Antifraud Log
Access Prerequisites
- Permission (module):
viewAntifraud - License/Feature: None
- Menu container: GENERAL → Audit group
What it is / when to use
The Antifraud Log screen (/antifraud-log) lists the financial transactions analysed by the antifraud engine (PIX, Crypto, Conversions, withdrawals, internal/external transfers and admin actions). For each operation the system computes a risk score, records the triggered rules and indicates whether the operation was blocked.
Use this screen to investigate suspicious transactions, understand why an operation was blocked (which rules fired) and evaluate release/retry.
For the complete reference on the rules engine, weights, score thresholds and architecture, see Antifraud Module.
Prerequisites
- Permission: module
viewAntifraud. Permission is dual — CPM enum on the backend + dynamic module in the DB. - License/Feature: none.
- Dependencies on other screens: logs are written automatically by AntifraudService for every evaluated operation.
Step by step
- Open the menu GENERAL → Audit → Antifraud Log (built-in guide available — book icon).
- The table loads the analysed transactions (local pagination: 10/20/50 per page).
- Each row displays chips for the triggered rules, with icon and severity (critical / warning / informational / safe).
- Click View details to open the modal with all transaction fields (IP, device, wallets, documents, score, block reason).
Filters and columns
| Filter / Column | What it shows | Data source |
|---|---|---|
| Operation | Type + direction (e.g.: PIX • withdrawal) | operationType / operationDirection |
| Amount / Currency | Operation amount | amount / currency |
| Triggered rules (chips) | Each rule that fired, with icon, severity and category (amount, velocity, pattern, counterparty, identity, whitelist, admin) | triggeredRules (parser + rule catalogue) |
| Risk score | Sum of rule weights | riskScore |
| Blocked | Whether the operation was automatically blocked | wasBlocked / blockReason |
| Can retry | Whether the operation is eligible for a new attempt | canRetry / retryApprovedBy / retryReason |
| Actions | Opens the details | — |
Fields (details modal)
Displays the complete data of the evaluated transaction: userId, ip, deviceId, geoLocation, walletIdFrom/To, accountIdFrom/To, senderTaxId, receiverTaxId, recipient, riskScore, list of triggeredRules, wasBlocked, blockReason, canRetry, retryApprovedBy and retryReason.
Actions and modals
- Refresh: reloads the logs.
- View details: opens the
AntifraudLogDetailsModalwith the complete transaction. - Built-in guide (book icon): opens the contextual help (
helpGuide.antifraudLog).
Business rules / cautions
Attention
- The score is the sum of the weights of the triggered rules. Reference ranges: Low (< 40), Medium (40–99) and High (≥ 100 → automatic block). Details and weights per rule in Antifraud Module.
- Rules with negative weight (e.g.:
hasPreviouslyApprovedSimilarTransaction, weight-999) act as exceptions — they reduce the score when the transaction has already been approved before with similar parameters. - Rules in the
admincategory (e.g.:isApprovalVelocityHigh,isApprovalPairRecurrent,isBulkActionBurst) monitor the behaviour of administrators themselves (insider/collusion), not just customers. - The wallet blacklist is fed automatically from OFAC sanction lists — an operation can be blocked due to a sanctioned source/destination without manual intervention.
- Financial amounts: amounts are handled with precision (BigNumber) during evaluation — do not round when interpreting the log.