Airwallex logo
Airwallex logo

Fraud detection and feedback

An understanding of Airwallex fraud detection mechanisms and how feedback improves accuracy

Copy for LLMView as Markdown

Fraud detection and feedback is a system that identifies suspicious transactions and learns from your input to improve accuracy over time. Understanding how fraud detection works and how to provide feedback is important when managing card transactions, as it helps you protect cardholders while minimizing disruptions to legitimate purchases.

Airwallex's fraud detection engine continuously analyzes transaction patterns and applies configurable rules to identify potentially fraudulent activity. When you provide feedback on transaction classifications, the system learns from your specific use cases and business patterns, resulting in more accurate fraud detection tailored to your needs.

Benefits of fraud feedback

Providing fraud feedback to Airwallex offers several advantages for your card program:

  • Improved accuracy: The fraud detection engine learns from your feedback, reducing both false positives (legitimate transactions incorrectly flagged as fraud) and false negatives (fraudulent transactions that pass through undetected).
  • Enhanced cardholder experience: By reducing false positives, you minimize disruptions caused by legitimate transactions being incorrectly declined.
  • Proactive fraud prevention: Real-time feedback allows you to report unauthorized activity immediately, preventing further losses and protecting your cardholders.

Fraud detection mechanisms

When a transaction is processed, Airwallex's fraud detection engine evaluates it against configured fraud rules. These rules analyze various risk factors including transaction amount, merchant category, geographic location, velocity patterns, and historical behavior.

If a transaction triggers a fraud rule, the system determines an appropriate action based on the rule configuration and the severity of the risk. The possible outcomes include approving the transaction with a warning, declining the transaction, freezing the card temporarily, or blocking the card permanently.

Each fraud detection decision is accompanied by a risk_details object that contains information about the specific risk factors that triggered the rule. This information is included in webhook events so you can understand why a particular action was taken.

Fraud feedback types

The Fraud Feedback API supports two feedback types that communicate different information about a transaction:

AUTHORIZED_BY_CARDHOLDER

This feedback type indicates that a transaction was legitimate and authorized by the cardholder. The primary use cases include:

  • Correcting false positives: When a legitimate transaction has been declined or received a fraud warning, reporting it as authorized helps the fraud detection engine learn that similar transactions should be allowed in the future.
  • Unblocking retry attempts: After you report a transaction as authorized, the cardholder can successfully retry the transaction within a reasonable time period with updated fraud controls.

NOT_AUTHORIZED_BY_CARDHOLDER

This feedback type indicates that a transaction was fraudulent and not authorized by the cardholder. The primary use cases include:

  • Reporting fraud: When a fraudulent transaction has been attempted or completed, reporting it as not authorized helps the fraud detection engine identify similar patterns in the future.
  • Immediate card blocking: Reporting a transaction as not authorized immediately blocks the card, preventing any further transactions and mitigating potential losses.
  • Correcting mistakes: If you marked a transaction as authorized by mistake, submit follow-up feedback with NOT_AUTHORIZED_BY_CARDHOLDER to block the card and prevent further unauthorized use.

Once a card is blocked due to NOT_AUTHORIZED_BY_CARDHOLDER feedback, only Airwallex Customer Support can unblock it. This ensures an additional layer of security for potentially compromised cards.

Transaction and card status outcomes

The outcome of fraud feedback depends on both the feedback type and the current card status. The following table illustrates how different combinations affect transaction processing and card status:

Transaction outcomeCard statusAUTHORIZED_BY_CARDHOLDERNOT_AUTHORIZED_BY_CARDHOLDER
Declined by fraud ruleACTIVE or INACTIVEUnblocks the next transaction made within a reasonable time period. Card status changes to ACTIVE.Blocks all future transactions. Card status changes to BLOCKED.
Declined by fraud ruleBLOCKEDAll future transactions remain blocked. Card status remains BLOCKED unless Customer Support is contacted.All future transactions remain blocked. Card status remains BLOCKED unless Customer Support is contacted.
Successful transactionACTIVETransactions continue to succeed. Card status remains ACTIVE.Blocks all future transactions. Card status changes to BLOCKED.

Webhook event patterns

When a fraud rule is triggered, Airwallex sends webhook events that inform you about the transaction outcome and any card status changes. The specific events depend on the action taken by the fraud detection engine.

Approved transaction after fraud rule trigger

If the transaction is approved after a fraud rule is triggered, you receive:

  • issuing.transaction.succeeded event containing a risk_details object with the risk factor that triggered the rule.

Declined transaction with active card

If the transaction is declined and the card remains active after a fraud rule is triggered, you receive:

  • issuing.transaction.failed event with failure_reason set to SUSPECTED_FRAUD, containing a risk_details object with the risk factor.

Declined transaction with frozen card

If the transaction is declined and the card is frozen after a fraud rule is triggered, you receive:

  • issuing.transaction.failed event with failure_reason set to SUSPECTED_FRAUD, containing a risk_details object with the risk factor.
  • issuing.card.inactive event to notify you of the card freeze.

In this scenario, the cardholder can unfreeze the card on their own through the appropriate interface or by contacting support.

Declined transaction with blocked card

If the transaction is declined and the card is blocked after a fraud rule is triggered, you receive:

  • issuing.transaction.failed event with failure_reason set to SUSPECTED_FRAUD, containing a risk_details object with the risk factor.
  • issuing.card.blocked event to notify you of the card block.

In this scenario, the cardholder cannot unblock the card on their own. The card can only be unblocked by Airwallex Customer Support or replaced with a new card number.

Integration workflow

A typical fraud feedback integration combines webhook events with cardholder verification and the Fraud Feedback API:

  1. Receive webhook event: Your system receives one or more webhook events indicating a fraud detection action (transaction decline, card freeze, or card block).
  2. Extract risk details: Parse the risk_details object from the webhook payload to understand what triggered the fraud rule.
  3. Notify cardholder: Use the webhook event combination to trigger notifications to the cardholder asking them to verify whether the transaction was authorized.
  4. Collect response: Provide a mechanism for the cardholder to respond indicating whether they authorized the transaction.
  5. Submit feedback: Based on the cardholder's response, use the Fraud Feedback API to send AUTHORIZED_BY_CARDHOLDER or NOT_AUTHORIZED_BY_CARDHOLDER feedback to Airwallex.
  6. Handle outcome: If the feedback indicates the transaction was authorized, the cardholder can retry the transaction. If it indicates fraud, ensure appropriate security measures are in place.

This workflow creates a feedback loop that continuously improves fraud detection accuracy while maintaining security and minimizing false positives.

See also

To implement fraud feedback in your integration or learn more about related concepts, refer to:

Was this page helpful?