Fraud Detection Agent
An always-on risk analyst that scores transactions 0–100, explains each anomaly, and recommends allow / review / block before fraud costs you.
The Fraud Detection Agent reviews transactions and account activity, assigns each a 0–100 risk score with written reasoning, and recommends an action — allow, review, or block — against the auto-block threshold you set. It runs on demand from the dashboard or in real time via webhook, and writes an auditable risk report for every run. It recommends; whether a payment is actually blocked depends on your connected payment tooling and threshold.
What it does
Built for e-commerce, marketplaces, and fintech/payments teams, this agent acts as a consistent, tireless fraud triage layer. You feed it transaction or activity data (pasted for test runs, or sent to its webhook in production); it analyzes for anomalies — velocity patterns like rapid-fire purchases, mismatched-BIN cards, new accounts, freight-forwarder shipping addresses — and produces a risk score, reasoning, and a recommended action for each event. Its system prompt fixes its role as a fraud/risk analyst, and it is instructed to call record_output once per run with the finished risk report.
Operationally it is a short, bounded agent: it runs at most 4 turns and has access to two tools — http_request (to call a public https API or webhook, e.g. to look up an enrichment endpoint or post a verdict to your own system) and record_output (to save the deliverable). The recommendation, not enforcement, is the product: every decision is logged with reasoning so you get a clean compliance trail, and the agent surfaces a one-line summary on the dashboard feed with the full markdown report saved to the run.
How it works
Setting it up — owner / admin
- 1Deploy from the marketplaceSubscribe to the Fraud Detection Agent, then open its deployment at /dashboard/agents/[id], which exposes the agent header, a way to run it, the config panel, and execution history.
- 2Fill the config fieldsSet the two real fields: 'Transactions / activity (for test runs)' (a textarea to paste or describe sample transaction data) and 'Auto-block threshold (0-100)' (e.g. 80 — the score above which to recommend block), then save the configuration.
- 3Connect tools / sourcesThe agent itself ships with only http_request and record_output. To feed live data, point your transaction source at the deployment's webhook, and use http_request to post verdicts to an alert channel or your own system over https. No OAuth is required for the core flow.
- 4Use the realtime triggerTriggering is realtime / event-driven: send your transaction payload to the deployment's webhook to start a run with that body as input. There is no cron schedule field for this agent (its configSchema has no schedule field) — it runs on new events or on demand.
- 5Do the first runPaste sample activity into the Transactions field (the built-in default example is 3 card payments of $2,400 each within 2 minutes from a new account on different BINs, shipping to a freight-forwarder address), run it, and review the execution history. Confirm the risk score, reasoning, and recommended action look right before pointing live traffic at the webhook.
Using it day to day — your team
- 1Submit activity for reviewDay to day, transactions flow to the agent via its webhook, or an analyst pastes a batch into the Transactions field and runs it from /dashboard/agents/[id].
- 2Read the risk verdictEach run produces a risk report — e.g. 'Risk: 88/100 (BLOCK). 3 × $2,400 in 2 min, new account, mismatched BINs, freight-forwarder address.' The one-line summary appears on the dashboard feed; the full markdown report is saved for the run.
- 3Act on the recommendationUse the allow / review / block recommendation to clear, queue for manual review, or stop a payment in your payment tooling. Events above your threshold are recommended for block.
- 4Audit the trailEvery decision is logged with its reasoning and score, alongside the run's status and usage, as an auditable record for compliance and disputes.
Use cases
What to expect
- A 0–100 risk score with written reasoning for each event
- An allow / review / block recommendation tied to your threshold
- A saved markdown risk report per run, with a one-line dashboard summary
- An auditable decision trail (score and reasoning) recorded for every run
Metrics to watch
- Run success rate in execution history (failed vs success)
- Block/review/allow mix relative to your threshold — drift signals you should retune it
- False-positive rate: flagged transactions later confirmed legitimate on manual review
- Time-to-verdict per event (the agent is capped at 4 turns)
- Fraud loss prevented vs good transactions wrongly blocked