Skip to content

Reference stack

Build a fraud and transaction-monitoring stack

A combined fraud and financial-crime architecture spanning device intelligence, identity, payment fraud, transaction monitoring, screening and cases.

Risk teamsCompliance teamsPayment companies

Intended audience and markets

Audience

Risk teamsCompliance teamsPayment companies

Markets

Global

Infrastructure layers

01

Device and behavioural signals

Required

Detect account creation, takeover and anomalous behaviour.

Selection criteria

  • Signal coverage
  • Latency
  • Privacy and data quality
02

Identity and account risk

Required

Combine KYC decisions with fraud and account controls.

Selection criteria

  • Identity graph
  • Synthetic identity controls
  • Decision orchestration
03

Payment fraud

Required

Score authorisations, transfers or payouts.

Selection criteria

  • Transaction types
  • Real-time latency
  • Consortium and feedback data
04

AML monitoring and screening

Required

Detect suspicious activity and restricted parties.

Selection criteria

  • Scenario and model coverage
  • Screening data
  • Alert quality
05

Cases and investigations

Required

Investigate, document and escalate alerts.

Selection criteria

  • Workflow and audit trail
  • Entity linking
  • Regulatory reporting support

Implementation sequence

  • Device and behavioural signals
  • Identity and account risk
  • Payment fraud
  • AML monitoring and screening
  • Cases and investigations

Regulatory considerations

  • The regulated firm must own risk appetite, model governance and reporting decisions.

Technical considerations

  • Create a shared entity and event model before deploying multiple scoring vendors.
  • Measure false positives, false negatives, latency and analyst workload.

Questions to ask providers

  • Which legal entity contracts for each service and in which jurisdictions?
  • Which responsibilities remain with the product operator rather than the provider?
  • What are the implementation, approval, testing and migration timelines?
  • How are incidents, exits, data portability and business continuity handled?
  • Which system is the decision authority when vendor scores conflict?

What this stack does not cover

  • A vendor stack does not replace policies, investigations staff or regulatory accountability.

Related stacks

Reviewed on 2026-07-07.

Provider options are examples of infrastructure roles, not endorsements or a guarantee of suitability, availability or regulatory compliance. Confirm requirements for your product with each provider and qualified advisers.