How to Build a fraud detection Agent Using AutoGen in TypeScript for fintech
A fraud detection agent in fintech watches transaction streams, enriches them with risk signals, and decides whether to approve, hold, or escalate a case. It matters because fraud losses, false declines, and slow manual review all hit revenue and customer trust at the same time.
Architecture
- •
Transaction intake service
- •Receives payment events, card authorizations, ACH transfers, or account actions.
- •Normalizes payloads into a consistent schema before the agent sees them.
- •
Risk enrichment layer
- •Pulls device fingerprint, IP reputation, velocity checks, account age, merchant category, and geo signals.
- •Keeps sensitive data handling outside the model where possible.
- •
AutoGen orchestrator
- •Uses
AssistantAgentfor analysis andUserProxyAgentfor execution/control. - •Coordinates tool calls and returns a structured decision.
- •Uses
- •
Policy engine
- •Applies hard rules for compliance and fraud thresholds.
- •Overrides model output when regulatory or internal controls require it.
- •
Audit log store
- •Persists prompts, tool outputs, decisions, and timestamps.
- •Supports post-incident review and regulator requests.
- •
Case management integration
- •Opens tickets for manual review when confidence is low.
- •Sends decisions into your fraud ops queue or SIEM.
Implementation
1) Install AutoGen and define the transaction contract
Use the TypeScript AutoGen package and keep your input/output shape strict. In fintech, schema drift becomes an audit problem fast.
npm install @autogen-ai/autogen zod
import { z } from "zod";
export const TransactionSchema = z.object({
transactionId: z.string(),
customerId: z.string(),
amount: z.number().positive(),
currency: z.string().length(3),
country: z.string().length(2),
merchantCategory: z.string(),
deviceId: z.string(),
ipAddress: z.string(),
velocity24h: z.number().int().nonnegative(),
});
export type Transaction = z.infer<typeof TransactionSchema>;
export const FraudDecisionSchema = z.object({
action: z.enum(["approve", "hold", "reject", "review"]),
score: z.number().min(0).max(100),
reasons: z.array(z.string()).min(1),
});
2) Build the AutoGen agents
The AssistantAgent does the analysis. The UserProxyAgent runs the workflow and can be wired to tools later. Keep the system prompt narrow so the agent stays inside policy.
import { AssistantAgent, UserProxyAgent } from "@autogen-ai/autogen";
const fraudAnalyst = new AssistantAgent({
name: "fraud_analyst",
systemMessage: `
You are a fraud detection analyst for a fintech platform.
Assess transaction risk using only the provided data.
Return a concise decision with score and reasons.
Do not request unnecessary personal data.
If data is insufficient or policy-sensitive, recommend review.
`,
});
const orchestrator = new UserProxyAgent({
name: "fraud_orchestrator",
});
3) Add a decision function with audit-friendly output
This pattern keeps the model output machine-readable. In production you want deterministic parsing before any downstream action fires.
type FraudDecision = {
action: "approve" | "hold" | "reject" | "review";
score: number;
reasons: string[];
};
async function assessTransaction(tx: Transaction): Promise<FraudDecision> {
const prompt = `
Analyze this transaction:
${JSON.stringify(tx, null, 2)}
Return JSON with:
{
"action": "approve" | "hold" | "reject" | "review",
"score": number,
"reasons": string[]
}
`;
const result = await orchestrator.initiateChat(fraudAnalyst, prompt);
const rawText = result.chatHistory.at(-1)?.content ?? "{}";
const parsed = JSON.parse(rawText);
return {
action: parsed.action,
score: parsed.score,
reasons: parsed.reasons,
};
}
4) Wrap it in policy checks before execution
Never let an LLM make the final compliance call on its own. Put hard rules ahead of the model and use the agent as one signal in your decision chain.
function applyPolicy(tx: Transaction, decision: FraudDecision): FraudDecision {
if (tx.amount > 10000 && tx.country !== "US") {
return {
action: "review",
score: Math.max(decision.score, 85),
reasons: [...decision.reasons, "High-value cross-border transaction requires manual review"],
};
}
if (decision.score >= 90) {
return { ...decision, action: "reject" };
}
if (decision.score >= 70) {
return { ...decision, action: "hold" };
}
return decision;
}
Production Considerations
- •
Deploy close to your data boundary
- •Keep PII in-region if you have residency requirements.
- •If you operate in multiple jurisdictions, isolate EU/UK/US workloads and logs.
- •
Log everything needed for audit
- •Store input features, agent prompt version, model version, tool outputs, final action, and human override status.
- •Redact raw PANs, bank account numbers, and full device identifiers.
- •
Add guardrails around model output
- •Enforce JSON schema validation before any action is taken.
- •Block direct approval/rejection on low-confidence cases; route to manual review instead.
- •
Monitor drift and false positives
- •Track precision/recall by product line and region.
- •Watch approval rate changes after model or rule updates; that’s where customer friction shows up first.
Common Pitfalls
- •Letting the model see too much sensitive data
Avoid passing raw card numbers, full KYC documents, or unnecessary PII into prompts. Use tokenized identifiers and feature summaries instead.
- •Treating agent output as final truth
An AutoGen agent should recommend; your policy engine should decide. Always combine model output with deterministic rules and human review thresholds.
- •Skipping replayable audits
If you can’t reproduce why a transaction was held six months later, you have an operational gap. Version prompts, freeze dependencies, persist every decision artifact.
Keep learning
- •The complete AI Agents Roadmap — my full 8-step breakdown
- •Free: The AI Agent Starter Kit — PDF checklist + starter code
- •Work with me — I build AI for banks and insurance companies
By Cyprian Aarons, AI Consultant at Topiax.
Want the complete 8-step roadmap?
Grab the free AI Agent Starter Kit — architecture templates, compliance checklists, and a 7-email deep-dive course.
Get the Starter Kit