Transaction Monitoring
Detect, investigate, and resolve suspicious card activity directly inside Lithic. Configure rules that tag transactions or open cases, then work those cases to resolution from the API or the Lithic Dashboard.
Overview
Transaction Monitoring is Lithic's end-to-end framework for surfacing suspicious card activity and managing the human review that follows. It is built on the same rules engine that powers Authorization Rules, so the rule primitives and dashboard tooling already used for real-time authorization carry directly over to post-authorization monitoring.
Where Authorization Rules act on a transaction in flight, Transaction Monitoring runs after the transaction happens. It surfaces structured signals to downstream rules and analysts, and triggers investigations for patterns that need human review rather than an automated decision.
Common use cases
- AML and sponsor bank monitoring. Most Lithic-client programs are required by their sponsor bank to monitor card activity for money-laundering and sanctions risk. Transaction Monitoring provides the rules engine, queues, case workflow, and audit log that satisfy these obligations without a separate vendor integration.
- Post-authorization fraud forensics. Some fraud patterns cannot be decided in real time but are clear in aggregate. Use monitoring rules to flag cards or accounts that show suspicious behavior across multiple transactions, and let analysts investigate from a single case view.
- Lithic-managed monitoring service. For programs that want Lithic to staff the analyst team, Transaction Monitoring is the same surface Lithic agents use, with queues, assignment, and audit trails that scale to multi-tenant operations.
What's included
Transaction Monitoring Rules run after authorization and produce one of two outcomes: a structured tag attached to the transaction, or a case opened against the involved card or account. Many programs use both together. Tagging rules surface consistent risk context across the program; case creation rules generate investigation work only when the cumulative signal exceeds a threshold.
Case Management gives analysts a single surface to work the resulting investigations. Cases aggregate the flagged transactions, associated cards and accounts, comments, file attachments, and a complete activity log. Cases move through a defined lifecycle and close with a recorded resolution, producing the audit trail a sponsor bank or compliance review needs.
Both halves are available through the Lithic Dashboard and the API.
Getting started
- Create one or more queues that match how the analyst team works (for example,
Fraud MonitoringandAML Review). Most programs start with a single queue and split later. - Author monitoring rules in shadow state, then promote them to active. See Transaction Monitoring Rules for the full authoring flow.
- Assign cases from the queue, investigate, and resolve with the appropriate outcome. See Case Management for the case workflow.
Limitations
Transaction Monitoring runs asynchronously after authorization. It cannot decline, challenge, or otherwise interrupt a transaction in flight. For real-time decisioning, use Authorization Rules. See the rules and case management pages for the full set of constraints on each component.
Next steps
- Transaction Monitoring Rules: Configure tagging and case creation rules.
- Case Management: Investigate and resolve cases through the API and dashboard.
- Authorization Rules: Make real-time authorization decisions before transactions settle.
To learn more or enable Transaction Monitoring for your program, contact your Lithic account team.
Updated about 1 hour ago