (0.08)	0.186 (0.06)
	3890	0.376 (0.00)	0.317 (0.03)	0.315 (0.02)	0.330 (0.05)	0.471 (0.02)	0.442 (0.02)	0.478 (0.01)	0.482 (0.00)	0.366 (0.05)	0.212 (0.06)
	5187	0.376 (0.00)	0.335 (0.02)	0.353 (0.02)	0.319 (0.03)	0.472 (0.02)	0.448 (0.02)	0.479 (0.01)	0.482 (0.00)	0.374 (0.06)	0.286 (0.07)
	12,965	0.376 (0.00)	0.372 (0.01)	0.410 (0.01)	0.346 (0.02)	0.476 (0.00)	0.467 (0.01)	0.482 (0.00)	0.482 (0.00)	0.395 (0.06)	0.376 (0.04)
	25,930	0.376 (0.00)	0.409 (0.01)	0.440 (0.01)	0.360 (0.02)	0.478 (0.00)	0.475 (0.01)	0.486 (0.00)	0.483 (0.00)	0.406 (0.04)	0.376 (0.01)
0.6	2594	0.421 (0.00)	0.311 (0.02)	0.258 (0.09)	0.421 (0.03)	0.506 (0.04)	0.524 (0.04)	0.566 (0.01)	0.570 (0.00)	0.443 (0.09)	0.187 (0.06)
	3890	0.421 (0.00)	0.328 (0.03)	0.328 (0.02)	0.399 (0.06)	0.548 (0.03)	0.514 (0.03)	0.562 (0.02)	0.571 (0.00)	0.417 (0.05)	0.216 (0.07)
	5187	0.439 (0.04)	0.346 (0.02)	0.367 (0.02)	0.386 (0.03)	0.551 (0.03)	0.523 (0.03)	0.564 (0.02)	0.572 (0.00)	0.422 (0.07)	0.296 (0.07)
	12,965	0.421 (0.00)	0.387 (0.01)	0.446 (0.01)	0.417 (0.02)	0.556 (0.01)	0.552 (0.01)	0.574 (0.01)	0.576 (0.00)	0.450 (0.07)	0.401 (0.04)
	25,930	0.422 (0.00)	0.450 (0.01)	0.499 (0.01)	0.431 (0.02)	0.563 (0.00)	0.563 (0.01)	0.581 (0.01)	0.577 (0.00)	0.462 (0.04)	0.421 (0.01)
0.7	2594	0.457 (0.00)	0.317 (0.03)	0.263 (0.09)	0.491 (0.04)	0.548 (0.06)	0.582 (0.05)	0.625 (0.02)	0.634 (0.01)	0.480 (0.10)	0.189 (0.06)
	3890	0.457 (0.00)	0.336 (0.03)	0.338 (0.02)	0.467 (0.06)	0.596 (0.04)	0.573 (0.05)	0.626 (0.03)	0.640 (0.01)	0.453 (0.06)	0.218 (0.07)
	5187	0.517 (0.06)	0.355 (0.02)	0.377 (0.02)	0.453 (0.04)	0.603 (0.04)	0.591 (0.04)	0.629 (0.03)	0.645 (0.01)	0.454 (0.07)	0.299 (0.07)
	12,965	0.522 (0.06)	0.399 (0.01)	0.458 (0.01)	0.488 (0.03)	0.608 (0.02)	0.630 (0.02)	0.653 (0.02)	0.654 (0.01)	0.484 (0.08)	0.409 (0.05)
	25,930	0.543 (0.05)	0.463 (0.01)	0.523 (0.01)	0.502 (0.02)	0.620 (0.01)	0.647 (0.02)	0.664 (0.01)	0.654 (0.01)	0.497 (0.05)	0.440 (0.02)
0.8	2594	0.531 (0.02)	0.321 (0.03)	0.266 (0.09)	0.561 (0.04)	0.566 (0.07)	0.624 (0.05)	0.655 (0.03)	0.667 (0.02)	0.496 (0.11)	0.190 (0.06)
	3890	0.549 (0.02)	0.342 (0.04)	0.344 (0.02)	0.536 (0.07)	0.615 (0.05)	0.617 (0.06)	0.658 (0.05)	0.680 (0.02)	0.469 (0.06)	0.219 (0.07)
	5187	0.580 (0.03)	0.362 (0.02)	0.386 (0.03)	0.520 (0.04)	0.624 (0.05)	0.644 (0.05)	0.665 (0.03)	0.690 (0.02)	0.470 (0.07)	0.300 (0.07)
	12,965	0.597 (0.02)	0.410 (0.02)	0.470 (0.01)	0.559 (0.04)	0.630 (0.02)	0.691 (0.02)	0.705 (0.03)	0.702 (0.02)	0.498 (0.08)	0.412 (0.05)
	25,930	0.605 (0.01)	0.476 (0.01)	0.535 (0.01)	0.574 (0.03)	0.646 (0.01)	0.713 (0.02)	0.715 (0.01)	0.700 (0.01)	0.510 (0.05)	0.446 (0.02)

.

While head metrics emphasize the practically relevant head of the ranked distribution, relying solely on point estimates may still be misleading. A single prediction may appear highly confident, placing a transaction high in the ranking, yet posterior sampling may reveal substantial uncertainty of the underlying model and correct such spurious point estimates and push uncertain cases lower in the ranking. This motivates the following analysis of Bayesian uncertainty, where predictive distributions rather than single predictions provide a more robust basis for decision-making.

5.5.2. Runtime and Scalability

All experiments were conducted on Kaggle’s free Tesla T4 and P100 GPUs, without access to high-performance clusters. On the BankSim dataset with about 600k transactions approximate wall-clock training times for all main models are illustrated in

Table 7. Training runtimes per model (approximate wall-clock times).

	MT	GRU	FNN	Our Model	RF/SVM/LReg
Runtime	∼3 min	2–5 min	10–13 min	13–17 min	seconds

. For comparability, runtimes measure only the training loop with limited loss logging; data preprocessing (e.g., log-signature computation) is excluded. Despite the Bayesian framework, training remains efficient due to the shallow architecture of both generator and discriminator, highlighting practical deployability. Codes for reproducing the results and figures for this paper are available on https://github.com/DavidHirnschall/logsig-bayesian-gan (accessed on 28 August 2025).

5.5.3. Uncertainty Evaluation

To assess predictive uncertainty of our Bayesian approach, we approximate the predictive distribution for each transaction over fraud probability $f_i$ from SGHMC samples and summarize uncertainty by the posterior interval width, e.g., the 90% interval width $u_{i,0.9}=Q_{0.95}-Q_{0.05}.$ In practice, one may call a prediction uncertain if the classification threshold $\tau$ lies within the interval $[Q_{0.05},Q_{0.95}]$, as it returns mixed classification signals. In the quantitative evaluation below, we use the continuous score $u_{i,0.9}.$

For comparison, we additionally evaluate (i) the maximum softmax probability (MSP), i.e., ${max}_{k}p(y=k|x)$, (ii) posterior standard deviation $SD\left(f_i\right)$ across SGHMC samples and (iii) mutual information (MI) between predictions and model posterior, which captures epistemic uncertainty. Given M posterior predictive distributions ${\left\{p^{\left(m\right)}(y\mid x)\right\}}_{m=1}^M$, the posterior predictive distribution is $\overline{p}(y\mid x)=\frac{1}{M}{\sum }_{m=1}^M{p}^{\left(m\right)}(y\mid x)$. Then the MI is

$$\mathrm{MI}\left(x\right)=H\left(\overline{p}(y\mid x)\right)-{\displaystyle \frac{1}{M}}\sum _{m=1}^{M}H\left(p^{\left(m\right)}(y\mid x)\right),$$

where $H\left(p\right)=-{\sum }_{k=1}^{K}p(y=k)logp(y=k)$ is the categorical entropy.

To test whether uncertainty identifies mistakes in predictions, we treat misclassifications as the positive class, compute the ROC curve using the uncertainty scores $u_i$ as the ranking variable, and report the area under the ROC curve (AUROC) in

Table 8. AUROC values for different uncertainty measures across labeled sample sizes $N_l$. Values are mean (standard deviation). Best per row in bold.

${\mathit{N}}_{\mathit{l}}$	MSP	PE	90% Width	SD	MI
2 594	0.8854 (0.0327)	0.8854 (0.0327)	0.8989 (0.0287)	0.9009 (0.0292)	0.9095 (0.0261)
3 890	0.9084 (0.0218)	0.9084 (0.0218)	0.9089 (0.0211)	0.9087 (0.0206)	0.9069 (0.0208)
5 187	0.9190 (0.0311)	0.9190 (0.0311)	0.9236 (0.0275)	0.9246 (0.0286)	0.9277 (0.0238)
12 965	0.9327 (0.0247)	0.9327 (0.0247)	0.9382 (0.0204)	0.9391 (0.0209)	0.9422 (0.0131)
25 930	0.9483 (0.0111)	0.9483 (0.0111)	0.9519 (0.0128)	0.9535 (0.0125)	0.9480 (0.0124)

. While the ROC curve plots the true positive rate against the false positive rate across thresholds, the AUROC gives the probability that an error receives a higher uncertainty score than a correct prediction by

$$\mathrm{AUROC}=Pr\left(u_{\mathrm{error}}>u_{\mathrm{correct}}\right)+\frac{1}{2}Pr\left(u_{\mathrm{error}}=u_{\mathrm{correct}}\right)$$

with 0.5 indicating random ranking and higher scores indicating better performance.

With scarce labels, epistemic uncertainty dominates, meaning the posterior over weights diffuses and SGHMC draws disagree, resulting in broad predictive intervals. Interval-based uncertainty scores directly reflect this behavior and separate wrong from correct predictions more effectively. As the number of labeled samples grows, posterior predictions concentrate and intervals shrink (see Figure 3). Misclassifications are less driven by model uncertainty and more by predictions near the decision threshold. Point estimators become better calibrated, so simple uncertainty scores derived from posterior mean, e.g., MSP gain importance. This pattern reflects the intuition that more data reduces posterior variance and tightens predictive intervals. While intervals are not always the best in ranking errors, they remain highly interpretable and provide a direct probability range for decision rules, making them particularly appealing in fraud detection.

Further, we categorize transactions in true positive (TP), false positive (FP), true negative (TN) and false negative (FN) via the posterior mean prediction ${\overline{f}}_i$. Figure 3 displays average 90% interval widths over five unlabelings for each category (TP, FP, TN, FN) and across labeled sample sizes. Misclassified instances (FP and FN) consistently exhibit a substantially larger uncertainty than correctly classified ones (TP and TN). This systematic separation confirms that interval-based measures capture epistemic uncertainty in a way that directly aligns with predictive reliability.

Finally, Figure 4 shows posterior distributions for four representative transactions (one per outcome category) with decision threshold $\tau$ overlaid by the uncertainty interval. Among samples labeled as fraud, misclassified FPs tend to show broader posteriors, hence higher uncertainty, with more weight in the left tail. Among transactions labeled as non-fraud, misclassified FNs exhibit wider predictive posteriors with heavier right tails. These pattern reflects epistemic uncertainty beyond the point estimate ${\overline{f}}_i$.

5.6. Fairness Across Demographic Groups

Since age and gender are included as features, we evaluated subgroup performance in the test set to assess fairness. Figure 5 presents results for $1\%$ labeled data (5187 samples) for our model, SVM and RF. Performance differences across gender and age groups largely reflect underlying fraud prevalence and group size, rather than systematic bias introduced by the model. Groups with higher fraud prevalence naturally show higher F1, PR-AUC and expected cost due to the greater number of positive cases. Importantly, relative model rankings remain consistent across groups and our approach improves calibration and precision-recall trade-offs across most groups. This indicates that no particular group is systematically disadvantaged and the similar behavior of baseline models further supports the interpretation that observed differences are data-driven rather than model-driven.

Nevertheless, the inclusion of demographic features must be handled with care. Even if statistically predictive, they can introduce or reinforce unfair outcomes at the individual level. A practical safeguard is leveraging predictive uncertainty, where uncertain cases can be flagged for human inspection. Finally, subgroup results for small populations should be interpreted cautiously, as a limited sample size naturally leads to high variance. Detailed results across age and gender groups for RF, SVM and our model are reported in

Table A7. Gender subgroup results at 5187 labeled samples.

Group	#Frauds/#Samples	Prev	Model	Macro F1	Cross-Entropy	PR-AUC	Expected Cost@0.5
Male	49/25,342	0.19%	RF	0.8056	0.0123	0.6369	0.0020
			SVM	0.7373	0.0102	0.6429	0.0024
			Our model	0.8459	0.0056	0.6546	0.0024
Female	229/32,630	0.70%	RF	0.7769	0.0188	0.6667	0.0095
			SVM	0.7128	0.0169	0.6420	0.0074
			Our model	0.8475	0.0105	0.6908	0.0059

and

Table A8. Age subgroup results at 5187 labeled samples.

Group	#Frauds/#Samples	Prev	Model	Macro F1	Cross-Entropy	PR-AUC	Expected Cost@0.5
≤18	24/10,583	0.23%	RF	0.7669	0.0209	0.5400	0.0035
			SVM	0.6148	0.0133	0.4455	0.0033
			Our model	0.8126	0.0078	0.5017	0.0038
19–25	43/17,416	0.25%	RF	0.7620	0.0185	0.5433	0.0034
			SVM	0.6602	0.0124	0.5178	0.0031
			Our model	0.7972	0.0085	0.5330	0.0035
26–35	33/16,215	0.20%	RF	0.7631	0.0167	0.5470	0.0033
			SVM	0.6952	0.0117	0.5606	0.0030
			Our model	0.8067	0.0079	0.5676	0.0033
36–45	157/6366	2.46%	RF	0.7577	0.0261	0.6222	0.0341
			SVM	0.6930	0.0251	0.6052	0.0314
			Our model	0.8251	0.0151	0.6390	0.0320
46–55	18/4395	0.41%	RF	0.7708	0.0240	0.6293	0.0473
			SVM	0.6931	0.0235	0.6051	0.0438
			Our model	0.8247	0.0143	0.6409	0.0446
56–65	3/2644	0.11%	RF	0.7873	0.0204	0.6673	0.0677
			SVM	0.7026	0.0213	0.6334	0.0629
			Our model	0.8248	0.0127	0.6933	0.0639
>65	0/353	0.00%	RF	0.8034	0.0175	0.6673	0.4276
			SVM	0.7451	0.0182	0.6334	0.3972
			Our model	0.8355	0.0109	0.6933	0.4035

.

6. Conclusions and Discussion

In this paper, we introduced a novel deep generative semi-supervised approach for time series classification that leverages conditional GANs, Bayesian inference, and log-signatures to address core challenges in financial fraud detection: irregularly sampled data of varying length, limited labeled samples and the need for probabilistic predictions with uncertainty quantification. Log-signatures provide a principled way to encode transaction histories of variable length, enabling robust learning where other sequence models struggle.

To provide a comprehensive performance assessment, we combined global statistical metrics (macro F1, PR-AUC, cross-entropy loss) with domain-specific head metrics (Precision@K, Recall@K, partial PR-AUC, Expected Cost@K). This dual evaluation framework reflects both overall statistical performance and real-world business impact, where only a small fraction of transactions can be reviewed. Our empirical evaluation on the BankSim dataset demonstrated that our proposed approach outperforms established baselines in the low-data regime, with particularly strong gains in cost-based performance at realistic operational settings, achieving up to 44% lower Expected Cost@K than strong statistical performers such as random forest in typical operational regimes. While fully supervised neural networks close the performance gap as more labeled samples become available, our approach maintains a clear advantage when labeled data are scarce.

Another key contribution lies in uncertainty quantification. By placing a distribution over network weights, our Bayesian framework produces predictive distributions rather than point estimates, allowing calibrated confidence intervals. Misclassified samples were shown to exhibit consistently higher uncertainty, highlighting the importance of uncertainty-aware predictions in high-risk domains where wrong decisions carry substantial cost. In addition, we evaluated subgroup performance by age and gender, finding that observed performance differences largely reflect prevalence and sample size rather than systematic bias introduced by the model. Relative model rankings remained stable across subgroups, suggesting that no group is systematically disadvantaged.

Nonetheless, limitations remain. Our approach relies on transaction histories, making predictions for new or low-activity customers challenging. Moreover, fraud detection assumes that fraud breaks behavioral patterns, which may fail in cases of repeated fraud resembling past activity. Finally, our evaluation relies on the BankSim dataset. While widely used in fraud detection for its realism, it remains synthetic, and future work should extend validation to real-world datasets as access becomes possible. As with most data-driven systems, model generalization depends on representative training data and evolving fraud tactics will require continuous retraining.

Several avenues for future research extend naturally from this work. First, extending evaluation to real-world datasets and in production environments offers the opportunity to confirm findings under operational constraints. Second, incorporating additional data modalities, such as customer demographics, merchant information, or network structures, could enhance the detection of rare or adaptive fraud cases. Third, fairness and interpretability remain important directions: while subgroup analyses suggest that performance differences primarily reflect data prevalence, future work should explore fairness-aware training objectives and explainable prediction mechanisms to strengthen trust in deployment. Finally, applying the approach to other domains, such as healthcare, is a natural next step to test the generalization of our approach to broader time series classification tasks beyond fraud detection.

Overall, our findings demonstrate that semi-supervised Bayesian generative models, combined with log-signatures for temporal feature encoding, can effectively handle variable-length sequences of irregular sampling frequencies while providing robust, uncertainty-aware decision support. This synergy offers tangible benefits for fraud detection and broader time series classification tasks.