FPP Integration
Overview
Section titled “Overview”The Fraud Prevention Platform (FPP) is the Guardline Suite module responsible for transaction assessment and fraud detection. The FPP integration allows the institution's system to submit transactions for assessment, receive decisions (approve, block, or trigger an alert), and track alerts generated by the rules engine and behavioral analysis (UBA).
Assessment flow
Section titled “Assessment flow”The typical transaction assessment flow follows these steps:
- The institution's system sends the transaction data to the FPP.
- The rules engine assesses the transaction based on configured policies and behavioral analysis.
- The FPP returns a decision (approve, block, or alert) along with the score and the breakdown of the rules that scored.
- If the decision triggers an alert, the FPP automatically creates a case in the CMP for human review and notifies the institution via webhook.
Integration modes
Section titled “Integration modes”The FPP supports three integration modes, which can be combined as required by the operation:
Synchronous: the institution sends the transaction and receives the decision in the same call. The contractual SLA for this mode is 300ms at the 95th percentile (P95). This is the recommended mode for transactions that need a real-time decision before settlement.
Asynchronous: the institution sends the transaction and receives an acknowledgment. The assessment is processed in the background and the result is delivered via webhook. Suitable for scenarios where the decision does not need to be immediate.
Batch: the institution sends batches of transactions for periodic processing. Suitable for aggregated monitoring and AML/CFT analyses (Anti-Money Laundering and Counter-Terrorism Financing).
Transaction types
Section titled “Transaction types”The FPP accepts any monetary transaction (transfers, payments, withdrawals, Pix, TED, boletos) as well as customer events that may indicate risk (profile changes, device swap, change in access pattern). The institution defines which events to submit according to its risk policy.
Assessment response
Section titled “Assessment response”Each assessment returns three elements:
- Decision: approve, block, or alert.
- Score: numeric score calculated by the rules engine.
- Breakdown: detailed listing of the rules that contributed to the score, with weight and rationale for each one.
This breakdown lets the institution understand the factors that led to the decision and feed its internal review processes.
Notifications
Section titled “Notifications”The institution receives webhook notifications about the main events related to transaction assessment: assessment results, blocks, triggered alerts, and changes to restrictive lists. The configuration of which events to receive is set during integration setup.
All notifications include an HMAC signature for authenticity validation, as described in the Integration Concepts.