Page cover image

Risk & Fraud Rules

Risk Rules Engine

Fast growing financial technology companies use LogicLoop to monitor abusive behavior on their platforms. LogicLoop empowers fraud & risk managers to quickly set up rules on top of company data to raise alerts for their team to review. Without LogicLoop, analysts are often stuck waiting for engineers to implement alerts directly in the codebase, inhibiting their ability to iterate quickly and experiment.

To get started with monitoring bad actors on your platform on LogicLoop, you'll first want to connect your company's data sources. This could be production databases like Postgres or MySQL, warehouses like Snowflake, Redshift or Big Query, or APIs like Socure or Sentilink. Once connected, you can use sample industry templates below as guidance to bootstrap your program. The following templates have been simplified and specific details have been omitted due to the sensitive nature of the content. Contact us at hi@getlogicloop.com to access our fully detailed suite of fraud & risk monitoring formulas.

Large transactions

Query your data to select transactions with large dollar amounts.

View SQL Query
SELECT 
    *
FROM
    transaction
WHERE
    amount > 10000

For each transaction flagged, create a ticket for your analysts to review. You can automatically generate a ticket in LogicLoop's Case Management System.

Excessive failed transfers

Query your database to flag users with excessive failed external fund transfers.

View SQL Query
SELECT
  company_name,
  merchant_id,
  transfers.status,
  count(*) AS num_failed_transfers
FROM
  transfers
  JOIN merchant ON merchant.id = merchant_id
WHERE
  created_on > current_date - interval '30 days'
  AND transfers.status = 'FAILED'
GROUP BY
  merchant_id,
  company_name,
  transfers.status
HAVING
  count(*) >= 3

For each user flagged, generate a Slack alert for your team to review.

High velocity transactions for new users

Query your data to flag users who signed up recently with high total transaction volumes.

View SQL Query
SELECT
  sum(amount) AS total,
  merchant_id
FROM
  transaction
  join merchant ON merchant_id = merchant.id
WHERE
  transaction.created_at > current_date - interval '30 days'
  AND merchant.created_at > current_date - interval '30 days'
GROUP BY
  merchant_id
HAVING
  sum(amount) > 200000

For each user flagged, trigger a webhook to create a ticket in your own internal system or another ticket management system like Salesforce, Zendesk, JIRA, or Asana for an analyst to review.

Missing address information

Select users who signed up recently without address information

View SQL Query
SELECT
  *
FROM
  users
WHERE
 address is NULL
 AND created_at < current_date - interval '7 days'

Then, send each user an email reminding them to fill out their address.

Failed identity verification

Flag users who failed identity verification checks. You can pull in information from third party APIs using our API (JSON) data source and write a rule on top of Query Results to join data from multiple sources.

View SQL Query
SELECT
  *
FROM
  socure_identity_verification_checks_api
WHERE
 status = 'Failed'

For each user flagged, create a ticket for an analyst to review and follow up.

Transactions in high-risk geographies

Alert on transactions conducted from high-risk geographies. If you have a pre-defined list of countries that are deemed high-risk, you can pull in this list of values by parameterizing it and populating it with a list derived from another query.

View SQL Query
SELECT
  *
FROM
  transaction
WHERE
  country in {{ list_of_banned_countries }}

Then, call an internal webhook endpoint to automatically ban the transaction in your system.

Amount outstanding exceeds account balance

Alert if a user's outstanding balance exceeds the funds that are available in their account.

View SQL Query
SELECT
  *
FROM
  users
WHERE
 account_balance < outstanding_balance

Send an account manager a Slack notification to reach out to the user to fund their account.

Device intelligence: suspicious IPs

Flag users whose IP correspond with users who have already been identified as fraudulent.

View SQL Query
SELECT
  *
FROM
  users
WHERE
  ip_address in (
    SELECT
      ip_address
    from
      users
    where
      status = 'fraud'
  )

Loan payments late

Alert on payments that are more than 30 days past due.

View SQL Query
SELECT
  *
FROM
  payments
WHERE
  due_date < current_date - interval '30 days'

Borrowers with excessive delinquent payments

Flag users who have been late on over 10 loan payments by more than 30 days.

View SQL Query
SELECT
  user_id, count(*)
FROM
  payments
WHERE
  paid_date > due_date + interval '30 days' OR paid_date is NULL
GROUP BY
 user_id
HAVING
  count(*) > 10

Structured transactions

Alert if a transaction amount is close to a regulatory threshold.

View SQL Query
SELECT
  *
FROM
  transaction
WHERE
  amount > 9000 and amount < 10000

Withdrawals to multiple bank accounts

Flag if a user has withdrawn funds to over 3 different bank accounts.

View SQL Query
SELECT
  bank_account_id, count(*)
FROM
  withdrawals
WHERE
  created_at > current_date - interval '30 days'
GROUP BY
 bank_account_id
HAVING
  count(*) > 3

Too many peer to peer transfers

Flag if a user has made peer to peer transfers to over 10 different accounts in a month.

View SQL Query
SELECT
  receiver_user_id, count(*)
FROM
  transfers
WHERE
  created_at > current_date - interval '30 days'
GROUP BY
 receiver_user_id
HAVING
  count(*) > 10

Too many transactions

Alert if a user has greater than 5 transactions in the past month.

View SQL Query
SELECT
  user_id, count(*)
FROM
  transaction
WHERE
  created_at > current_date - interval '30 days'
GROUP BY
  user_id
HAVING
  count(*) > 5

Excessive deposits

Flag users who've deposited more than $20,000 in their account in the past month.

View SQL Query
SELECT
  sum(amount) AS total,
  user_id
FROM
  deposit
WHERE
  created_at > current_date - interval '30 days'
GROUP BY
  user_id
HAVING
  sum(amount) > 20000

Excessive withdrawals

Flag users who've withdrawn more than $20,000 from their account in the past month.

View SQL Query
SELECT
  sum(amount) AS total,
  user_id
FROM
  withdrawals
WHERE
  created_at > current_date - interval '30 days'
GROUP BY
  user_id
HAVING
  sum(amount) > 20000

Excessive buy or sell orders

Flag users who've bought or sold orders in excess of $20,000 in the past month

View SQL Query
SELECT
  sum(amount) AS total,
  user_id
FROM
  orders
WHERE
  created_at > current_date - interval '30 days'
GROUP BY
  user_id
HAVING
  sum(amount) > 20000

Last updated

Was this helpful?