Fraud Protection
Rule-based and ML-scored fraud filtering. Block, review, or allow transactions based on your configured risk thresholds.
moat's fraud protection is a layered system: deterministic rules (velocity limits, country blocks, blacklists), an ML-scored risk assessment on every transaction, and optional 3D Secure step-up for borderline cases.
How it runs
On every authorization, moat:
- Evaluates your configured rules. A hard
blockoutcome declines the transaction before it reaches the card network. - Computes a risk score (0–100). The threshold for
reviewandblockis configurable per account. - Optionally triggers 3D Secure if the score or rules require step-up.
- If the transaction is authorized, the risk score and any rule matches are attached to the transaction record and returned in the response.
Configure rules
Rules are managed in the Control Panel under Fraud → Rules. Each rule has:
- Condition — field, operator, value. Example:
billing_country != shipping_country. - Action —
allow,review,require_3ds, orblock. - Priority — rules are evaluated in order. The first matching rule's action applies.
Common rule recipes
| Goal | Condition | Action |
|---|---|---|
| Block high-risk countries | billing_country in (list) | block |
| Flag mismatched shipping | shipping_country != billing_country | review |
| Limit new-card velocity | Same BIN + amount > 5 in last hour | block |
| Require 3DS on high-value | amount >= 50000 | require_3ds |
| Blacklist email | email in (blacklist) | block |
| Blacklist IP | ip_address in (CIDR list) | block |
Risk score
Every authorized transaction returns a fraud_score in the response (0–100). The score reflects patterns observed across moat's network — BIN risk, IP reputation, device signals, historical behavior.
{
"status": "success",
"data": {
"id": "txn_01H9XK...",
"status": "approved",
"fraud_score": 18,
"fraud_rules_matched": []
}
}Score bands
Default thresholds (configurable):
| Band | Score | Default action |
|---|---|---|
| Low risk | 0–39 | Approve silently. |
| Medium | 40–69 | Approve with flag for manual review. |
| High | 70–100 | Block. |
Manual review queue
Transactions with status: "review" are held — the customer's card is authorized but not captured. Review queue in the Control Panel lets you approve (capture) or decline (void) each one. Reviews not resolved within the authorization's hold period (typically 7 days) are voided automatically.
Webhooks
transaction.review— Transaction flagged for manual review.transaction.blocked— Transaction was blocked by a fraud rule.fraud.high_score— Score exceeded the configured high-score threshold (optional).
Disabling fraud checks for testing
In sandbox, fraud checks run against a test ruleset but do not model a real risk environment. Test card 4111111111111111 always scores low; 4000000000000259 always scores high. See Test Data.