Block fraudulent payments at the moment of execution.
Call OneLattice synchronously from the payment path and get a decision back in under a second on every rail.
Sub-200ms decisions on every payment
Covers bank debits, wires, real-time payments, card, and P2P
Synchronous inline API, one call per payment
Your fraud ops owns policy, no code required
TYPOLOGIES
Catch the payment-layer patterns that matter.
Score every payment against the typology patterns that fire at the moment of execution. Identity, mule, and scam typologies live on the adjacent pages.
Unauthorized bank debits
Catch the unauthorised debit before settlement on return codes and pre-return signals.
Card-not-present fraud
Catch the stolen PAN online or over the phone on geolocation, IP, and session signals.
Card testing and BIN attacks
Catch BIN attacks and rapid low-value tests before any large transaction clears.
First-party and bust-out
Catch the first-party run-up on balance cycling, credit-line abuse, and return manipulation.
Wire fraud and BEC
Catch the BEC wire or real-time transfer against the sender's payment history.
Chargeback and friendly fraud
Catch repeat disputes, issuer chargeback indicators, and abusive return behaviour.
Call OneLattice synchronously from inside the payment path.
Run the payment thread through OneLattice at sub-second latency, with allow, hold, block, or step-up returned before the funds ever move.
Change policy without an engineering ticket.
Build, sandbox, and deploy rules from a visual editor, scoped to the segment that needs it, with no code and no deploy queue.
Track every change, measure every rule.
Audit every rule edit, monitor live performance, and roll back in one click when a rule stops earning its place.
DETECTION SIGNALS
Score every payment against every signal class the team can read.
Velocity patterns
Track rapid debit and credit sequences against the sender's own history.
Counterparty linkage
Check the receiver against prior fraud on the book and the consortium.
Graph relationships
Resolve the devices, phones, and account routes that link unrelated parties into rings.
Behavioral anomalies
Spot timing, typing, and navigation that breaks the user's baseline.
Amount deviation
Compare every payment to the sender's range and catch round-dollar tests and balance-zeroing payouts.
Rail-specific fields
Read return codes, ISO 20022 purpose codes, and card-network signals on every payment.
Session and device context
Carry device fingerprint, geolocation, and login recency into the payment decision.
Consortium intelligence
Read consortium flags so a receiver abused elsewhere surfaces on the first send.
MODEL APPROACH
Run every model family on every payment decision.
Train the models on your own data, govern them under your risk function, and let rules sit on top so fraud ops keeps the final say.
Supervised models
- Train on your own SARs, chargebacks, returns, and disputes.
- Refresh one model per typology pack every week.
- SHAP feature attributions on every score.
- Prove new models in shadow with a champion-challenger slot.
Unsupervised anomaly
- Catch emerging patterns before they earn a label.
- Cluster sender, counterparty, and payment shapes against baseline.
- Push novel typologies to the analyst queue for labelling.
- Monitor drift against the baseline population.
Graph and network
- Link devices, accounts, counterparties, and payment routes.
- Surface rings, bust-out clusters, and repeated payment cycles.
- Flag receivers on the first payment you send via consortium edges.
- Feed graph embeddings into the supervised score.
Governance and explainability
- Store the feature vector, model score, and rule trace on every decision.
- Model risk documentation ready for validation review.
- Drift, PSI, and performance dashboards on every model.
- Roll back any model or rule version in one click.
HOW IT WORKS
Go from payment event to decision in one pass.
Ingest every signal the decision needs.
Pull the payment with customer, counterparty, device, and session context attached.
Compute the features that catch the payment.
Run velocity, counterparty linkage, amount deviation, and rail-specific features through the engine.
Score against the typologies the program tracks.
Score every payment against the typologies the program tracks, with feature attributions on each score.
Layer policy rules on top of the model score.
Layer rail thresholds, segment carve-outs, and kill switches on top of the score.
Return the decision, route the case, and feed the next score.
Return the decision in under a second and feed the disposition back into the next score.
PLATFORM
Take the same stack across the rest of the fraud and AML work.
One platform from signup through investigation.
New Account Fraud Prevention
Block fraudulent signups before they reach the payment layer.
Learn more →Account Takeover Prevention
Catch session takeovers and credential abuse before funds move.
Learn more →Transaction Monitoring
Catch laundering on the same payment data with the same case file.
Learn more →Customer Risk Assessment
Tier every customer at intake and re-score the moment signals shift.
Learn more →Investigation & Reporting
Draft SARs and chargeback packages with the audit trail attached.
Learn more →Agents on this workflow.
OneLattice's purpose-built agents that handle this work end-to-end.
Triage Agent
Works the payment alert queue end to end and learns from every analyst disposition.
Investigator Agent
Builds the payment-fraud case before the investigator opens it and recommends the next action.
Pattern Analyst
Catches novel payment-fraud patterns hiding in your data before any rule library does.
Rule Building Assistant
Turns a plain-English rule description into production-ready logic the team can ship.
Rule Simulator
Replays any new rule against historical payments and predicts alert volume and false-positive rate.
Disputes Agent
Assembles the chargeback evidence, builds the processor-specific package, and files in one place.