How fraud detection works
Hello Clever’s transaction monitoring applies both rule-based and machine learning (ML) detection in real time. Rules are tuned to catch fraud without interrupting legitimate customers, while ML models continuously adapt to evolving fraud patterns. Hello Clever’s fraud detection is further enhanced through a partnership with Flagright, a specialist in AML compliance and transaction monitoring.Fraud signals monitored
Unusual transaction amounts
Unusual transaction amounts
Transactions that deviate significantly from a user’s historical spending patterns trigger an alert. The system accounts for gradual spending growth so legitimate increases do not create false positives.Example: A user who typically spends 2,000 transaction.
Geolocation and IP address mismatch
Geolocation and IP address mismatch
Purchases originating from unexpected or high-risk locations are flagged. The system checks for travel signals (such as recent airline purchases) before escalating, to avoid blocking genuine travellers.Example: A customer who normally transacts in Sydney makes a purchase from Moscow.
Device anomalies
Device anomalies
A sudden shift in device, browser, or operating system can signal account takeover. Known device upgrades and previously used devices are recognised and treated as lower risk.Example: A user who always transacts from an iPhone suddenly initiates a payment from an unrecognised device.
Velocity of transactions
Velocity of transactions
A high number of transactions in a short window may indicate automated scripts or malicious activity. The system adjusts sensitivity during high-frequency shopping periods like major sales events.Example: Five transactions within under a minute from a new device.
Behavioural pattern deviations
Behavioural pattern deviations
A sudden shift in spending category or value outside a customer’s established patterns is flagged. Recent salary deposits or seasonal spending spikes are factored in to reduce false positives.Example: A customer with steady grocery and utility spend suddenly makes multiple high-value luxury purchases.
Multiple failed payment attempts
Multiple failed payment attempts
Repeated failed attempts in quick succession may indicate card testing or an account takeover attempt. The system distinguishes between network retries and genuinely suspicious failure patterns.Example: Multiple failed transactions from different devices or locations in quick succession.
How flagged transactions are handled
When the fraud detection system identifies a suspicious transaction, one of the following responses is triggered:Automated blocking
Transactions matching known high-risk patterns (such as flagged geolocations or confirmed fraud signatures) are blocked automatically in real time before processing completes.
Compliance review
Transactions that show unusual patterns without meeting the threshold for automatic blocking are escalated to Hello Clever’s compliance team for manual investigation.
Customer verification
Where further verification is required, customers may be contacted to confirm their identity before the transaction is released or permanently declined.
Post-payment screening
Completed transactions are retrospectively reviewed to identify patterns (such as coordinated fraud rings) that only become apparent over time.
Post-payment screening
In addition to real-time monitoring, Hello Clever conducts regular post-payment screening to detect fraud that is not immediately apparent at transaction time.- Ongoing behavioural analysis: completed transactions are reviewed for patterns that may collectively indicate risk, even when individual transactions appear legitimate.
- Retrospective review of high-risk transactions: previously flagged transactions are periodically re-examined to identify links to fraud rings or coordinated attacks.
- Continuous ML model improvement: post-payment data feeds back into machine learning models, refining detection accuracy for evolving fraud tactics.
Flagright partnership
Hello Clever’s fraud detection capabilities are extended through its partnership with Flagright.- Enhanced pattern recognition: Flagright identifies subtle correlations across transaction data that may escape standard rule-based systems.
- Real-time threat intelligence: Flagright provides up-to-date intelligence on emerging fraud trends, allowing Hello Clever to adjust detection rules proactively.
- Customisable rule sets: the partnership enables Hello Clever to refine monitoring rules in response to the latest fraud tactics without delays.
Payment gateway security
Hello Clever’s payment gateway adds further layers of protection beyond transaction-level fraud detection.OTP account authentication
OTP account authentication
Customers sign in using a one-time password (OTP) sent to their registered phone number, eliminating the risks associated with static passwords.
Cloudflare protection
Cloudflare protection
Cloudflare secures Hello Clever’s platform against DDoS attacks, SQL injection, and other common web threats, providing real-time blocking at the network edge.
Azure Security Centre
Azure Security Centre
Hello Clever’s infrastructure is continuously monitored by Azure Security Centre, which uses advanced threat detection and automated alerts to identify risks before they impact operations.
Regular penetration testing
Regular penetration testing
Hello Clever undergoes routine penetration testing to proactively identify and remediate vulnerabilities. Contact Hello Clever’s support team to request a penetration test report.
Real-time payment security
Real-time payments (such as PayID-based account-to-account transfers in Australia) offer inherent security advantages over card payments that Hello Clever leverages across its platform.Direct bank authentication
Payments are authenticated directly within the customer’s bank using multi-factor authentication (MFA), with no card data transmitted or stored.
Reduced fraud surface
Fewer intermediaries means fewer potential access points for fraud. No card numbers or CVVs are involved in account-to-account transfers.
No chargebacks
Real-time payments are final and irrevocable once confirmed. This eliminates chargeback risk and preserves your revenue.
Simplified PCI compliance
Without card data handling, your business faces reduced PCI-DSS obligations, lowering operational complexity and cost.