Technical Overview

From transaction event to fraud decision in under 80ms.

A deep look at the ingest, signal extraction, scoring engine, and decision response that powers every Fraudhalo API call.

API Flow

Four stages. One round-trip.

Every fraud scoring request follows the same deterministic path through Fraudhalo's pipeline.

Fraudhalo API flow diagram: transaction event to fraud decision
01

Transaction Event Ingest

A single HTTP POST to /v1/score carries the transaction payload: card hash, amount, merchant ID, IP address, device identifier, and optional enrichment fields. No raw PAN required.

POST /v1/score HTTP/1.1
Authorization: Bearer <api_key>

{
 "card_hash": "sha256:3f4a...",
 "amount_cents": 12750,
 "merchant_id": "mch_8d3b",
 "ip": "203.0.113.42",
 "device_id": "dv_f9c2"
}
02

Signal Extraction

Fraudhalo extracts 40+ signals in real time across three categories: velocity patterns over 1m/5m/15m/1h windows, behavioral graph edges, and identity consistency signals.

# Extracted in real time
card_velocity_1h: 23
device_accounts_7d: 8
addr_consistency: 0.34
amount_pattern: "probe"
03

Scoring Engine

A gradient boosting ensemble model combines the signals into a fraud probability score (0–100). The model is retrained weekly on confirmed fraud labels and dispute data.

# Score pipeline
model: "gbm_v3_2025w38"
features_used: 41
latency_ms: 62

Signal Architecture

Three signal categories.

Fraudhalo's detection logic draws from three independent signal families, each targeting different fraud patterns.

Velocity Signals

  • txn_count_1m Transaction frequency 1-minute window
  • card_velocity_1h Cards probed per hour
  • amount_pattern Amount distribution anomaly
  • decline_rate_5m Decline spike patterns

Behavioral Graph Signals

  • device_accounts_7d Accounts linked per device
  • device_graph_edges Device-account graph density
  • session_entropy Session behavior entropy
  • ip_account_overlap IP address account sharing

Identity Signals

  • addr_consistency Address consistency score
  • name_ssn_match Name-SSN correlation signal
  • phone_linkage Phone number identity graph
  • thin_file_indicator Thin credit file flag

Model Learning

How the model stays current.

Fraud patterns evolve weekly. Fraudhalo uses a champion-challenger retraining framework to keep detection accuracy high without disrupting production decisions.

Weekly
Retraining cadence on confirmed fraud labels and dispute data
Shadow
Challenger model runs in shadow mode before production promotion
1-2wk
Lag for novel attack patterns before detection accuracy improves

Latency Benchmarks

Sub-100ms end-to-end.

Measured end-to-end from API receipt to response, in our us-east-1 region under representative production load conditions.

Percentile Latency (ms) Notes
p50 (median) 62ms Typical well-formed request with full feature set
p75 71ms Slightly elevated graph query complexity
p95 88ms High-complexity identity graph lookups
p99 102ms Worst-case new merchant fingerprinting
SLA target 150ms Hard SLA at p99 for Growth tier and above

Network round-trip time from your infrastructure not included. Co-location in us-east-1 or us-west-2 recommended for latency-sensitive integrations.

Ready to integrate?

API documentation is available to pilot customers. Request a pilot to get your API credentials and full endpoint reference.

Request a Pilot