How Scoring Works

Scoring pipeline

When you call POST /v1/transactions/score, MaiGuard runs a synchronous evaluation pipeline:

1. Ingest — transaction payload, device context, and metadata are validated and normalized.
2. Enrich — velocity counters, entity graph lookups, onboarding context, and list matches are applied.
3. Evaluate — active rules, ML models, and pattern analysis run in priority order.
4. Decide — the highest-priority matched rule action determines ALLOW, REVIEW, or BLOCK.
5. Respond — riskScore, decision, matched rules, and optional shadowEvaluation are returned.

Signal dimensions

MaiGuard evaluates signals across six dimensions. Richer payloads produce more accurate scores — see payload richness tiers in the API reference.

• →Transaction behavior — amount, velocity, and patterns
• →Device and network — IP reputation, fingerprint, deviceSessionId
• →Authentication — login context and session anomalies
• →Counterparty risk — beneficiary and receiver signals
• →Geo-location consistency
• →Historical account behavior

Response output

Every scoring response includes a riskScore (0–100, higher = riskier), a decision, and explanatory matchedRules. See the glossary for decision state definitions.

Latency

MaiGuard targets sub-200 ms median response time for synchronous scoring, suitable for real-time payment flows. Use webhooks or batch scoring for high-throughput async workloads.