Docs
  • LogicLoop Documentation
  • LogicLoop Quickstart
  • Data Sources
    • Connect your data source
      • Deployment options
    • Supported data sources
      • API data (JSON)
      • AWS CloudWatch
      • BigQuery
      • Databricks
      • Google Analytics
      • Google Sheets
      • MongoDB
      • Microsoft SQL Server
      • MySQL
      • Oracle
      • PostgreSQL
      • Snowflake
      • Combine Results
      • LogicLoop Data Source
  • Queries
    • Write a rule
      • More rule options
      • A/B testing rules
      • Version history
      • Query Snippets
    • Visualizations & dashboards
      • Visualizations
      • Dashboards
  • Actions
    • Set up an action
    • Action destinations
      • Email
      • Slack
      • Webhooks & APIs
      • Microsoft Teams
      • Salesforce
      • Zapier
      • PagerDuty
      • Write to Database
      • Chain Rules
      • Google Sheets
      • Bento
    • Templating
  • Case Management
    • Case Management
      • Ticket Generation
      • Case Triage
      • Custom Fields and Attachments
  • AI
    • AI Query Helper
    • Ask AI
  • Teams & Settings
    • Integrations
      • Slack
      • Google Sheets
    • Invite your teammate
    • Groups & Permissions
  • Changelog
  • FAQs
  • Troubleshooting
  • Templates
    • Templates Home
    • Risk & Fraud Rules
    • AML Transaction Monitoring Rules
    • Logistics & Marketplace Ops
    • Customer Success & Growth
    • Systems Observability
    • Data Quality Monitoring
    • Healthcare
    • HTML Email Templates
      • Annual Review
      • Weekly Performance Table
      • Invoice Recap
  • BETA
    • AI SQL API
    • Approving rules
    • Render Data as JSON
    • Case Analytics
    • Python
  • Security & Legal
    • Security
    • AI Security
    • Terms of use
    • Privacy policy
    • Services description
Powered by GitBook
On this page
  • Large transactions
  • Excessive failed transfers
  • High velocity transactions for new users
  • Missing address information
  • Failed identity verification
  • Transactions in high-risk geographies
  • Amount outstanding exceeds account balance
  • Device intelligence: suspicious IPs
  • Loan payments late
  • Borrowers with excessive delinquent payments
  • Structured transactions
  • Withdrawals to multiple bank accounts
  • Too many peer to peer transfers
  • Too many transactions
  • Excessive deposits
  • Excessive withdrawals
  • Excessive buy or sell orders

Was this helpful?

  1. Templates

Risk & Fraud Rules

Risk Rules Engine

PreviousTemplates HomeNextAML Transaction Monitoring Rules

Last updated 2 years ago

Was this helpful?

Fast growing financial technology companies use LogicLoop to monitor abusive behavior on their platforms. . Without LogicLoop, analysts are often stuck waiting for engineers to implement alerts directly in the codebase, inhibiting their ability to iterate quickly and experiment.

To get started with monitoring bad actors on your platform on LogicLoop, you'll first want to . This could be production databases like Postgres or MySQL, warehouses like Snowflake, Redshift or Big Query, or APIs like or . Once connected, you can use sample industry templates below as guidance to bootstrap your program. The following templates have been simplified and specific details have been omitted due to the sensitive nature of the content. Contact us at hi@getlogicloop.com to access our fully detailed suite of fraud & risk monitoring formulas.

Large transactions

Query your data to select transactions with large dollar amounts.

View SQL Query
SELECT 
    *
FROM
    transaction
WHERE
    amount > 10000

Excessive failed transfers

Query your database to flag users with excessive failed external fund transfers.

View SQL Query
SELECT
  company_name,
  merchant_id,
  transfers.status,
  count(*) AS num_failed_transfers
FROM
  transfers
  JOIN merchant ON merchant.id = merchant_id
WHERE
  created_on > current_date - interval '30 days'
  AND transfers.status = 'FAILED'
GROUP BY
  merchant_id,
  company_name,
  transfers.status
HAVING
  count(*) >= 3

For each user flagged, generate a Slack alert for your team to review.

High velocity transactions for new users

Query your data to flag users who signed up recently with high total transaction volumes.

View SQL Query
SELECT
  sum(amount) AS total,
  merchant_id
FROM
  transaction
  join merchant ON merchant_id = merchant.id
WHERE
  transaction.created_at > current_date - interval '30 days'
  AND merchant.created_at > current_date - interval '30 days'
GROUP BY
  merchant_id
HAVING
  sum(amount) > 200000

Missing address information

Select users who signed up recently without address information

View SQL Query
SELECT
  *
FROM
  users
WHERE
 address is NULL
 AND created_at < current_date - interval '7 days'

Then, send each user an email reminding them to fill out their address.

Failed identity verification

View SQL Query
SELECT
  *
FROM
  socure_identity_verification_checks_api
WHERE
 status = 'Failed'

For each user flagged, create a ticket for an analyst to review and follow up.

Transactions in high-risk geographies

View SQL Query
SELECT
  *
FROM
  transaction
WHERE
  country in {{ list_of_banned_countries }}

Amount outstanding exceeds account balance

Alert if a user's outstanding balance exceeds the funds that are available in their account.

View SQL Query
SELECT
  *
FROM
  users
WHERE
 account_balance < outstanding_balance

Send an account manager a Slack notification to reach out to the user to fund their account.

Device intelligence: suspicious IPs

Flag users whose IP correspond with users who have already been identified as fraudulent.

View SQL Query
SELECT
  *
FROM
  users
WHERE
  ip_address in (
    SELECT
      ip_address
    from
      users
    where
      status = 'fraud'
  )

Loan payments late

Alert on payments that are more than 30 days past due.

View SQL Query
SELECT
  *
FROM
  payments
WHERE
  due_date < current_date - interval '30 days'

Borrowers with excessive delinquent payments

Flag users who have been late on over 10 loan payments by more than 30 days.

View SQL Query
SELECT
  user_id, count(*)
FROM
  payments
WHERE
  paid_date > due_date + interval '30 days' OR paid_date is NULL
GROUP BY
 user_id
HAVING
  count(*) > 10

Structured transactions

Alert if a transaction amount is close to a regulatory threshold.

View SQL Query
SELECT
  *
FROM
  transaction
WHERE
  amount > 9000 and amount < 10000

Withdrawals to multiple bank accounts

Flag if a user has withdrawn funds to over 3 different bank accounts.

View SQL Query
SELECT
  bank_account_id, count(*)
FROM
  withdrawals
WHERE
  created_at > current_date - interval '30 days'
GROUP BY
 bank_account_id
HAVING
  count(*) > 3

Too many peer to peer transfers

Flag if a user has made peer to peer transfers to over 10 different accounts in a month.

View SQL Query
SELECT
  receiver_user_id, count(*)
FROM
  transfers
WHERE
  created_at > current_date - interval '30 days'
GROUP BY
 receiver_user_id
HAVING
  count(*) > 10

Too many transactions

Alert if a user has greater than 5 transactions in the past month.

View SQL Query
SELECT
  user_id, count(*)
FROM
  transaction
WHERE
  created_at > current_date - interval '30 days'
GROUP BY
  user_id
HAVING
  count(*) > 5

Excessive deposits

Flag users who've deposited more than $20,000 in their account in the past month.

View SQL Query
SELECT
  sum(amount) AS total,
  user_id
FROM
  deposit
WHERE
  created_at > current_date - interval '30 days'
GROUP BY
  user_id
HAVING
  sum(amount) > 20000

Excessive withdrawals

Flag users who've withdrawn more than $20,000 from their account in the past month.

View SQL Query
SELECT
  sum(amount) AS total,
  user_id
FROM
  withdrawals
WHERE
  created_at > current_date - interval '30 days'
GROUP BY
  user_id
HAVING
  sum(amount) > 20000

Excessive buy or sell orders

Flag users who've bought or sold orders in excess of $20,000 in the past month

View SQL Query
SELECT
  sum(amount) AS total,
  user_id
FROM
  orders
WHERE
  created_at > current_date - interval '30 days'
GROUP BY
  user_id
HAVING
  sum(amount) > 20000

For each transaction flagged, create a ticket for your analysts to review. You can automatically generate a ticket in LogicLoop's .

For each user flagged, to create a ticket in your own internal system or another ticket management system like Salesforce, Zendesk, JIRA, or Asana for an analyst to review.

Flag users who failed identity verification checks. You can pull in information from third party APIs using our data source and write a rule on top of to join data from multiple sources.

Alert on transactions conducted from high-risk geographies. If you have a pre-defined list of countries that are deemed high-risk, you can pull in this list of values by and populating it with a list derived from another query.

Then, to automatically ban the transaction in your system.

Case Management System
trigger a webhook
API (JSON)
Query Results
parameterizing it
call an internal webhook endpoint
LogicLoop empowers fraud & risk managers to quickly set up rules on top of company data to raise alerts for their team to review
connect your company's data sources
Socure
Sentilink
Page cover image