Docs
Search
⌃K

Risk & Fraud Rules

Risk Rules Engine
Fast growing financial technology companies use LogicLoop to monitor abusive behavior on their platforms. LogicLoop empowers fraud & risk managers to quickly set up rules on top of company data to raise alerts for their team to review. Without LogicLoop, analysts are often stuck waiting for engineers to implement alerts directly in the codebase, inhibiting their ability to iterate quickly and experiment.
To get started with monitoring bad actors on your platform on LogicLoop, you'll first want to connect your company's data sources. This could be production databases like Postgres or MySQL, warehouses like Snowflake, Redshift or Big Query, or APIs like Socure or Sentilink. Once connected, you can use sample industry templates below as guidance to bootstrap your program. The following templates have been simplified and specific details have been omitted due to the sensitive nature of the content. Contact us at [email protected] to access our fully detailed suite of fraud & risk monitoring formulas.

Large transactions

Query your data to select transactions with large dollar amounts.
View SQL Query
SELECT
*
FROM
transaction
WHERE
amount > 10000
For each transaction flagged, create a ticket for your analysts to review. You can automatically generate a ticket in LogicLoop's Case Management System.

Excessive failed transfers

Query your database to flag users with excessive failed external fund transfers.
View SQL Query
SELECT
company_name,
merchant_id,
transfers.status,
count(*) AS num_failed_transfers
FROM
transfers
JOIN merchant ON merchant.id = merchant_id
WHERE
created_on > current_date - interval '30 days'
AND transfers.status = 'FAILED'
GROUP BY
merchant_id,
company_name,
transfers.status
HAVING
count(*) >= 3
For each user flagged, generate a Slack alert for your team to review.

High velocity transactions for new users

Query your data to flag users who signed up recently with high total transaction volumes.
View SQL Query
SELECT
sum(amount) AS total,
merchant_id
FROM
transaction
join merchant ON merchant_id = merchant.id
WHERE
transaction.created_at > current_date - interval '30 days'
AND merchant.created_at > current_date - interval '30 days'
GROUP BY
merchant_id
HAVING
sum(amount) > 200000
For each user flagged, trigger a webhook to create a ticket in your own internal system or another ticket management system like Salesforce, Zendesk, JIRA, or Asana for an analyst to review.

Missing address information

Select users who signed up recently without address information
View SQL Query
SELECT
*
FROM
users
WHERE
address is NULL
AND created_at < current_date - interval '7 days'
Then, send each user an email reminding them to fill out their address.

Failed identity verification

Flag users who failed identity verification checks. You can pull in information from third party APIs using our API (JSON) data source and write a rule on top of Query Results to join data from multiple sources.
View SQL Query
SELECT
*
FROM
socure_identity_verification_checks_api
WHERE
status = 'Failed'
For each user flagged, create a ticket for an analyst to review and follow up.

Transactions in high-risk geographies

Alert on transactions conducted from high-risk geographies. If you have a pre-defined list of countries that are deemed high-risk, you can pull in this list of values by parameterizing it and populating it with a list derived from another query.
View SQL Query
SELECT
*
FROM
transaction
WHERE
country in {{ list_of_banned_countries }}
Then, call an internal webhook endpoint to automatically ban the transaction in your system.

Amount outstanding exceeds account balance

Alert if a user's outstanding balance exceeds the funds that are available in their account.
View SQL Query
SELECT
*
FROM
users
WHERE
account_balance < outstanding_balance
Send an account manager a Slack notification to reach out to the user to fund their account.

Device intelligence: suspicious IPs

Flag users whose IP correspond with users who have already been identified as fraudulent.
View SQL Query
SELECT
*
FROM
users
WHERE
ip_address in (
SELECT
ip_address
from
users
where
status = 'fraud'
)

Loan payments late

Alert on payments that are more than 30 days past due.
View SQL Query
SELECT
*
FROM
payments
WHERE
due_date < current_date - interval '30 days'

Borrowers with excessive delinquent payments

Flag users who have been late on over 10 loan payments by more than 30 days.
View SQL Query
SELECT
user_id, count(*)
FROM
payments
WHERE
paid_date > due_date + interval '30 days' OR paid_date is NULL
GROUP BY
user_id
HAVING
count(*) > 10

Structured transactions

Alert if a transaction amount is close to a regulatory threshold.
View SQL Query
SELECT
*
FROM
transaction
WHERE
amount > 9000 and amount < 10000

Withdrawals to multiple bank accounts

Flag if a user has withdrawn funds to over 3 different bank accounts.
View SQL Query
SELECT
bank_account_id, count(*)
FROM
withdrawals
WHERE
created_at > current_date - interval '30 days'
GROUP BY
bank_account_id
HAVING
count(*) > 3

Too many peer to peer transfers

Flag if a user has made peer to peer transfers to over 10 different accounts in a month.
View SQL Query
SELECT
receiver_user_id, count(*)
FROM
transfers
WHERE
created_at > current_date - interval '30 days'
GROUP BY
receiver_user_id
HAVING
count(*) > 10

Too many transactions

Alert if a user has greater than 5 transactions in the past month.
View SQL Query
SELECT
user_id, count(*)
FROM
transaction
WHERE
created_at > current_date - interval '30 days'
GROUP BY
user_id
HAVING
count(*) > 5

Excessive deposits

Flag users who've deposited more than $20,000 in their account in the past month.
View SQL Query
SELECT
sum(amount) AS total,
user_id
FROM
deposit
WHERE
created_at > current_date - interval '30 days'
GROUP BY
user_id
HAVING
sum(amount) > 20000

Excessive withdrawals

Flag users who've withdrawn more than $20,000 from their account in the past month.
View SQL Query
SELECT
sum(amount) AS total,
user_id
FROM
withdrawals
WHERE
created_at > current_date - interval '30 days'
GROUP BY
user_id
HAVING
sum(amount) > 20000

Excessive buy or sell orders

Flag users who've bought or sold orders in excess of $20,000 in the past month
View SQL Query
SELECT
sum(amount) AS total,
user_id
FROM
orders
WHERE
created_at > current_date - interval '30 days'
GROUP BY
user_id
HAVING
sum(amount) > 20000