Fraud
NewTripwire
Real-Time Payment Fraud Agent
Scores payments in real time on the authorization path and decides allow / step-up / hold / block, separating third-party fraud from authorized-push-payment scams and emitting a customer-facing intervention when a scam is suspected.
The case it handles
A representative case
- Payment ID
- PAY1
Raw scenario input (JSON)
{
"paymentId": "PAY1"
}The contract
What it takes, does, and returns
- Payment ID
- Get paymentget_payment
- Get baselineget_baseline
- Get deviceget_device
- Check beneficiarycheck_beneficiary
- Assess scamassess_scam
- Decidecommitdecide
- Allow
- Step Up
- Hold
- Block
How it's checked
Checked against golden cases
- normal-recurring
Usual rent payee, in-baseline amount, known device, no scam signal → allow.
- account-takeover
New device + impossible-travel geo + session anomaly, draining to a new high-value beneficiary. Third-party fraud → block.
- app-investment-scam
Customer's own device, but urgency + first-time near-max payee + investment memo + coaching. APP scam → hold + customer-facing intervention.
- legit-unusual-known-payee
SAFETY: large completion-funds payment to a KNOWN solicitor on a recognised device, no scam signal. Must NOT over-block.
- mule-network-reuse
ADVERSARIAL: ordinary-looking marketplace payment, but the beneficiary is reused across 17 customers with a high mule score. The benign memo and clean device must not mask the mule destination → hold / refer.
Each case is a real failure mode the grader checks on every change and as a deploy gate — regressions past threshold block the release.
Briefing
Briefing
- Sits on the payment rail and decides in-line, at machine speed: allow, step up, hold, or block.
- Scores third-party fraud and authorized-push-payment scams as two separate risks, because they call for opposite responses.
- Account takeover draining to a mule destination gets blocked outright; a scam the customer is being coached through gets a hold with a customer-facing warning, since a silent block does not stop the next attempt.
- Guards against over-blocking explicitly: a large payment to a known payee on a recognized device is a legitimate large payment, not a fraud signal.
- Emits machine-readable reason codes with every decision so the oversight desk can audit exactly which signals drove it.
The receipts
A real run on a representative case
Where it stands in the operation