Back to Catalog
Finance Fraud Detector icon

Finance Fraud Detector

Verified

by Dryade

enterprise industry-verticals
0.0 (0 ratings) 0 downloads

Description

Transaction fraud detection with rule-based scoring, anomaly flagging, velocity checks, geographic risk analysis, and immutable audit trails

Screenshots

Details

Finance Transaction Fraud Detector

Tier: Enterprise | Type: Tool | Category: Finance | Version: 1.0.0

Enterprise transaction fraud detection with rule-based scoring, velocity analysis, geographic risk assessment, behavioral anomaly detection, and immutable audit trails for regulatory compliance and investigation support.

1. Overview

Plugin Name: Finance Transaction Fraud Detector Slug: finance-fraud-detector Required Tier: enterprise Plugin Type: tool (REST API endpoints) Category: Finance / Fraud Prevention Author: Dryade License: DSUL

What It Does

Analyzes financial transactions for fraud indicators using a multi-factor scoring engine. Combines amount thresholds, geographic risk (FATF blacklist/greylist), behavioral deviation from account baselines, transaction velocity patterns, and channel-specific rules. Every screening decision generates an immutable SHA-256 audit hash for tamper-proof compliance records.

Key Capabilities

  • Transaction risk scoring with multi-rule analysis (8 built-in rules)
  • Velocity-based fraud detection (frequency, recipients, geography)
  • Geographic risk with FATF blacklist/greylist jurisdiction checks
  • Behavioral anomaly detection against 90-day account baselines
  • Immutable audit trail with SHA-256 decision hashes
  • Batch screening for high-volume payment processing

2. User Stories

Primary User Stories

US-1: Real-Time Payment Screening

As a payment operations manager, I want to screen transactions before settlement so that I can block fraudulent transfers.

Acceptance Criteria:

  • [ ] Transaction screened with risk score 0-100
  • [ ] Decision returned: block, review, or allow
  • [ ] Audit hash generated for each decision

US-2: AML Investigation Support

As a compliance analyst, I want to retrieve screening audit trails so that I can prepare SAR evidence packages.

Acceptance Criteria:

  • [ ] Audit trail filterable by account, transaction, risk level
  • [ ] Each entry includes immutable hash for tamper detection
  • [ ] Complete indicator details for investigation

Edge Cases

  • Zero-amount transaction: Scored as clear (0 risk)
  • Unknown account (no baseline): Only rule-based scoring applied, no behavioral analysis

3. Architecture

Component Diagram

+------------------+     +------------------+     +------------------+
|   Plugin Router  | --> |  Fraud Engine    | --> |  Data Provider   |
|  /finance-fraud  |     |  routes.py       |     |  (mock / real)   |
+------------------+     +------------------+     +------------------+
        |                       |
  +-----v------+          +----v--------+
  | Audit Trail |          | Baselines  |
  | (immutable) |          | data/*.json |
  +------------+          +------------+

Components

| Component | File | Responsibility | |-----------|------|----------------| | Router | routes.py | API endpoints, request validation | | Plugin | plugin.py | Lifecycle, config, data loading | | Data | data/ | Demo transactions, rules, baselines |

Dependencies

  • Internal: core.plugins.PluginProtocol, core.plugin_config_store.PluginConfigStore
  • External: None (all rules embedded)
  • Plugin: None

4. API Spec / Agent Capabilities

REST Endpoints

| Method | Path | Description | Auth | |--------|------|-------------|------| | POST | /screen-transaction | Screen single transaction | Yes | | POST | /screen-batch | Screen multiple transactions | Yes | | POST | /check-velocity | Analyze account velocity | Yes | | POST | /audit-trail | Retrieve audit trail | Yes | | GET | /status | Health check | No |

Request/Response Examples

Screen Transaction

// Request
{
    "transaction_id": "TXN-001",
    "account_id": "ACCT-001",
    "amount": 150000.00,
    "recipient_country": "KP",
    "channel": "api"
}


// Response
{
    "success": true,
    "transaction_id": "TXN-001",
    "risk_score": 85.0,
    "risk_level": "blocked",
    "decision": "block",
    "indicators": [
        {
            "rule_id": "FRD-GEO-001",
            "risk_level": "critical",
            "category": "geographic",
            "description": "Recipient in high-risk jurisdiction: KP",
            "score_impact": 35.0
        }
    ],
    "audit_hash": "a3f8b2c1d4e5f6a7b8c9d0e1f2a3b4c5"
}

5. Data Flow

Processing Pipeline

1. Transaction arrives at screening endpoint
2. Amount threshold rules applied
3. Geographic risk check against FATF lists
4. Account baseline loaded for behavioral analysis
5. Channel and pattern rules applied
6. Risk score aggregated, decision determined
7. Audit hash generated and returned

Data Sources

| Source | Type | Format | Update Frequency | |--------|------|--------|-----------------| | Fraud rules | embedded | Python/JSON | Per release | | FATF lists | mock | JSON | Quarterly (real mode) | | Account baselines | mock | JSON | Daily (real mode) |

Demo Data Description

The data/ directory contains:

  • sample_transactions.json: 8 sample transactions with varying risk profiles
  • sample_risk_rules.json: 8 fraud detection rules with thresholds
  • sample_audit_trail.json: 5 historical screening audit entries
  • sample_account_baselines.json: 4 account behavioral baselines
  • sample_sanctioned_jurisdictions.json: FATF blacklist/greylist approximation

Total: 5 demo files covering all fraud detection domains.

6. Security Considerations

Data Handling

  • PII: Yes - Account IDs, transaction details, recipient information
  • Encryption: Plugin does not store data; relies on core encryption
  • Data Retention: No persistent storage; audit trail is response-only

External API Keys

| Key | Environment Variable | Required | Purpose | |-----|---------------------|----------|---------| | None | N/A | No | No external APIs in mock mode |

Isolation

  • Plugin runs in sandboxed context via core plugin loader
  • No direct database access -- uses core API only
  • Audit hashes are deterministic and verifiable

Threat Model

  • Rule bypass: All scoring is server-side; clients cannot modify rules
  • Audit tampering: SHA-256 hashes enable tamper detection
  • False positives: Tunable thresholds via risk_rules configuration

7. Test Plan

Test Classes

| Class | Tests | Coverage Target | |-------|-------|----------------| | TestPluginAttributes | Manifest consistency | 100% manifest fields | | TestPluginRouter | Endpoint mounting, responses | All 5 routes | | TestPluginConfig | Config schema, mock/real toggle | Config validation | | TestDemoData | Data presence, loadability | All 5 data files | | TestMarketplace | Marketplace metadata | Slug, category, fields |

Running Tests

cd dryade-plugins
python -m pytest enterprise/finance_fraud_detector/tests/ -x -v --tb=short

Coverage Target

  • Minimum: 80% line coverage
  • Critical paths: 100% (scoring engine, geographic risk, audit hashes)

8. Deployment Notes

Requirements

No additional Python packages required beyond core dependencies.

Environment Variables

| Variable | Required | Default | Description | |----------|----------|---------|-------------| | None | No | N/A | No environment variables needed |

Configuration

Default plugin configuration (set via plugin settings UI or API):

{
    "data_source": "mock"
}

Compatibility

  • Min Dryade Version: 1.0.0
  • Python: >=3.11
  • Notes: All fraud rules embedded; no external API dependencies

9. User Guide

Getting Started

  1. Ensure your Dryade instance has an enterprise tier license
  2. Install the plugin via the marketplace or dryade-pm push
  3. Navigate to Plugins > Finance Fraud Detector in the workbench
  4. Use the API endpoints to screen transactions

Common Workflows

Workflow 1: Single Transaction Screening

  1. Submit transaction to /screen-transaction
  2. Review risk score and indicators
  3. Act on decision (block/review/allow)

Workflow 2: Batch Payment Screening

  1. Submit batch to /screen-batch
  2. Review aggregate statistics
  3. Investigate flagged/blocked transactions via audit trail

FAQ

Q: How is the risk score calculated? A: Scores are additive from multiple rules (amount, geographic, behavioral, velocity, pattern). Maximum is 100. Thresholds: block >= 60, review >= 20, allow < 20.

Q: Can I customize the scoring rules? A: In real mode, rule thresholds are configurable via the plugin config API.

10. Screenshots

Screenshots will be added when UI components are available.

| # | Description | Path | |---|-------------|------| | 1 | Transaction screening results | screenshots/screening.png | | 2 | Audit trail view | screenshots/audit-trail.png |

11. Changelog

1.0.0 (2026-03-05)

  • Initial release
  • 8-rule fraud scoring engine
  • FATF blacklist/greylist geographic risk checks
  • Behavioral anomaly detection with account baselines
  • Velocity analysis (transaction count, recipients, geography)
  • Immutable SHA-256 audit trail generation
  • 5 demo data files

Future Roadmap

  • [ ] Machine learning model integration for adaptive scoring
  • [ ] Real-time FATF list updates via API
  • [ ] Network analysis for money laundering detection
  • [ ] PSD2 Strong Customer Authentication (SCA) integration
Subscribe & Install

Requires enterprise tier subscription

Plugin Info

Version 1.0.0
Author Dryade
Tier enterprise
Category industry-verticals
Type backend
Downloads 0
Updated Mar 15, 2026

Tags

enterprisefinancefrauddetector