Real-time Rules

Unit21 offers a real-time transaction monitoring solution to automatically approve, decline, or hold transactions in the payment authorization loop.

Agents can leverage this solution via an intuitive dropdown builder that allows them to create, activate, and modify real-time rules without any engineering intervention. All rule evaluations are automatically logged at the transaction level, and rules can also be configured to generate alerts within seconds of rule evaluation.

Real-time rules can be found on the Detection Models page and can be viewed, duplicated, and archived in the same way as Scenario Models and Dynamic Models. However, real-time rules only run on transactions sent to a specific Unit21 endpoint; for more information, please take a look at our API Reference guide on Real-time Rules.

Supported Rules

Transaction Property Rules

Agents can configure whether properties on a transaction match certain conditions. Examples include:

• If a transaction is over $100K
• If the sender entity and receiver entity on a transaction are the same
• If a transaction has a status of failed and is being sent by an entity with a high risk score

Matchlist Rules

Agents can use dynamically modifiable matchlists in rules. Examples include:

• If a transaction originated from a known bad IP address
• If the sender entity on a transaction is from a high-risk country

Historical Deviation Rules

Agents can configure whether transactions deviate from historical behavior, either by a certain percentage or absolutely. Examples include:

• If a transaction is greater than the average transaction amount over the last week
• If a transaction is greater than 200% of the average transaction amount over the last month

Running Real-time Rules

To run real-time rules on transactions, transactions must be sent to a specific Unit21 endpoint, as per the API Reference guide on Real-time Rules.

Rule evaluations will result in PASS, FAIL or ERROR API responses and will be automatically logged at the transaction level. For ERROR API responses associated with missing data, a short explanation of what caused the error will also be provided.

Rule evaluations resulting in a FAIL response can be configured to generate real-time alerts during rule creation or after activation from the Rule Details page.

Performance of Real-time Rules

Real-time rules have a p99 response time of under 250 ms. Real-time alerts are generated within seconds of rule evaluation.

Limitations of Real-time Rules

Each customer is limited to 20 real-time rules by default.

There is an average ingestion delay of 40 minutes that affects the calculation of averages and the ability to reference non-transaction level information. Consequently, we suggest that any information that cannot be ingested in advance be sent in as custom data on the transaction so that it can be evaluated in real-time.