Airwallex logo
Airwallex logoAirwallex logo

Fraud prevention

Real-time fraud detection and prevention integrated with Airwallex payments

Copy for LLMView as Markdown

The Airwallex fraud engine protects your payments by detecting and blocking fraudulent transactions in real time, before they complete. It combines AI-powered risk models, real-time rules, and deep integration with the payment stack to stop fraud while minimizing false declines that can harm legitimate customers and revenue.

The fraud engine operates as part of a larger integrated risk and optimization system that spans the entire payment lifecycle, from checkout to dispute resolution.

Fraud prevention architecture

The Airwallex fraud engine sits at the center of an integrated risk management stack that includes multiple components working together:

  • Payment Fraud Engine: Screens and scores every transaction in real time, returning allow, challenge, or block decisions during payment processing.
  • Optimize 360: Payment conversion optimization that works with fraud decisions to choose the best payment path, decide when to retry, and determine when to apply additional security checks.
  • Airwallex Sentinel: Real-time fraud attack detection that identifies coordinated attacks and abnormal patterns, then automatically deploys targeted response strategies.
  • AI Dispute Automation: Chargeback defense that recommends whether to accept or challenge disputes, generates evidence packages, and automates submissions.

Because Airwallex has the ability to control the end-to-end payment optimization lifecycle, these components share data and decisions:

  • Fraud scores and decisions feed directly into routing and authentication strategies.
  • Attack detection informs real-time rules and risk models.
  • Payment outcomes and dispute results loop back to continuously improve fraud detection accuracy.

This architecture treats fraud prevention, payment optimization, and dispute resolution as interconnected problems rather than separate systems.

How fraud detection works

When a customer initiates a payment, the fraud engine evaluates the transaction through a multi-stage decisioning pipeline that runs in real time without slowing down checkout.

Profile and model selection

Each transaction is mapped to one or more risk profiles based on business type and payment context. This allows the engine to apply specialized models tuned for specific scenarios:

  • Digital goods and services
  • Online travel bookings
  • Subscription and recurring payments
  • Online-to-offline transactions
  • High-risk industry categories
  • Large merchant-specific profiles

Profile selection ensures decisions are contextually appropriate rather than treating all payments identically.

Feature computation and risk scoring

The engine computes thousands of features per transaction by analyzing:

  • Customer profile and payment method characteristics: Identity verification signals, payment history, name and address validation, consistency checks, and gibberish detection
  • Transaction behavioral signals: Velocity analysis across multiple time windows, impossible travel detection, and abnormal sequence identification using deep learning models
  • Device and biometric behavioral signals: Emulator and virtual machine detection, device consistency checks, cookie manipulation analysis, mouse movements, typing speed, and cut-copy-paste behaviors
  • Phone, email, and IP data: IP geolocation, VPN/proxy detection, email validation, location inconsistencies, IP reputation, prepaid SIM or VOIP usage patterns
  • Issuer preferences and performance: Issuer-specific approval patterns, authentication preferences, and bank-level response characteristics
  • Graph network and cluster analysis: High-risk community detection, fraud and dispute density within connected entities, cluster velocity patterns, and abnormal network composition
  • Real-time velocity metrics: Transaction frequency, amount patterns, and sudden spikes in activity across customers, devices, and payment methods

These features are combined and scored, then fed into the active fraud model, which generates a real-time risk decision optimized for each payment context.

Layered rule evaluation

Risk scores and computed features then flow through a sophisticated, multi-layered rule engine that continuously evolves to address emerging fraud patterns while balancing fraud prevention, payment success, and card network compliance:

Rule layerPurpose
Adaptive fraud typology rulesA continuously evolving bank of highly optimized rules targeting known and emerging fraud patterns across markets and industries, including card testing, bot detection and prevention (e.g., CSRF protection), account takeover, and coordinated attacks.
Segment-specific rulesApply vertical and flow-specific logic tuned for different business models and payment contexts, such as online travel bookings, digital goods, subsequent subscription or recurring payments, and online-to-offline journeys.
Scheme compliance rulesMaintain fraud and dispute ratios within Visa and Mastercard program thresholds across card ranges and merchants to protect scheme standing and avoid monitoring programs.
Merchant-specific rules and strategiesHandle targeted attacks, accommodate bespoke risk appetite, and implement tailored strategies through custom rules and watchlists for individual merchant needs.

The engine evaluates all relevant rules in real time and returns the most optimal decision for each payment, balancing fraud prevention with customer experience and business objectives.

End-to-end payment optimization

The fraud decision doesn't exist in isolation—it's integrated with Optimize 360 to orchestrate the complete payment journey and maximize both protection and performance:

  • Smart authentication: Determines whether to apply additional security checks (3D Secure challenge, one-time passcode, frictionless authentication) or keep the flow completely frictionless, applying security only when risk justifies it to minimize customer friction.
  • Intelligent routing: Selects the optimal acquiring path and payment processor to maximize approval probability based on issuer behavior, transaction characteristics, and fraud signals.
  • Adaptive retry logic: Decides when and how to retry failed payments, using fraud insights to avoid retrying high-risk transactions while recovering revenue from legitimate failures.

This integrated approach treats fraud prevention as a first-class optimization objective alongside conversion rate and processing cost, ensuring every payment decision balances security, customer experience, and business outcomes.

Risk signals and data foundation

The fraud engine relies on a comprehensive risk data layer that consolidates signals from multiple sources:

  • Core payment data: Card details, transaction amount, currency, merchant category.
  • Device, session, and behavioral biometric data: Unique device identifiers, session characteristics, and behavioral patterns including mouse movements, typing speed, and interaction patterns.
  • Phone, email, and IP characteristic data: Phone number validation, email verification, IP geolocation, VPN/proxy detection, and location consistency checks.
  • Behavioral signals: On-site behavior, customer profile, and historical patterns.
  • Issuer preferences and issuer-level performance data: Issuer-specific approval patterns, authentication preferences, and historical performance metrics.
  • Cluster and graph data: High-risk community detection, fraud density analysis, and relationship patterns across connected entities.
  • Card-network data: Card BIN information, issuer characteristics, and card network patterns.

High-quality data directly improves model accuracy, reduces false declines, and helps maintain compliance with card network fraud monitoring programs.

Merchant controls and transparency

The fraud engine provides controls and visibility to help you understand decisions and adjust strategy when needed.

Risk analytics

The Risk Analytics page in the Airwallex web app shows how fraud prevention affects your business performance:

  • Fraud and dispute rates over time.
  • Block and verification rates.
  • Payment success rate trends.
  • Benchmarking against similar businesses.
  • Scheme metric monitoring for Visa and Mastercard program compliance.

These analytics help you identify fraud patterns and evaluate whether the fraud engine's risk appetite aligns with your business goals.

Risk watchlists

Risk watchlists allow you to configure custom allow, challenge, or block decisions based on specific attributes:

  • Email address
  • Card fingerprint
  • IP address
  • Device ID

You can activate, deactivate, or delete watchlist items to manage risk exposure. Watchlist actions include:

ActionBehaviorConsiderations
AllowOverrides block or verify decisions from the fraud engine.Only available after establishing a history of good fraud performance. May impact fraud rates and scheme compliance.
Request 3DSEnforces additional authentication, shifting liability to the cardholder's issuing bank.Can reduce fraud but may decrease conversion if overused.
BlockEnsures transactions are never processed.Overuse may decrease overall payment success rates and revenue.

Watchlist configurations are governed to prevent undermining overall risk appetite or violating scheme obligations. Items on Allow or Request 3DS watchlists may still be declined to maintain compliance with regulatory and card network requirements.

Decision reason codes

Each fraud decision includes structured reason codes that explain why a transaction was allowed, challenged, or blocked. The two-level reason code system translates complex internal logic into merchant-friendly explanations, making it easier to:

  • Understand customer-facing declines.
  • Respond to customer questions.
  • Fine-tune risk strategy over time.

See also

  • Manage disputes
  • Manage refunds
  • Payment error codes
Was this page helpful?