Evaluates a backend transaction for risk using Fraud Prevention's detection and rule engine
This step is used to submit a transaction event for real-time risk evaluation as part of a journey flow. It enables you to assess instant payments, wallet transfers, and other financial operations against behavioral profiles, velocity patterns, and custom rule-based policies—without requiring client-side SDK telemetry.
When the step executes, it sends the transaction data to Fraud Prevention's risk engine and rule engine, and branches the journey based on the returned recommendation: Allow, Challenge, or Deny. The result, including the recommendation type, risk score, triggered rules, and reason codes, is stored in an output variable for use in subsequent journey steps.
This step is part of Mosaic's Transaction Monitoring capability. For an overview of how transaction evaluation works, including detection dimensions and the rule engine, see the transaction monitoring guide.
Fraud Prevention's risk engine evaluates every transaction out of the box—no custom rules are required. If you need additional control, you can define rules that override or adjust the detection outcome based on specific conditions (e.g., amount thresholds, payee risk category). Rules are applied automatically after detection and before the recommendation is returned.
| Field | Description |
|---|---|
| Transaction Type | Type of transaction being evaluated. Possible values: purchase, bill_payment, mobile_recharge, money_transfer, credit_transfer, credit_redemption, top_up, withdrawal, investment, loan, refund, Other. |
| Transaction Method | Method used for the transaction. Possible values: bank_account, wire, card, p2p, wallet. |
| Amount | Expression that yields the monetary amount of the transaction. |
| Currency | Expression that yields the transaction currency in ISO-4217 format (e.g., USD, EUR). |
| Channel ID | Expression that yields the identifier for the channel used (e.g., MOBILE_APP, WEB_PORTAL). |
| Transaction Date | Expression that yields the transaction timestamp as a Unix epoch value (milliseconds or seconds). |
This step can be configured to record step input and output data, or a custom payload, which is then surfaced in journey events in Journey Analytics for diagnostic purposes. For details, see Additional data reporting.
| Field | Description |
|---|---|
| Payer Account ID | Expression that yields the unique identifier for the payer account. |
| Payer Name | Expression that yields the name of the payer. |
| Payer Account Country | Expression that yields the country code of the payer account (ISO-3166-1 alpha-2). |
| Payer Bank Identifier | Expression that yields the bank identifier of the payer. |
| Payer Branch Identifier | Expression that yields the branch identifier of the payer. |
| Payer Account Number | Expression that yields the account number of the payer. |
| Payer Customer Tier | Expression that yields the customer tier of the payer (e.g., premium). |
| Field | Description |
|---|---|
| Card Holder Name | Expression that yields the name of the card holder. |
| Card BIN | Expression that yields the Bank Identification Number (first 6 digits of the card). |
| Card Last 4 | Expression that yields the last 4 digits of the credit card number. |
| Field | Description |
|---|---|
| Billing Name | Expression that yields the name on the billing address. |
| Billing Address Line 1 | Expression that yields the first line of the billing address. |
| Billing Address Line 2 | Expression that yields the second line of the billing address. |
| Billing City | Expression that yields the city of the billing address. |
| Billing State | Expression that yields the state or province of the billing address. |
| Billing ZIP / Postal Code | Expression that yields the ZIP or postal code of the billing address. |
| Billing Country | Expression that yields the country of the billing address (ISO-3166-1 alpha-2). |
| Billing Email | Expression that yields the email address associated with billing. |
| Billing Phone | Expression that yields the phone number associated with billing. |
| Field | Description |
|---|---|
| Payee Account ID | Expression that yields the unique identifier for the payee account. |
| Payee Name | Expression that yields the name of the payee. |
| Payee Account Country | Expression that yields the country code of the payee account (ISO-3166-1 alpha-2). |
| Payee Bank Identifier | Expression that yields the bank identifier of the payee. |
| Payee Branch Identifier | Expression that yields the branch identifier of the payee. |
| Payee Account Number | Expression that yields the account number of the payee. |
| Field | Description |
|---|---|
| Card Holder Name | Expression that yields the name of the payee card holder. |
| Card BIN | Expression that yields the Bank Identification Number (first 6 digits of the payee card). |
| Card Last 4 | Expression that yields the last 4 digits of the payee credit card number. |
| Field | Description |
|---|---|
| Products | Expression that yields an array of products in the purchase. Each item should include id, name, amount, and price. |
| Total Items | Expression that yields the total number of items in the purchase. |
| Field | Description |
|---|---|
| AVS Code | Expression that yields the AVS response code. |
| AVS Match Level | Level of AVS match. Possible values: none, postal, street, full, unknown. |
| Field | Description |
|---|---|
| Correlation ID | Expression that yields an ID to relate the action with external context or session. |
| Custom Attributes | Expression that yields a key-value object with custom attributes to add context to the transaction evaluation. |
| Output Variable | Name of the variable used to store the result data from the completed step, which can be used in subsequent journey steps. The result includes the recommendation type, risk score, triggered rules, and reason codes. |
| Error Behavior | Determines the behavior in case an unexpected error occurs during the process. You can choose to either abort the journey (default) or handle errors using a dedicated error branch. |
Consider a banking app where an authenticated user initiates a money transfer. Before executing the payment, the journey evaluates whether the transaction is legitimate or potentially fraudulent.
The journey (with an already authenticated user) collects the transfer details—recipient, amount, and currency—using a Collect information step and stored in a transferData variable.
The Evaluate Transaction step is then configured with:
- Transaction Type (
money_transfer) - Transaction Method (
bank_account) - Amount (
transferData.amount) - Currency (
transferData.currency) - Payer Account ID (
transferData.payer_id) - Payer Account Country (
transferData.payer_country) - Payee Account ID (
transferData.payee_account) - Payee Name (
transferData.payee_name) - Payee Account Country (
transferData.payee_country)
The transaction details (type, method, amount) establish the context and allow the risk engine to compare the amount against the payer's rolling average. The payer fields identify the account profile, so the engine can retrieve behavioral patterns such as typical amounts, transfer frequency, and known destinations. The payee fields determine whether the recipient is a first-time or known counterparty and flag new or high-risk jurisdictions by comparing countries.
The evaluation runs server-side in real time, without additional client interaction, and returns a recommendation that drives the next step in the journey:
- Trust/Allow: The transfer matches the payer’s typical behavior, such as a $200 transfer to a known payee in the same country. The journey proceeds with the payment.
- Challenge: The transaction is unusual but not clearly malicious, such as a higher-than-usual amount or a first-time payee. The journey routes to an additional verification step, such as SMS OTP Authentication.
- Deny: The transaction shows multiple high-risk signals, such as a large amount to a brand-new payee in a high-risk jurisdiction combined with a velocity spike. The journey moves to Reject Access and blocks the transfer.
The result is stored in the output variable (default: evaluate_transaction_result) and can be used in later steps. For example, you can branch on evaluate_transaction_result.recommendation with a Condition step, or inspect evaluate_transaction_result.risk_score to trigger additional actions such as manual review.