Risk Monitoring
Amrood monitors every transaction for suspicious patterns using both real-time rule-based scoring and periodic graph analysis.Real-Time Risk Scoring
Every transaction is scored against these signals:| Signal | Score | Trigger |
|---|---|---|
| Velocity spike | +20 | More than 10 transactions in 5 minutes |
| New counterparty | +10 | First payment to this recipient |
| Near-limit amount | +10 | Amount exceeds 90% of per-tx limit |
| Circular payment | +40 | Recipient recently paid this agent |
| Micro-transaction burst | +30 | More than 20 transactions in 5 minutes |
| Near-threshold | +15 | Amount between 90-100% of approval threshold |
Score Thresholds
| Score Range | Action |
|---|---|
| 0–29 | Pass — transaction proceeds |
| 30–59 | Flag — transaction proceeds, alert created |
| 60–79 | Hold — requires manual review |
| 80+ | Block — transaction denied |
Risk Alerts
Flagged transactions generate alerts in the admin review queue:open → reviewed / dismissed / escalated
Graph Analysis
Every 6 hours, a background worker analyzes the full transaction graph for patterns that individual-transaction scoring can’t catch:Cycle Detection
Finds circular payment paths (A → B → C → A) using depth-first search. Catches coordinated laundering across multiple agents.Hub-and-Spoke
Flags agents sending to more than 10 unique recipients in 24 hours — potential cash-out behavior.Layering Detection
Identifies agents that receive funds and immediately forward them (within 5 minutes) to another agent. Catches money layering when this happens repeatedly.Micro-Flood
Detects agents with high transaction volume (50+) but low average amount (under ₹100) — a common technique to stay below monitoring thresholds.Containment Actions
When suspicious activity is detected:- Flag — alert created, admin notified
- Quarantine — agent can receive but cannot send (prevents further dispersal)
- Freeze — all transactions blocked, owner notified
- Owner freeze — all agents under an owner frozen simultaneously