Monitoring Reports
Report Contents
Monitoring reports are generated at regular intervals to provide a systematic analysis of transaction activities over time. By examining these transactions periodically, the reports help identify patterns and anomalies in payment entities' behavior, which are essential for effective compliance and risk management.
Delivered in JSON format, these reports ensure compatibility and ease of integration with various systems. The schema is designed to be backward compatible, allowing for seamless updates and enhancements without disrupting existing integrations.
- MIF Report Schema
- AML Report Schema
- Legacy MIF Report Schema
The components of an MIF Monitoring Report are:
id: Unique identifier for the report.scope: Defines the type of monitoring report. Possible values include: "mif" (Merchant Initiated Fraud), "pfd" (Payment Fraud Detection), and "aml" (Anti-Money Laundering).subject: Details about the entities being monitored, including:type: Entity type (e.g., "cardholder", "merchant").id: Entity identifier.name: Display name of the entity.
reason: Information about why the report was generated.title: Short description of the trigger. If a rule is triggered, this represents the title of the highest priority triggered rule.description: Detailed explanation of the trigger. If a rule is triggered, this represents the description of the highest priority triggered rule.rule_id: The identifier of the highest priority rule that is triggered.triggered_rule_ids: An array listing allrule_id's of the triggered rules.
classification: Risk assessment, which may include:fraudflag: Risk level indicator ("Black", "Red", or "Yellow"). This field is always present in MIF reports but nullable in others.priority: An integer representing the numerical priority of the report (lower numbers indicate higher priority). If a rule is triggered, this represents the priority of the highest priority (so the lowest number) triggered rule. This field is always present in AML reports but nullable in others.
tags: Array of relevant categories or requirements.transactions: Array of related transaction IDs.
{
"id": "8v124u87z4",
"scope": "mif",
"subject": [
{
"type": "merchant",
"id": "8v124u87z4",
"name": "Media Markt"
}
],
"reason": {
"title": "Merchant | High Authorization Volume",
"description": "Large fraction of high risk transactions that is CNP. Detected a relatively large amount of high risk transactions, when compared to the merchant's peer group. (Between 2022-02-07 11:59 and 2022-03-09 11:59.)",
"rule_id": "rule-123",
"triggered_rule_ids": ["rule-123", "rule-456"]
},
"classification": {
"fraudflag": "red",
"priority": 15
},
"tags": [
"mandatory",
"Visa & Mastercard requirements"
],
"transactions": [
"281024872sa3"
]
}
The components of an AML Monitoring Report are:
id: Unique identifier for the report.scope: Defines the type of monitoring report. Possible values include: "mif" (Merchant Initiated Fraud), "pfd" (Payment Fraud Detection), and "aml" (Anti-Money Laundering).subject: Details about the entities being monitored, including:type: Entity type (e.g., "cardholder", "merchant").id: Entity identifier.name: Display name of the entity.
reason: Information about why the report was generated.title: Short description of the trigger. If a rule is triggered, this represents the title of the highest priority triggered rule.description: Detailed explanation of the trigger. If a rule is triggered, this represents the description of the highest priority triggered rule.rule_id: The identifier of the highest priority rule that is triggered.triggered_rule_ids: An array listing allrule_id's of the triggered rules.
classification: Risk assessment, which may include:fraudflag: Risk level indicator ("Black", "Red", or "Yellow"). This field is always present in MIF reports but nullable in others.priority: An integer representing the numerical priority of the report (lower numbers indicate higher priority). If a rule is triggered, this represents the priority of the highest priority (so the lowest number) triggered rule. This field is always present in AML reports but nullable in others.
tags: Array of relevant categories or requirements.transactions: Array of related transaction IDs.
{
"id": "aml123456",
"scope": "aml",
"subject": [
{
"type": "cardholder",
"id": "ch123456",
"name": "John Doe"
},
{
"type": "merchant",
"id": "m123456",
"name": "Tech Store"
}
],
"reason": {
"title": "Suspicious Activity Detected",
"description": "Unusual transaction patterns detected involving both cardholder and merchant. (Between 2023-10-01 and 2023-10-31.)",
"rule_id": "rule-aml-789",
"triggered_rule_ids": ["rule-aml-789", "rule-aml-101"]
},
"classification": {
"fraudflag": null,
"priority": 10
},
"tags": [
"AML compliance",
"High-risk transaction"
],
"transactions": [
"txn123456789",
"txn987654321"
]
}
The components of a legacy MIF Monitoring Report are:
merchant: This refers to your provided merchant ID. If you need information about a specific merchant, please supply the corresponding merchant ID.fraudflag: This field indicates the suggested action to be taken. Options include Black, Red, or Yellow. These recommendations are determined by the thresholds you have set.score: This is the calculated fraud score, ranging between 0 and 1. A score closer to 1 indicates a higher likelihood of fraudulent activity.reasoncode: This contains important details about the alert, including why it was triggered and the sequence of transactions leading up to it.
{
"merchant": "8v124u87z4",
"fraudflag": "red",
"score": 0.88158123,
"reasoncode": "Large fraction of high risk transactions that is CNP. Detected a relatively large amount of high risk transactions, when compared to the merchant's peer group. Detected outlying sequence of failed transactions, when compared to the merchant's peer group. (Between 2022-02-07 11:59 and 2022-03-09 11:59.)"
}
Reporting Schedule
Fraudio generates monitoring reports on a fixed interval basis rather than in real-time. This scheduled approach allows our systems to analyze patterns of merchant behavior over time and identify potentially fraudulent activities that may not be apparent in individual transactions.
The analysis period covered in each report is included in the reason description, which indicates the timeframe during which suspicious activities were detected (as shown in the example above: "Between 2022-02-07 11:59 and 2022-03-09 11:59").
Report Delivery
Unlike our transaction fraud product that utilizes an API, monitoring reports operate differently. The response and recommendations are not retrieved through an endpoint because the data is batched. Instead, we have implemented a system where reports are sent to a designated Slack channel or webhook, and are also accessible through our dashboards.
These reports are automatically generated and delivered through:
- Access via the Fraudio dashboard.
- A designated Slack channel.
- Webhook notifications (if configured).
Webhook Configuration
To receive monitoring reports via webhook, you must submit your webhook URL to Fraudio for configuration. This setup requires action on Fraudio's side, as it cannot be self-configured by customers (yet).
To set up webhook notifications:
- Contact your Fraudio representative or email support@fraudio.com.
- Provide your webhook URL and any authentication requirements.
- Fraudio will configure the system to send reports to your webhook endpoint.
Once configured, your webhook will receive reports in your preferred JSON format (Current or Legacy) whenever new alerts are generated.