Policy Monitoring

Additional Columns at Alert and Case Discover

• MCC Column at Alert Discover - Investigators can now see the Merchant Category Code directly in the alert list view. This provides additional context when reviewing alerts, particularly when evaluating transaction counts and amounts relative to merchant category.
• Entity Name and Entity ID at Case Discover - These fields are now available as standalone columns at the case level. Previously, investigators would include the entity name in the case title as a workaround, making it difficult to search or filter cases by entity. This resolves that gap and improves investigative efficiency.

This month's releases include new API capabilities, portal usability improvements, expanded rule-building options, and a few bug fixes.

API

• New Payment Method Values Added
  Four new values have been added to the payment.method field: klarna, blik, and virtual_account,click_to_pay. These allow transactions processed via these payment methods to be correctly categorized, filtered, and used in rule creation.

Transaction Monitoring

• Network History Table Logic Updated
  The Network History table has been updated to improve the accuracy and consistency of the data displayed.
  
  
• New Rule to Flag When Sender and Receiver are the Same Entity
  New rule to flag transactions in Banking Marketplace Schema where the sender and receiver appear to be the same person, addressing potential self-processing behavior indicative of money laundering.

Portal & Usability

• Deleted and Unknown Labels No Longer Appear in Discover Filters 
  Labels that have been deleted or are otherwise unrecognized will no longer surface as options in the Events > Discover > Labels filter, reducing clutter and preventing confusion when filtering transactions.

Bug Fixes

• Resolved entity API returning unexpected not-found errors.
• Deleted and unknown labels no longer appear in Discover filters.
• Resolved a login email issue.

This month's releases include a major platform upgrade, enhancements to Policy Monitoring, new device intelligence integrations, and a series of bug fixes that improve portal usability and system reliability.

Platform

• Platform-Wide Upgrade to Node.js v20 - We have completed a full upgrade of our platform infrastructure from Node.js 14 to Node.js 20. This ensures continued security, stability, and performance across the platform, and keeps us ahead of end-of-life runtime deadlines. No action is required from clients for this update.
  
  

Policy Monitoring

• Rule Filters Now Reflect Custom Time Range Targets - Rule filters now include targets that use custom time range configurations. Previously, targets created with the newer interval or time range options were not appearing in rule filter selections.
  
  

DataHub & Integrations

• Shield Device Intelligence Integration - FraudNet has partnered with Shield as a device intelligence provider. Clients using Shield can now send Shield response data to FraudNet via API. All supported Shield fields have been added to the Device object, enabling clients to map, visualize, and write rules against this data in Transaction Monitoring.

Bug Fixes & Reliability Improvements

• Policy Monitoring alerts now move out of queues after being actioned.
• Deny list upload issue resolved. 
• Transaction Overview seller object count display issue resolved.
• Duplicate and inconsistent field naming across Events/Discover and Rule filters corrected.
• Resolved issue with device language filter.
• Batch-level failure alerting added during SFTP file sync extract phase.

For questions about any of these updates, please reach out to your account team.

This month's releases include enhancements to Policy Monitoring, Integration and API updates, and a few bug fixes that improve system reliability and data accuracy.

Policy Monitoring

• Stale Auth Rule Logic Adjusted to 25-Day Window - The stale authorization rule has been updated to evaluate within a 25-day window, improving the accuracy of stale auth detection.
  
  
• Expanded Time Range Options for Target Thresholds - Users now have two new, more flexible time-range configurations when setting target thresholds:
  • Interval – Choose from This Day, This Week, or This Month to define true daily, weekly, or monthly limits instead of relying on generic lookback periods.
  • Time Range – Define precise "from–to" windows (e.g., 1 to 30 days ago or 15 to 14 days ago). This supports both traditional rolling lookbacks and new use cases like identifying stale authorizations or detecting dormancy.
    
    

Integrations

• Enhanced TSYS Integration with New Direct Feed - Client data can now be pulled directly from TSYS, rather than clients sending a copy of the TSYS data to FraudNet. This reduces operational overhead while ensuring FraudNet receives the data straight from the source (TSYS).

API

• New transfer_date Field in the Banking Marketplace API - A new optional transfer_date field has been added to the transaction object for both transaction creation and updates. This field represents the intended future date on which a scheduled transaction is set to execute, useful for payments that are approved today but settled at a later date.
  
  

Bug Fixes & Reliability Improvements

• Resolved transaction visibility issues.
• Resolved policy alerts-to-transaction linking.
• Synced alert closure status with case closure. 

Overview

This release delivers a set of new features and user interface enhancements to Policy Monitoring’s, providing more timely alerting, new advanced targets, and UI features designed to support faster, more accurate investigative workflows.

What’s New

Post-Batch Alerting Enhancements & Rules

• Post-Batch Alert Generation
  Alerts can be generated after the completion of each batch, rather than once daily, for more timely detection of discrepancies indicative of operational or risk concerns.
  
  
• New Rule: Forced Sale
  Identify capture events with mismatched authorization codes or unlinked captures, indicating a forced sale.
  
  

Field-Level UI Enhancements

• New Field UI: String Fields Link to Event Discover
  Fields can be made into clickable links, enabling quick navigation to all related transactions in Transaction Discover.
  
  
• Batch ID Linking to Related Transactions
  The Batch ID field is now present and clickable in the Order Detail, Transaction Discover, and Alert Linked Transactions views, enabling faster navigation to all transactions processed in a given batch.
  
  
• Visual Enhancements: Value Fields Can Appear in Red Text
  Value fields, such as “Refund Sum” have the option to appear in red text, making it easier to distinguish key values for more intuitive investigations (e.g. clearly identifying refunds in red text against sales in black text).
  
  

New Advanced Policy Targets 

• BIN Usage: Introduced a “BIN Usage” target to monitor how many times the same Bank Identification Number (BIN) is used by the same merchant in a day, triggering alerts for early detection of card-testing behavior.
  
  
• Stale Authorizations: Added a daily target to flag authorizations that are 14 days old without a matching capture, to identify merchants with aging authorizations likely to expire or become forced sales.

Impact

These updates provide faster detection of high-risk merchant activity, improve the accuracy of investigative workflows, and enhance usability with more intuitive data displays and navigation. This provides both a more flexible Policy Monitoring solution to suit your organization’s unique needs, while enabling your team to identify and address potential issues with greater speed and efficiency.

This release introduces solution-specific navigation to streamline workflows and a newly upgraded reporting dashboard for faster, more intuitive analytics. These updates help your teams work more efficiently, collaborate seamlessly, and access critical insights with ease.

New Solution-Based Navigation

Overview

You can now manage rules, cases, and alerts within the specific context of the FraudNet solutions your company uses, with easy access within the left-hand navigation bar. This streamlines workflows whether it’s for one FraudNet solution used across multiple teams, or one team utilizing multiple solutions. 

What’s New

Solution-Based Navigation
Each team's available solutions now display in the left-hand navigation bar, and only the alerts, cases, and rules associated with that solution and/or team are surfaced, creating a focused and efficient user experience. 

Seamless Cross-Solution Collaboration
You can easily reassign or escalate cases to different teams or departments. All cross-solution handovers are tracked in the audit log, ensuring full transparency and accountability.

Centralized Incidents Tab
All alerts and cases can be accessed via the main incidents tab, offering administrators and other users a single, consolidated view.

Impact

This update enhances operational efficiency by allowing your teams to work within dedicated solution environments tailored to their specific workflows, while also enabling stronger cross-departmental collaboration to  ensure investigations are handled by the right people at the right time.

Upgraded Reporting Dashboard

Overview

FraudNet's reporting and analytics dashboard now runs on Kibana 9.1.2, delivering enhanced security, performance improvements, and a more intuitive user experience. This upgrade provides faster data analysis capabilities and stronger protection for fraud detection and risk management operations.

What's New

Enhanced Interface Design
Navigate through your data more efficiently with a cleaner, modernized interface. The improved dark mode enhances user comfort and visibility, while streamlined navigation helps you access critical insights faster.

Improved Performance & Efficiency
Experience faster search performance and up to 20% log storage savings, for faster analysis even for complex queries.

Advanced Analysis Capabilities
Combine data sources more easily with new query features that maintain result availability even during search timeouts.

Reliability Enhancements
Access reports from all workspace environments without display issues, while policy configurations maintain consistent reliability.

Strengthened Security Foundation
Your data remains protected with comprehensive security patches that address critical vulnerabilities, and default integrations now include enhanced safety measures.

Impact

These upgrades deliver greater operational efficiency, improved data accessibility, and a more intuitive user experience. The update to Kibana 9.1.2 was made automatically, and clients can now utilize the new enhancements with no actions required on your end.

We're excited to announce several key updates designed to enhance security, improve usability, and provide greater clarity in your risk management workflows. This release introduces OAuth 2.0 Authentication for stronger API authentication, and now allows for the direct submission of full PANs into monitoring lists.

Support for OAuth 2.0 Authentication

Overview

You can now use OAuth 2.0 to authenticate API requests, adding a new authorization framework for our clients to apply within their FraudNet implementation. 

What’s New

We have introduced OAuth 2.0 as a new, secure authentication option for the Risk Check API. This update provides a stronger, standards-based approach to integration, ensuring your data remains protected with modern, time-limited tokens instead of static credentials.

Impact

OAuth 2.0 significantly enhances security and control over API access by replacing static credentials with time-limited tokens, reducing the risk of unauthorized access and aligning with industry best practices for secure integration.

Support for Full PANs in Approve/Deny/Watch Lists

Overview

Users can now add full, Primary Account Numbers (PANs) directly into Approve, Deny, and Watch Lists. This enhancement streamlines the process of flagging known fraudulent card numbers, allowing for quicker and more direct action against suspicious activity.

What’s New

The system now accepts raw PANs submitted into the payment_id field. Upon entry, these numbers are encrypted and matched against encrypted payment IDs in transaction payloads. 

Impact

This improves operational efficiency and strengthens your ability to block fraudulent transactions by enabling users to add known fraudulent card numbers into the system. It also ensures seamless and secure data mapping with FraudNet handling the encryption and matching to Payment IDs.  

Overview

You can now leverage Merchant Activity Segmentation, powered by RFM (Recency, Frequency, Monetary) scores, within Policy Monitoring to segment merchants and create more intelligent alerting logic. This enhancement reduces noise from low-impact anomalies and policy violations, ensuring your alerts reflect both statistical significance and business relevance. Refine alert volume, reduce alert fatigue, and increase investigator efficiency with greater trust in the alerts that matter most.

What's New:

Merchant Activity Segments: Merchants are scored daily (0-9 scale) across three key dimensions to provide comprehensive merchant behavioral analysis and segment merchants into data-driven groups.  

• Recency: How recently the merchant has transacted
• Frequency: How often the merchant has transacted 
• Monetary: Total transaction volume
  
  

Segmentation Categories: Utilize eight pre-configured merchant segments (including High Exposure, High Velocity, and Operational Drainers) to better understand your portfolio's risk landscape.

Rule Enhancements & Filters: Apply Merchant Activity Segmentation to optimize rules, and refine and prioritize alerts with new filtering capabilities:

• Segmentation Filters: Scope rules to specific merchant activity segmentation categories for
  targeted monitoring
• Score Filters: Choose from your chosen merchant activity segments directly within rule parameters to define your rules

Impact:

Focus your investigative resources on high-impact alerts with additional merchant behavioral data that provides context for strategic filtering and prioritization. This update enables teams to refine alert volume, improve investigator efficiency, and strengthen confidence in your anomaly detection logic, all aligned with your operational priorities and risk tolerance.

improvement 

Overview

We have enriched the Alert Discover page within Policy Monitoring, adding additional data fields for each alert designed to help clients better understand and act on policy violations and anomalies with precision and ease. This update is part of our continued optimization of the user experience, providing key details at a glance and streamlining the investigation process. 

What’s New

Primary Entity Name
Quickly identify the specific entity connected to the alert to take proactive measures faster.

Transaction Metrics
Easily assess the severity and scope of each alert using transaction count and sum, and use these metrics to filter, sort, and report on alerts to better prioritize and streamline investigations. These transaction metrics are also available via the Alert API.

• Transaction Count: Number of transactions that triggered an alert
• Transaction Sum: Total monetary impact of those transactions

Alert Dropdown Details
See a snapshot into why an alert was triggered with these added metrics:

• Rule Threshold: The defined policy limit
• Value: The recorded value that triggered the alert
• Difference (%): The percentage deviation from the threshold to help you understand the magnitude of the violation or anomaly

Impact

This update empowers clients to act faster on violations and anomalies with critical details available at quick glance, providing important context up front to better prioritize alerts and investigations, and make informed decisions faster.

Bug Fixes in This Release
fix 

Overview

As part of standard maintenance to ensure a reliable, performant system, the following bug fixes have been made:

1. Update API now supports the following three scenarios:

• To update a value, include the field with the new value.
• To clear a value, send it as an empty string (fraud_type: "").
• To leave a field unchanged, simply omit it from the payload.

2. Custom Field now displaying properly on transaction detail page

improvement 

TSYS File Integration & Batch Processing

Overview 

We’re excited to introduce key updates to our batch processing system in order to support TSYS-standard file formats. TSYS, a leading provider of payment solutions and services globally, plays a critical role in the payments industry. With this release, FraudNet can now ingest and batch process TSYS files, streamlining operations and data flow for organizations using TSYS within their core payments infrastructure.

What’s New

The new addition of TSYS file integration and batch processing provides faster, more reliable data ingestion with real-time triggered uploads, accurate file handling, and robust error management. Our framework also incorporates TSYS Object Mapper Support, guaranteeing accurate parsing, mapping, and processing of data, regardless of variations in the TSYS schema. 

Impact

TSYS files now flow through an automated batch-processing pipeline, reducing manual intervention and the risk of errors. These new capabilities make it easier for TSYS clients to integrate their data with FraudNet, streamlining onboarding and ensuring scalable fraud detection with a reliable, timely flow of data.

New Enhancements to Entity Screening Alerts

Overview

Our Entity Screening capabilities have been expanded to significantly improve investigative workflows and risk management.

This most recent update focuses on improving the productivity and efficiency of investigations by transforming detected matches into actionable and structured alerts, and bringing greater visibility, context, and workflow structure to the screening process.

What's New

Alerts in the Screening Tab

Detected matches from sanctions lists, adverse media, or other sources are automatically converted into clearly defined alerts within the Screening tab.

Dedicated Alert Detail Page

Investigators can now access a comprehensive detail page for each alert, featuring provider-specific data points such as article text, data sources, and direct links to sanctions or media entries. 

Improved Workflows & Automations

• Clearly marked escalation paths enable users to easily withdraw false positives or escalate cases for further investigation, greatly improving decision-making and ensuring auditability,
• To support greater efficiency and focus investigations on high priority items, alerts are automatically created when a potential match to a sanctions list or adverse media is detected, such as a name appearing in negative news or on a government watchlist.

Impact

This release further simplifies reviews by adding enriched contextual data to alerts, reducing manual work and improving accuracy. Clear escalation workflows enable faster resolution and audit-friendly documentation, helping teams address risks more efficiently and confidently.