Reference stack
Build a fraud and transaction-monitoring stack
A combined fraud and financial-crime architecture spanning device intelligence, identity, payment fraud, transaction monitoring, screening and cases.
Intended audience and markets
Audience
Markets
Infrastructure layers
Device and behavioural signals
RequiredDetect account creation, takeover and anomalous behaviour.
Selection criteria
- Signal coverage
- Latency
- Privacy and data quality
Identity and account risk
RequiredCombine KYC decisions with fraud and account controls.
Selection criteria
- Identity graph
- Synthetic identity controls
- Decision orchestration
Payment fraud
RequiredScore authorisations, transfers or payouts.
Selection criteria
- Transaction types
- Real-time latency
- Consortium and feedback data
AML monitoring and screening
RequiredDetect suspicious activity and restricted parties.
Selection criteria
- Scenario and model coverage
- Screening data
- Alert quality
Cases and investigations
RequiredInvestigate, document and escalate alerts.
Selection criteria
- Workflow and audit trail
- Entity linking
- Regulatory reporting support
Implementation sequence
- Device and behavioural signals
- Identity and account risk
- Payment fraud
- AML monitoring and screening
- Cases and investigations
Regulatory considerations
- The regulated firm must own risk appetite, model governance and reporting decisions.
Technical considerations
- Create a shared entity and event model before deploying multiple scoring vendors.
- Measure false positives, false negatives, latency and analyst workload.
Questions to ask providers
- Which legal entity contracts for each service and in which jurisdictions?
- Which responsibilities remain with the product operator rather than the provider?
- What are the implementation, approval, testing and migration timelines?
- How are incidents, exits, data portability and business continuity handled?
- Which system is the decision authority when vendor scores conflict?
What this stack does not cover
- A vendor stack does not replace policies, investigations staff or regulatory accountability.
Related stacks
Reviewed on 2026-07-07.
Provider options are examples of infrastructure roles, not endorsements or a guarantee of suitability, availability or regulatory compliance. Confirm requirements for your product with each provider and qualified advisers.