Velocity, device fingerprinting, circular transfers, dormant abuse, mule clusters, and behavioural analytics on unified transaction feeds.
01 / 06
Unusual velocity at account, device, and network level: burst sequences, high-frequency transfers in short windows, and threshold-testing behaviour.
Burst detection
Per-minute transfer spikes vs baseline
Channel velocity
Wallet, API, and card velocity windows
Threshold testing
Repeated just-below-limit sequences
02 / 06
Device identifiers, session context, and behavioural signals to flag activity from known or suspected fraud devices.
Device graph
Shared hardware fingerprints across accounts
Session context
IP, carrier, and app attestation signals
Takeover heuristics
Credential and SIM-swap risk overlays
03 / 06
Identify funds looping between accounts without legitimate commercial purpose, returning to an origin or linked account.
Loop detection
Closed paths with no economic offset
Fan-in / fan-out
Rapid in-and-out through intermediaries
Return-to-origin
Funds cycling back to source accounts
04 / 06
Detect sudden high-value use after long dormancy when it departs materially from established history.
Dormancy delta
Sudden use after long inactivity windows
History deviation
Material departure from prior behaviour
Reactivation bursts
Coordinated wake-up across clusters
05 / 06
Uncover coordinated small inflows and rapid outflows, shared device or location signals, and graph linkages typical of mule networks.
Mule fan patterns
Many small inflows, few large outflows
Shared locations
Geo concentration across linked accounts
Graph communities
Louvain-style cluster highlighting
06 / 06
Profiles for accounts and entities with machine learning on historical activity to spot meaningful deviations.
Behaviour profiles
Per-account baselines and drift scoring
Anomaly ranking
Top-N deviations for analyst triage
Feedback loop
Labels improve model calibration over time
Authorised users can enter the secure workspace to work alerts, cases, and supervisory views connected to FINX.