risk-panel real-time portfolio-view
SCANNING
Transaction risk overview
Safe transactions 94.2%
Under review 5.7%
Blocked / Flagged 0.1%
Risk alerts live2 active alerts
Velocity breach
Card 4111150 9 txns / 4 min
9/5BLOCK
Blacklist match
MID: 40281299 BIN: 511348
120BLOCK
Unusual amount
+98300 avg 4200
71REVIEW
New account
Open issued 9d
63REVIEW
Cleared
Puma India Linking Rd
12PASS

Risk Platform Performance

Numbers That Define Effective Risk Management

Speed, accuracy, and configurability the three dimensions that determine whether a risk platform helps or hurts your acquiring business.

<50ms

Risk Scoring Latency

500+

Configurable Fraud Rules

99.6%

Fraud Detection Accuracy

0.03%

False Positive Rate

Why Risk Management Exists

Three Things Every Acquirer Must Reckon With

01

Fraud is not an event. It is a continuous attempt.

Fraudsters do not try once and stop. They probe your system small transactions to test limits, synthetic identities to bypass blacklists, velocity bursts at 3 AM when your ops team is offline. A risk system that only catches fraud after it has happened is not a risk system. It is an accounting system for losses.

02

A false positive costs you a customer. A false negative costs you everything.

Blocking a legitimate transaction damages merchant trust and destroys chargeback ratios. Approving a fraudulent one triggers chargebacks, scheme fines, and potential regulatory action. The only acceptable trade-off is a system accurate enough to minimize both simultaneously. That requires real intelligence, not a list of rules written in 2019.

03

Your risk perimeter is the size of your merchant portfolio.

You are not just managing your own transactions. Every merchant in your network is a risk surface. One compromised merchant, one rogue agent, one mis-configured terminal and your chargeback ratio climbs, your scheme standing falls, and your acquiring license becomes a liability. Risk management at the acquiring level is portfolio-wide or it is nothing.

Platform Modules

Four Defences. One System. No Gap in the Line.

Each module addresses a distinct fraud vector. Together they create a layered defence that catches what individual rules miss.

Fraud Rules Engine

Rules That Fire in Milliseconds. Built in Minutes. No Code.

The first line of defence is a rule that fires before a transaction is authorized not after.

Every acquiring platform has fraud rules. Most have too few, configured too loosely, reviewed too rarely. DigiPay.Guru's Fraud Rules Engine is different. It provides a visual rule builder where your risk team can create, test, and deploy rules without writing a single line of code — and have those rules executing on live transactions within seconds of activation.

Rules are evaluated in a configurable priority order, and the engine supports complex Boolean logic: AND, OR, NOT, and nested conditions across dozens of transaction attributes. A rule can reference any field in the transaction — card BIN, merchant category code, transaction amount, entry mode, terminal ID, time of day, country of origin, or any enriched risk attribute — and trigger any action: approve, decline, flag for review, request step-up authentication, or send an alert.

Rules are version-controlled. Every change is logged with the user who made it, the time it was activated, and the impact on transaction volumes before and after. You always know exactly why a transaction was blocked.

RULEVisual no-code rule builder risk teams configure without engineering
BOOLBoolean logic: AND, OR, NOT, nested conditions across 60+ attributes
PRIORule priority ordering first match or cumulative scoring mode
ACTIONActions: approve, decline, review, step-up 3DS, alert, hold
TESTShadow mode: test rules on live traffic before activating
AUDITFull version history every rule change logged with author and timestamp
PERFRule evaluation in under 8ms zero impact on authorization latency
FRAUD_RULE_ENGINE · RULES_LIVE · TAB-SORTED2 RULES HIT
Rule IDPASS
NameHigh-value domestic debit
ConditionAmount > ₹25,000 AND Card=Debit
ResultNo match · Approved
Rule IDBLOCK
NameCross-border high-risk MCC
ConditionCountry=IN AND MCC=7995 (gambling)
ActionDECLINE · Code 05
Authorrisk@nexusbank.com
Activated2026-06-15 14:32 IST
Rules evaluated
14
Eval time
3.2ms
Final action
DECLINE
FR-007 triggered · Transaction declined · Alert sent to risk team

Velocity Check Engine

Fraud Moves Fast. Velocity Checks Move Faster.

Most fraud patterns are detectable not from a single transaction, but from the rate at which transactions are happening.

Velocity-based fraud is one of the most common patterns in card-present acquiring. A fraudster with a stolen card tests it with a small transaction, then rapidly executes a series of larger purchases before the card is cancelled. A compromised merchant terminal processes a burst of transactions in minutes. A synthetic identity creates an account and immediately runs up transactions before the fraud is detected.

In each case, the signal is not the individual transaction — it is the rate. DigiPay.Guru's Velocity Check engine monitors transaction frequency across configurable time windows — 1 minute, 5 minutes, 1 hour, 24 hours — and across multiple dimensions simultaneously: per card, per terminal, per merchant, per BIN range, and per IP address for digital channels.

When a velocity threshold is breached, the engine triggers instantly — the configured action applies to the triggering transaction in real time, before the authorization completes. Thresholds are configurable per merchant tier, per card type, and per channel, allowing you to set tighter limits for high-risk merchant categories while keeping limits permissive for established, low-risk merchants.

MONMonitoring dimensions: per card, merchant, terminal, BIN, IP, account
WINConfigurable time windows: 1 min, 5 min, 15 min, 1 hr, 24 hr, 7-day
CNTCount-based and amount-based velocity limits for both simultaneously
TIERPer-merchant tier thresholds tighter limits for high-risk MCC categories
SLIDESliding window counters not fixed period resets that fraudsters game
BLOCKBurst detection: automatic temporary block on threshold breach
ALRTReal-time alert to risk team with full velocity history on breach
velocity.engine · card-monitor · 4111-1111BREACH
Card
4111 •••• •••• 1111MONITORED
Card Type
Visa Credit · Domestic
1-min limit
9 / limit 3BREACH +3
3 (limit)3 instances
5-min limit
11 / limit 8BREACH
8 (limit)+1 instances
1-hr Amount₹4,200 / ₹50,000
050,000
1-min velocity breached · Card temporarily blocked · Alert sent

Risk Scoring Engine

A Single Number That Carries Everything the Rules Missed.

Rules catch what you know. Risk scores catch what you dont.

No matter how well-written your fraud rules are, they operate on what you have already seen. New fraud patterns — new card testing techniques, new synthetic identity approaches, new collusion schemes — do not match existing rules because they have never been seen before. This is the gap that risk scoring fills.

DigiPay.Guru's Risk Scoring Engine assigns every transaction a risk score from 0 to 100 based on a weighted combination of signals: transaction attributes, velocity metrics, merchant behaviour patterns, historical approval and chargeback rates, card BIN risk profiles, device fingerprints for digital channels, and geo-location analysis. The score is computed in under 50 milliseconds and returned alongside the authorization decision.

Scores feed directly into your fraud rules — you can configure rules that act on risk score thresholds (e.g., 'decline any transaction with score grater than 80, review score 60–80, approve score lass than 60'). You can also use scores for operational prioritization: transactions with elevated scores surface in your risk analyst's queue automatically, ranked by urgency. Over time, the scoring model learns from your confirmed fraud cases and false positives, continuously improving accuracy on your specific portfolio.

SCORE0–100 composite risk score per transaction, computed pre-authorization
SCORE20+ weighted signals: velocity, BIN risk, geo, MCC, amount deviation, entry mode
SCOREScore thresholds configurable per merchant tier and card type
MLMachine learning model trained on your portfolio's confirmed fraud cases
FEEDScore feeds into fraud rules as a first-class condition attribute
QUEUEHiScore explainability: top contributing factors shown per transaction
EXPLNScore explanability: top contributing factors shown per transaction
risk-scoring · transaction-batch · liveSCORED
94
Card 4111-••1111
velocity fraud · amount anomaly · high-risk
BLOCK
63
Card 5412-••8821
geo mismatch · new card · merchant ID
REVIEW
12
Card 4532-••4421
Established card · known merchant · normal spend
PASS
Score latency38ms
Model versionv4.2 · updated 3 days ago
Accuracy (394)99.6%
ML model active · 38ms avg scoring · 0.03% false positive rate

Blacklist Management

Known Threats Dont Get a Second Chance. Ever.

Some risk decisions don't need a score. They need a list and an immediate response.

Blacklists are the most absolute form of risk control in an acquiring system. When a card, merchant, terminal, BIN range, or IP address is known to be associated with fraud, there is no need for probabilistic scoring — there is a need for a hard stop, every time, instantly.

DigiPay.Guru's Blacklist Management module maintains multiple independent blacklist dimensions, each operating in real time at the point of authorization. Cards can be blacklisted at the full PAN level or at the BIN range level. Merchants and terminals can be suspended individually or as a group. IP addresses and device fingerprints can be blocked for digital-channel fraud.

Blacklist entries can be created manually by your risk team, automatically by triggered fraud rules (a card that breaches velocity three times is auto-blacklisted, for example), or ingested from external fraud intelligence feeds — scheme-level blacklists from Visa and Mastercard, shared industry fraud databases, or your own historical fraud case exports. Every blacklist hit is logged with the matching entry, the blocked transaction details, and the timestamp, creating a complete record for dispute resolution and regulatory reporting.

Whitelist overrides are also supported — allowing specific merchants or cards to bypass blacklist checks where a confirmed false positive exists.

BLCard blacklists: full PAN and BIN-range level blocking
BLMerchant and terminal blacklists — individual or bulk suspension
BLIP address and device fingerprint blacklists for digital channels
AUTOAuto-blacklist on rule trigger: velocity breach, score threshold, chargeback rate
FEEDExternal feed ingestion: Visa/Mastercard scheme lists, third-party databases
WLWhitelist overrides for confirmed false positives per merchant or card
AUDITFull hit log: every blacklist match recorded with transaction and entry details
blacklist_engine · active_entries · live286 ENTRIES
Card PANBLOCKED
Entry4111 •••• •••• 1111
ReasonVelocity breach + 3 · auto-BL
Added2026-06-26 09:12 IST · auto
Expires2026-07-26 (30-day hold)
Merchant IDSUSPENDED
EntryMID: 40281199
ReasonChargeback rate 3.5% · scheme Limit
Added2026-06-20 · risk@nexusbank.com
WhitelistNone
BL Entries286 active
Hits today47 blocked
External FeedsVisa + MC synced · 4h ago
47 blocked today · 286 active entries · External feeds live

Additional Capabilities

Beyond the Four Pillars. Nothing Left Uncovered.

Six more capabilities that complete the risk perimeter — from chargeback management to compliance reporting.

Chargeback Monitoring & Thresholds

Track chargeback rates per merchant in real time. Automated alerts fire when a merchant approaches Visa's 1% or Mastercard's 1.5% scheme thresholds — giving your risk team time to act before the merchant is flagged by the scheme and you face programme fees.

Merchant Behaviour Analytics

Monitor each merchant's transaction patterns over time — average ticket size, daily volume, peak hours, card mix, and approval rate trends. Sudden deviations from a merchant's established baseline are flagged automatically as anomalies requiring investigation.

Geo-Location Risk Analysis

Cross-reference the country of card issuance against the country of the acquiring terminal. Flag impossible travel — a card used in Mumbai and Singapore within 20 minutes. Alert on high-risk country combinations based on configurable geopolitical risk matrices.

Device Fingerprinting

For digital and SoftPOS channels, capture and analyse device fingerprints — OS, browser, screen resolution, timezone, and installed fonts — to identify devices previously associated with fraud, even when the card number or identity has changed.

Regulatory & Compliance Reporting

Generate audit-ready risk reports for regulators, scheme compliance reviews, and internal audit teams. Every fraud event, rule trigger, blacklist hit, and risk score is stored in an immutable log exportable in structured formats. Nothing is ever deleted. Everything is provable.

Step-Up Authentication (3DS)

When a transaction is flagged as medium-risk — not a definitive block, but a signal — trigger 3DS step-up authentication rather than a hard decline. This reduces fraud without increasing false-positive declines, preserving merchant revenue and customer experience simultaneously.

Platform Ecosystem

Risk Is Not a Sidecar. It Runs Through Everything.

The Risk Management platform integrates with every upstream and downstream system — so decisions made here propagate instantly across the entire acquiring stack.

// UPSTREAM INTEGRATION

Acquiring Switch Platform

Risk scoring and fraud rule evaluation runs inline with the authorization flow in the Acquiring Switch every ISO 8583 transaction is scored before the host response is returned to the terminal.

Learn more
// MERCHANT CONTEXT

Merchant Management System

Risk profiles, chargeback rates, and merchant tier classifications stored in the MMS inform risk scoring models. A merchants risk grade is updated in real time as transaction patterns evolve.

Learn more
// DOWNSTREAM IMPACT

Merchant Settlement System

Confirmed fraud cases trigger automatic chargeback deductions in the Settlement System. High-risk merchants can be placed on reserve hold funds withheld from settlement until risk is cleared.

Learn more

Frequently asked questions

Both. Pre-authorization scoring and rule evaluation happens inline with the authorization flow — the risk decision is made before the 0200 message is forwarded to the card host. This means a transaction can be declined or flagged before any authorization is issued and before any funds are placed at risk. Post-authorization monitoring runs in parallel for batch-level analysis, chargeback rate tracking, and merchant behaviour analytics. The pre-authorization check completes in under 50ms — fast enough to have zero impact on authorization latency from the merchant's perspective.

Velocity windows use sliding counters, not fixed-period resets. This is important because fraudsters are well aware of fixed-window systems and time their attacks to exploit resets. A sliding 1-minute window means the counter always reflects the last 60 seconds from the current moment — not since the last clock minute began. This makes the velocity check significantly harder to game. Windows are configurable from 1 minute to 30 days, and multiple windows can be active simultaneously on the same dimension (e.g., 1-minute AND 5-minute AND 1-hour limits on the same card).

Yes. Risk rules, velocity thresholds, and risk score action bands are all configurable per merchant category code (MCC), merchant tier, card type, and transaction channel. A jewellery merchant (MCC 5944) will typically have different velocity limits and score thresholds than a grocery store (MCC 5411). High-risk MCCs — gambling (7995), money transfer (6012), adult content — can have significantly tighter rules with automatic 3DS step-up for all transactions regardless of score. These configurations are managed through the risk console without any code changes.

The scoring model is retrained on a rolling basis using confirmed fraud cases from your portfolio — transactions that were subsequently confirmed as fraud via chargeback or manual investigation, and confirmed legitimate transactions that were initially flagged. The feedback loop is closed through the risk analyst queue: when an analyst confirms a fraud case or clears a false positive, that label feeds back into the model training pipeline. Model updates are deployed in shadow mode first — running alongside the existing model and comparing outputs — before being promoted to production. Your risk team sees the performance comparison before each promotion decision.

The blacklist check runs as the very first step in the risk evaluation pipeline — before velocity checks, before fraud rules, and before risk scoring. If a card matches a blacklist entry, the transaction is declined immediately with response code 05 (Do Not Honour) and the event is logged. The terminal receives a standard decline response — no information is exposed about the reason for decline, which prevents fraudsters from knowing they have been identified. Your risk team receives an alert with the full transaction details and the matching blacklist entry. A count of blacklist hits per entry is maintained and surfaced in the risk dashboard.

Yes. The Blacklist Management module supports ingestion of external threat intelligence via API or scheduled SFTP file import. Supported feeds include Visa's Global Compromised Account Manager (GCAM), Mastercard's Safety Net lists, third-party fraud intelligence providers, and your own historical fraud case exports from previous systems. Feeds are ingested, deduplicated against existing entries, and activated automatically on a configurable schedule. You can also push blacklist entries to the system via API in real time — useful for integrating with downstream fraud investigation systems or external SIEM platforms.

One More Thing.

The Best Fraud System Is the One Fraudsters Never Notice.

They try. The system catches it. The merchant never sees the attempt. The customer never feels the friction. That is what good risk management looks like.

See the Settlement Engine Live
Section Page CTA

Read our insightful blogs!

Stay updated with the latest trends and innovations in finTech with our insightful blogs.