One Engine. Every Fraud Type. Your Infrastructure.

Real-time decisioning, ML scoring, and case management — deployed where your data lives. Built specifically for Southeast Asian banks and fintechs.

Talk to Us Try the Live Demo

Pilot-stage · early access — manual approval within 1 business day

110

Pre-configured Rules

Across banking & e-commerce

47

Device Signals

Multi-vendor intelligence

7

Pipeline Stages

Real-time evaluation

3

ML Models

Champion-challenger scoring

How It Works

Three steps from integration to protection. No months-long implementations.

1

Connect

Integrate via REST API or batch with your core banking system.

2

Configure

Choose from pre-built templates or create custom rules via the rules editor.

3

Protect

Real-time scoring, alerts, and case management from day one.

Rule Engine

110 pre-configured fraud detection rules across banking and e-commerce scenarios, plus a no-code rule builder that lets fraud teams create custom logic without engineering dependencies.

  • Pre-configured fraud detection templates across 10 categories: wire, ACH, check, card, ATO, identity, money flow, cross-cut, device intelligence, and behavioral biometrics
  • No-code visual rule builder for fraud analysts
  • A/B testing for rule performance optimization
  • Backtesting against historical transaction data
  • Shadow mode for safe rollout of new rules
  • Complete audit trail for every rule change

IF

amount > 10,000 SGD

AND

country != account_country

AND

velocity_1h > 3

THEN

STEP-UP → OTP verification

Model Output

0.87

High Risk

Velocity anomaly
Device mismatch
Geo deviation
Amount pattern

ML Scoring & Explainability

Combine machine learning models with rule-based logic in a unified scoring pipeline. Every score comes with context your team can understand.

  • Supervised + unsupervised model support
  • SHAP-based explainability — per-prediction feature attribution
  • Model versioning and lifecycle management
  • Hybrid rule + ML scoring with per-flow weight control — independent weights per transaction type
  • Champion/challenger model comparison
  • Adaptive Confidence Engine — automated performance monitoring with weight adjustment recommendations Learn more

Real-Time Decisioning

Designed for millisecond-level response times. Every transaction gets an Allow, Step-Up, Manual Review, or Block decision through configurable workflows.

  • Designed for millisecond-level response times
  • Allow / Step-Up / Manual Review / Block decision outcomes
  • API-first architecture for seamless integration
  • Configurable decision workflows
  • Priority queue management for high-value transactions
12ms

ALLOW

68%

STEP-UP

17%

REVIEW

9%

BLOCK

6%

Processing in real time
FDE event investigation view showing score breakdown, triggered banking rules, Why This Score explainability, and entity context cards

Event Investigation — drill into any transaction to see which rules fired, why the score was assigned, and connected entities.

Link analysis Sankey diagram showing connections between devices, sessions, IP addresses, and user accounts with shared-attribute detection

Entity Link Analysis — trace connections between devices, sessions, IPs, and users to uncover fraud rings.

Investigation Dashboard

A purpose-built interface for fraud analysts. Drill into any transaction to see exactly which rules fired, why the risk score was assigned, and how entities are connected.

  • 20+ pre-built analytical views
  • Role-based access control (RBAC)
  • Real-time transaction monitoring
  • Entity link analysis across transactions
  • Customizable dashboards per analyst role

AI-Powered Investigation — From Hours to Seconds

LLM-generated summaries and conversational Q&A turn every fraud event into an instantly understandable narrative. No more digging through raw rule logs.

Event investigation view with AI-generated Investigation Summary explaining why a transaction was flagged

One-Click AI Summary — instant narrative for every flagged event

AI Chat interface showing conversational Q&A about a fraud event with contextual, grounded answers

Conversational Q&A — ask "Is this a false positive?" and get grounded answers

One-Click Summary

LLM-generated narrative explaining rule triggers, risk signals, and transaction context

Conversational Q&A

Multi-turn chat with contextual, grounded answers about any fraud event

PII-Safe by Design

Direct identifiers are stripped before reaching the LLM. No customer PII is sent to external AI services.

Investigate Fraud from Anywhere

Our dashboard is fully responsive — monitor alerts, investigate events, and manage cases from your phone.

FDE real-time monitoring dashboard on mobile phone showing KPIs and charts
FDE event investigation on mobile phone showing event details and filters

Real-Time Monitoring & Event Investigation — iPhone and Android

One Dashboard, Every Language

Every label, menu, and status in your team's language. Fraud analysts in Bangkok see the same data as analysts in Jakarta — each in their native language.

Real-time monitoring dashboard in English showing live event feed with Southeast Asian transaction data

English

Real-time monitoring dashboard in Thai language showing identical layout and data with fully translated interface

Thai

Currently supported: English, Thai, Bahasa Indonesia, Vietnamese, Chinese (Simplified). Additional languages on request.

Case Management

End-to-end case lifecycle management from alert creation through resolution, with full audit trails and compliance-ready exports.

  • Full case lifecycle management
  • Event linking across related transactions
  • Status workflows with SLA tracking
  • PII-redacted export for compliance reporting
  • Team assignment and escalation workflows

Case #FRD-2026-0847

Status Under Review
Priority High
Linked events 4 transactions
Assigned to Fraud Analyst Team A
SLA remaining 2h 14m

Rule change approved

Maker-checker: 2/2 approvals

AES-256-GCM encryption

Data at rest · Active

Audit log exported

Q1 2026 · 12,847 entries

Governance & Compliance

Built-in governance controls that help regulated institutions meet audit and compliance requirements without slowing down operations.

  • Maker-checker workflows for rule changes
  • Complete audit logging of all actions
  • AES-256-GCM encryption at rest
  • End-to-end TLS 1.3 with mutual authentication on every internal hop (engine ↔ nginx, engine → PostgreSQL, engine → Redis, dashboard → engine)
  • TLS audit evidence — PostgreSQL emits per-connection TLS audit events with version/cipher/verified status; Redis emits TLS verification evidence at startup and reconnect (redis-py does not expose per-socket SSL metadata). Exportable jq queries map to FFIEC CAT, MAS TRM §10, and BNM RMiT §11 audit asks.
  • Designed to support data residency requirements
  • Role-based permissions with granular controls
  • Multi-tenant deployment — isolated rule sets, auth policies, and data per brand or subsidiary
  • Regulatory compliance mapping — link rules to MAS TRM, OJK, and BSP requirements; export coverage reports for auditors
Download the FDE TLS & Audit Pack · PDF + jq queries, free

Device Intelligence

Identify and track devices across sessions with deep fingerprinting that detects emulators, tampering, and suspicious device patterns.

  • Device fingerprinting across web and mobile
  • 47 device intelligence signals across 4 categories
  • Browser and app integrity checks
  • Device reputation scoring
  • Cross-session device linking
  • Behavioral biometrics integration — plug in your existing provider for bot detection, device tampering, and suspect scoring

Device Profile

Device ID dev_7f3a...c9e1
Trust score 92 / 100
Emulator Not detected
Rooted/Jailbreak Not detected
Sessions linked 14 sessions
Global blocklist
24,891 entries
VIP allowlist
1,204 entries
Watchlist — Mule accounts
3,472 entries
External threat feed
Synced 2m ago
Real-time matching active

Lists & External Feeds

Centralized list management with real-time matching during decisioning. Import your own lists or connect third-party threat intelligence feeds.

  • Managed blocklists and allowlists
  • CSV bulk import for fast onboarding
  • Approval workflows for list changes
  • Third-party threat intelligence feed integration
  • Real-time list matching in decisioning pipeline

Integration & SDKs

Everything you need to integrate the Fraud Decision Engine into your existing stack.

REST API

OpenAPI spec included

TypeScript SDK

npm package

Python SDK

pip package

WebSocket

Real-time events

Example: Submit a risk evaluation request 
# Replace with your FDE instance URL after onboarding
curl -X POST https://your-instance.run-true.com/v1/risk/evaluate \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"eventCode": "payment", "sessionId": "sess_001", "deviceToken": "v2:abc123",
     "eventDetail": {"Payment": {"Amount": 5000, "Currency": "SGD"}}}'
Agent-Ready

Native MCP Integration

Among the first fraud engines with native Model Context Protocol support. AI assistants — Claude, GPT, Gemini — can evaluate risk, submit outcomes, and label fraud with zero integration code.

evaluate_risk

Real-time scoring with SHAP explanation

submit_outcome

Payment success/failure feedback loop

submit_fraud_label

Label events with multi-source tracking

check_health

Service availability verification

Open standard (Linux Foundation). Stdio for development, HTTP for production. Your AI agents become fraud analysts.

Deployment Options

Choose the deployment model that fits your institution's requirements. Core decisioning capabilities stay consistent across deployment models; some optional integrations (AI features, GeoIP refresh) depend on your environment configuration.

Feature SaaS On-Premise
Docker Compose
Limited Availability · Pilot		 On-Premise
Ansible / bare-metal
Limited Availability · Pilot
Data location RTD-managed cloud Your infrastructure Your infrastructure
Runtime Containerized Docker Compose v2 systemd + uvicorn
(no Docker required)
Maintenance Fully managed by RTD Your team, RTD-supported Your team, RTD-supported
Data sovereignty Regional hosting available Complete control Complete control
Full-mesh mTLS N/A
(TLS at edge)		 Optional
(gen-certs.sh)		 Optional
(fde_tls_internal: true)
Bring-your-own bank PKI
(Customer CA mode in technical docs)		 N/A Yes Yes
Go-live target 2–4 weeks 1–3 months 1–3 months
Best for Fast deployment, fintechs Banks evaluating, mid-market Tier-1 banks, RHEL shops, zero-trust

On-premise deployment designed to support data residency requirements under MAS TRM Guidelines, OJK regulations, and similar frameworks.

End-to-end TLS 1.3 shipped April 2026

Built for Banking Infrastructure

FDE on-premise is not a port of our SaaS. It's a first-class deployment with its own validated topology, performance profile, and security posture.

Two install paths, TLS 1.3 + mTLS opt-in on both

Docker Compose deploys the 5-service stack (engine, dashboard, PostgreSQL, Redis, nginx) on a single host. Ansible bare-metal supports a 2-VM split (app VM + dedicated PostgreSQL VM) — the topology validated in the RTD internal 2-VM reference lab. Both paths support TLS 1.3 + mTLS opt-in (fde_tls_internal: true), audit logging, and Mode A / Mode B cert flow.

RHEL / Rocky Linux 8/9 TLS caveat (current release): Redis TLS is deferred, engine + dashboard must be co-located on the same VM, and the cert chain is 7 leaves (not 9). Full 9-leaf TLS posture is available on Ubuntu 22.04 + Debian 12. On the Ansible bare-metal path: nginx is auto-installed and load-balances across uvicorn workers; Redis is co-located on the app VM for sub-millisecond list-cache lookups.

FDE on-prem 2-VM topology — App VM (nginx, uvicorn workers, dashboard, Redis) over TLS 1.3 LAN to dedicated PostgreSQL VM
2-VM topology — Ansible bare-metal, validated in the RTD internal 2-VM reference lab.
Two PKI modes — Mode A Ansible generates CA and leaves, Mode B bank supplies signed bundle which Ansible validates then distributes
Mode A (Ansible-generated CA) vs Mode B (Bring-your-own bank PKI).

Validated performance — banking tenant

Pre-configured banking fraud detection templates (full chain enabled), RTD internal lab, Intel Xeon E3-1245 v5. Lab measurements only — not a performance guarantee. Your hardware, network, tenant config, and rule mix will affect results.

Conservative floor
Ansible 2-VM (separate PG, plain HTTP)
57 RPS
P50 343 ms · P99 577 ms · 0 errors @ c=20
60 s sustained: 55 RPS · P50 364 ms · 0 errors. Two 4 vCPU / 4 GB VMs.
Lab ceiling
Compose single-host (co-located PG, TLS 1.3 + mTLS)
75 RPS
P50 260 ms · P99 525 ms · 0 errors @ c=20
60 s sustained: 73 RPS · P50 262 ms · 0 errors. Single 8 vCPU host.
Banking tenant throughput chart — RPS at concurrency 1, 5, 10, 20 for Ansible 2-VM floor and Compose single-host ceiling, zero errors across all levels

Zero errors across ~23,000 banking evaluate requests (~13,500 Docker Compose TLS + ~10,000 Ansible 2-VM).

Zero-trust security (opt-in fde_tls_internal: true)

  • ·TLS 1.3 only, AEAD ciphers, EC P-384 CA / EC P-256 leaves.
  • ·Mutual TLS on every internal hop — engine ↔ nginx, engine → PostgreSQL (sslmode=verify-full), engine → Redis, dashboard → engine.
  • ·Two PKI modes: RTD-generated CA (Mode A, fast PoC) or Bring-your-own bank PKI (Customer CA mode in technical docs) — validated bundle handoff.
  • ·PostgreSQL per-connection TLS audit log; Redis TLS verification evidence at startup and reconnect; ready-to-paste jq queries for auditors.
  • ·Cert expiry monitor runs as a systemd timer (warns at 60 days, errors at 14 days). Rotation is operator-triggered and mode-specific: Mode A reruns ansible-playbook --tags common,tls-rotate; Mode B banks reissue their bundle and operator reruns --tags common,tls. Reload-not-restart where supported.

Compatibility

Ubuntu 22.04 (primary, CI-verified); Ubuntu 20.04 (legacy, supported); RHEL / Rocky Linux 8/9 (supported — current release TLS reduced scope: Redis TLS deferred, engine + dashboard co-located on same VM, 7-leaf cert chain). Full 9-leaf TLS posture available on Ubuntu 22.04 + Debian 12. PostgreSQL 16 verified; PG 15 supported (not yet verified); PG 14 expected. Docker Engine 24+ for Compose path; Ansible 2.14+ with Python 3.11 for bare-metal path.

Built for Banking

Pre-configured banking fraud templates across 10 category groups — from wire and ACH to behavioral biometrics. Designed against real bank RFI/RFP requirements from across Southeast Asia.

Wire Fraud

High-value transfer rules

ACH Fraud

Batch payment monitoring

Check Fraud

Deposit & clearing rules

Account Takeover

Login anomaly detection

Card / CNP

Transaction fraud rules

Money Flow

Structuring detection

Identity / Synthetic

KYC fraud rules

Cross-cut

Pattern analysis

Device Intelligence

Device-linked signals

Behavioral Biometrics

Bot & tampering detection

See How It Maps to Your Requirements

Transparent Pricing for Mid-Market Banks

We believe mid-market banks shouldn’t pay enterprise-tier prices for enterprise-grade fraud protection. Our pricing is designed to be accessible — talk to us for details.

Talk to Us About Pricing

See It in Action

Our live demo bank at rtd-demo-bank.run-true.com connects directly to the Fraud Decision Engine sandbox. Submit test transactions, trigger rules, and see real-time scoring — no setup required.

Demo access is manually approved during our early access program.

Request Demo Access

Ready to Stop Fraud Before It Moves?

Talk to our team about fraud decisioning for your institution.

Talk to Us Explore the Platform