Key concepts
Foundational concepts for Protect — risk scores, fraud rules, the review queue, blocked list, and key terms.
Overview
Protect is PayMongo's transaction-level fraud monitoring tool. Every transaction processed through your account is automatically evaluated in real time by a machine learning engine that assigns a risk score, applies your configured rules, and determines whether to allow, review, or block the transaction — all before it completes.
Understanding the core concepts below will help you configure Protect effectively and interpret what you see in the dashboard.
Risk score
Every transaction receives a risk score between 0 and 1000. The higher the score, the higher the likelihood of fraud. Scores are generated in real time by PayMongo's machine learning engine, which evaluates signals including:
- Behavioral patterns (transaction frequency, changes in user behavior)
- Velocity checks (rapid transaction attempts, repeated failed payments)
- Anomaly detection (outlier amounts, unusual geographic patterns)
- Device and identity signals (device changes, mismatched address details, high-risk email domains)
The dashboard shows which signals contributed most to each transaction's score, giving you transparency into every decision.
Risk level
Risk scores are grouped into three levels:
| Risk level | Score range |
|---|---|
| Low | 0 – 499 |
| Medium | 500 – 799 |
| High | 800 – 1000 |
By default, transactions with a medium or high risk level are automatically placed into the review queue.
Rules
Rules define what Protect does when a transaction meets specific conditions. Each rule has an action and one or more conditions.
Actions:
- Allow — transaction proceeds without further review, even if other signals are elevated
- Block — transaction is automatically declined; no funds are captured
- Review — transaction is flagged and placed in the review queue for manual investigation
Conditions can be based on: risk score, risk level, card country, billing country, payment amount, IP address, or billing email.
Rules are evaluated in order — the lowest order number is checked first. You can combine conditions using AND (all must match) or OR (at least one must match).
Default rules (automatic):
- review if risk_level: 'medium'
- review if risk_level: 'high'
You can create, edit, and reorder custom rules from the dashboard or via the REST API. Rules only apply to future transactions — existing payments are unaffected.
Review queue
The review queue contains transactions flagged for manual investigation. A transaction enters the queue when it matches a review rule. Your team can inspect the transaction details, examine the risk drivers, and close the review once it has been addressed. Closing a review removes it from the active queue.
Only transactions that have been processed (paid or failed) can appear in the review queue.
Blocked list
The blocked list shows transactions that were automatically declined because they matched a block rule. These transactions were never completed — no funds were captured. You can monitor this list to catch false positives and refine your block rules accordingly.
Supported payment methods
Protect currently supports:
- Cards
Coming soon: E-wallets (GCash, Maya, GrabPay), QR Ph, and others.
Access note
Protect requires account configuration before use. Contact [email protected] to get access.
Updated 15 days ago