Platform Overview

The full platform, module by module

Ten integrated modules cover the full fraud intelligence lifecycle — from first transaction signal to regulatory reporting, autonomous AI investigation, and natural language alert analysis.

Transaction MonitoringRule EngineEntity Intelligence RegistryAlert Triage & Case ManagementSIEM IntegrationAudit Trail and ForensicsRegulatory ReportingAI Risk Scoring EngineAutonomous Investigation AgentsAlert Analysis Copilot

Transaction Monitoring

Real-time visibility across every transaction channel

Every debit, credit, transfer, and reversal passes through Caspix monitoring controls before or as it posts. Configurable thresholds, velocity limits, and behavioral baselines surface suspicious activity immediately.

REST API ingestBatch CSV/JSONWebhook alert pushSplunk/Wazuh log output

Capabilities

  • Real-time transaction ingestion via REST API or batch file upload
  • Per-account and per-product velocity controls (daily, weekly, rolling windows)
  • Threshold alerts with configurable severity tiers (Low, Medium, High, Critical)
  • Cross-channel correlation for mobile, agent, and teller activity
  • Time-of-day and geographic anomaly detection
  • Historical baseline comparison per account profile
  • Alert suppression rules to reduce expected operational noise

Rule Engine

Detection logic you control without waiting for a dev sprint

Fraud analysts can write, test, activate, and retire detection rules directly in the interface. Rules are versioned, attributed, and reversible.

YAML rule definitionREST management APISimulation sandboxAudit log per change

Capabilities

  • Visual rule builder with condition chains (AND, OR, NOT)
  • Support for amount, frequency, channel, account type, geography, and time conditions
  • Rule simulation against historical transaction data before activation
  • Version history and rollback for every rule
  • Rule attribution to named analysts
  • Shadow mode for safe rule testing before production activation
  • Rule performance metrics (hit rate, true positive, false positive)

Entity Intelligence Registry

Known fraudsters blocked before they transact — across 11 entity types

A persistent registry of confirmed fraudulent entities checked against every incoming transaction in real time. Accounts, devices, SIMs, identity documents, and more — the moment a match is found, the transaction is flagged or blocked before any rule fires. Cross-institution attribution means one bank's confirmed fraud protects every other institution on the platform.

11 entity typesBulk CSV/Excel importCross-institution attributionRole-gated management

Capabilities

  • 11 entity types: account, phone number, national ID, passport, device ID, device fingerprint, IMSI, ATM ID, terminal ID, merchant ID, email
  • Real-time lookup integrated into every transaction score pass — no rule configuration required
  • Per-entry risk score (1–100), fraud type classification, and source case ID linkage
  • Cross-institution intelligence: entries carry source institution attribution for shared threat awareness
  • Bulk import via CSV or Excel — onboard historical fraud data on deployment day
  • Analyst-controlled additions with role-gated removals and full audit trail
  • Duplicate prevention with soft-delete for inactive entries — full history preserved

Alert Triage & Case Management

From flagged alert to closed case in a structured, auditable workflow

Flagged alerts enter a priority triage queue. Analysts claim cases, log actions, escalate, or close with full attribution, timelines, and audit trail.

REST case APIFile attachment supportPDF report exportRole-based case access

Capabilities

  • Alert triage queue with priority ranking
  • Case assignment to analyst or team queues
  • Audit log across account history, transactions, and analyst actions
  • Structured note-taking with mandatory closure fields
  • Escalation workflow to senior analyst or fraud risk manager
  • Case linking across accounts, transactions, and actors
  • SLA tracking with breach notifications
  • Case export as a formal PDF case report

SIEM Integration

Structured logs for your existing SOC and monitoring stack

Caspix emits structured JSON events for transaction, alert, case, rule, auth, and admin actions, ready for SIEM ingestion.

Splunk HECWazuh/Elastic FilebeatQRadar SyslogCEF-aligned schema

Capabilities

  • JSON event schema with consistent field mapping
  • Event categories for transaction, alert, case, rule, auth, and admin
  • Severity classification aligned to CEF concepts
  • Syslog forwarding for on-prem SIEM collectors
  • HTTP event collector output for Splunk
  • Filebeat-compatible output for Wazuh/Elastic
  • Configurable retention and rotation
  • Synthetic test event generation for onboarding validation

Audit Trail and Forensics

Tamper-aware records for every user and system action

The audit layer captures authenticated activity with integrity markers for forensic review and supervisory examination.

Hash-chained logsTamper detection alertsCSV/JSON exportConfigurable retention

Capabilities

  • Append-only audit records with strict mutation controls
  • Coverage for logins, access failures, role changes, case actions, and rule edits
  • Analyst attribution for notes, dispositions, and escalations
  • Integrity hash chain checks for tamper detection
  • Filterable search by user, entity, date, and action
  • Export subsets for regulator or legal workflows
  • Retention policy enforcement with secure archive

Regulatory Reporting

Submission-ready outputs for management and regulators

Case outcomes can generate structured reports covering timeline, evidence, conclusion, and action recommendations.

PDF generationCSV exportScheduled deliveryFIU-aligned templates

Capabilities

  • Case investigation report (PDF) from case data
  • Suspicious Transaction Report templates aligned to FIU patterns
  • Aggregate fraud statistics dashboards
  • Alert-to-case conversion and false positive metrics
  • Time-to-detect and time-to-close reporting
  • Loss quantification by channel and fraud type
  • Scheduled report delivery by email or shared folders

AI Risk Scoring Engine

Multi-layer intelligence that scores every transaction in milliseconds

Every transaction passes through a concurrent multi-layer scoring pipeline: behavioral rule signals, trained ML classifiers, behavioral anomaly detection, and fraud network graph analysis — all evaluated in parallel. The result is a composite 0–100 risk score with automated ALLOW, REVIEW, or BLOCK decisions, full signal attribution, and a SHAP-style explanation for every outcome.

Parallel multi-module scoringTrained ML classifierNetwork graph analysisSHAP attribution

Capabilities

  • Composite risk score (0–100) from concurrent parallel evaluation of behavioral, ML, and graph intelligence
  • Automated decision tiers: ALLOW, ALLOW+LOG, REVIEW, and BLOCK — in milliseconds with full attribution
  • Trained ML fraud classifier contributing to composite score — retrainable as labeled data accumulates
  • Per-account behavioral anomaly detection with baselines updating continuously after every transaction
  • Fraud network graph analysis: fraud rings, mule patterns, insider-account linkages, multi-hop fund tracing
  • Behavioral biometric scoring: passive session interaction analysis for continuous identity assurance
  • SHAP-style feature attribution identifying dominant contributors to every score outcome
  • Model drift monitoring and shadow scoring running continuously — alert before detection quality degrades

Autonomous Investigation Agents

Six specialist AI agents that accelerate fraud investigation workflows

A layer of autonomous AI agents handles specific investigation and operational tasks on demand — from assembling case briefs to drafting regulatory reports. Each agent pulls live data from across the platform and returns structured, analyst-ready outputs.

On-demand executionLive data groundingCBK/FRC-aligned outputsRole-gated access

Capabilities

  • Fraud Investigation Agent: assembles full investigation briefs for any alert in seconds, not hours
  • Rule Optimization Agent: analyzes false positive/negative patterns and surfaces tuning recommendations
  • Insider Threat Agent: detects staff-to-account collusion through behavioral and network relationship analysis
  • Regulatory Reporting Agent: drafts CBK/FRC-aligned Suspicious Activity Reports from case evidence
  • Executive Intelligence Agent: daily fraud posture summaries with trend analysis — auto-refreshed
  • Alert Triage Agent: auto-prioritizes and routes alerts by risk score, history, and analyst capacity

Alert Analysis Copilot

Natural language queries across your entire fraud intelligence platform

The Alert Analysis Copilot is a natural language investigation interface built for fraud analysts. Instead of building queries or navigating dashboards, analysts describe what they need and the Copilot assembles an investigation-grade response from live platform data — transactions, alerts, cases, account history, and network relationships.

Natural language interfaceLive data groundingSSE streaming responsesRole-based access

Capabilities

  • Plain English interface — no SQL or technical skills required for frontline analysts
  • Live data retrieval from transactions, alerts, cases, account history, and network relationships
  • Streamed responses for long investigations — grounded in current platform data, not static reports
  • East African fraud context built in: SIM swap, mobile money fraud, agent banking, insider collusion
  • Every response cites specific data points — account IDs, amounts, dates, signal attributions
  • Suggested queries driven by current active alerts — always relevant to what is happening now

Deployment flexibility

Caspix can run on-premises, in private cloud, or as managed hosted infrastructure. Containerized deployment supports restricted-network environments.

On-PremisesPrivate CloudManaged HostedAir-Gapped CompatibleDocker/Kubernetes

Want to test it against your fraud scenarios?

We run structured walkthroughs aligned to your institution type, current controls, and high-risk transaction paths.

Request a WalkthroughSolutions by Institution