What This Framework Addresses
Modern digital platforms face fraud that operates simultaneously across multiple layers — identity fabrication at onboarding, infrastructure abuse during access, behavioural manipulation during interaction, financial exploitation at transaction, and coordinated network operations at scale. Addressing only one layer leaves the others exposed.
The Zarelva AI Fraud Detection Framework provides a structured model for analysing, detecting, and building defences across all five layers. It is applicable to fintech platforms, digital marketplaces, AI-powered systems, and autonomous agent environments.
The Five Fraud Detection Layers
Each layer represents a distinct attack surface with characteristic fraud signals, detection approaches, and risk weights.
AI Fraud Detection Signal Architecture
Fraud detection at the signal level requires identifying observable indicators that, alone or in combination, indicate fraudulent intent. The framework categorises signals by layer, weight, and detection method. Signal correlation across layers produces high-confidence fraud assessments.
| Signal | Layer | Weight |
|---|---|---|
| Financial action without approval | Transaction | HIGH · 50 |
| System prompt extraction attempt | Behaviour | HIGH · 45 |
| Data exfiltration pattern | Transaction | HIGH · 45 |
| Coordinated timing across agents | Network | HIGH · 40 |
| Revoked credential in use | Identity | HIGH · 40 |
| Action velocity — critical | Behaviour | HIGH · 35 |
| Delegation to unknown agent | Behaviour | MED · 30 |
| Tor exit node origin | Access | MED · 25 |
| Geolocation mismatch | Access | MED · 20 |
| Identity very new (<7 days) | Identity | MED · 20 |
| Off-hours activity pattern | Behaviour | LOW · 15 |
| No audit trail present | Compliance | LOW · 15 |
| Reputation score below 0.3 | Identity | LOW · 10 |
Risk Scoring Architecture
The framework implements a 0–100 risk score derived from weighted signal accumulation. Signals compound when they co-occur — a single signal of moderate weight may not trigger a REVIEW, but three co-occurring moderate signals produce a composite score that does.
- 0–24: LOW risk — ALLOW. Standard monitoring continues.
- 25–49: MEDIUM risk — REVIEW. Human analyst or secondary automated check required.
- 50–74: HIGH risk — escalated REVIEW. Strong evidence of fraud indicators.
- 75–100: CRITICAL — BLOCK. Multiple high-weight signals co-occurring.
In testing against synthetic fraud scenarios, a new agent with a financial action signal, no approval gate, and datacenter IP origin scored 100/100 CRITICAL on first interaction — before any transaction was executed.
Application to AI Agent Systems
Traditional fraud detection was designed for human actors. AI agent fraud detection requires an additional dimension: the agent's delegation chain, its declared capability scope, and its behavioural baseline relative to stated purpose.
The Zarelva Agent Risk Engine implements this framework as a Python-based scoring system, evaluating 47 signals across all five layers with zero external dependencies. It is designed to integrate with any system that has visibility into agent identity, delegation, and action metadata.
→ github.com/Gururaj-GJ/zarelva-agent-risk-engine
The Fraud Signal Library
The signal architecture in this framework is drawn from the Zarelva Fraud Signal Library — a structured catalogue of fraud detection signals mapped across identity, device, behavioural, network, and transaction dimensions. The library is published as open research and is designed for use in detection logic design, gap analysis, and fraud architecture reviews.
→ github.com/Gururaj-GJ/fraud-signal-library
Applying the Framework in Practice
Zarelva applies this framework in client engagements through a five-stage process: signal gap analysis against the full library, attack surface mapping across all five layers, fraud scenario simulation against platform-specific vectors, detection architecture design, and defence strategy development.
Platforms that have applied a layered detection approach report significantly lower false positive rates than single-layer rule-based systems, while maintaining higher coverage of novel fraud patterns that rules-only approaches miss.
Download the Full Framework Diagram
One-page visual showing all five layers, signal categories, risk output, and example scenario.
↓ Download PDF — Free