ZAIS™ is an RBI-implemented, globally structured fraud investigation methodology designed to support multi-jurisdictional regulatory environments including PSD2/SCA and MAS TRM.
Most digital lenders have alerts. Very few have a structured way to investigate, explain, and defend what happened.
ZAIS structures the full journey — detection, investigation, explainability, evidence, and regulatory mapping — as a connected methodology, not isolated tools.
Every signal has a defined data type, risk weight, trigger condition, and RBI alignment. No black boxes.
Showing all 42 signals across 6 domains
ZAIS reconstructs the full attack chain from triggered signals — giving investigators and regulators a single narrative of what happened, in order.
This attack chain is reconstructed automatically from triggered signals — not written manually by an analyst. Every node maps to a ZAIS signal with defined weight and RBI alignment.
Three attack vectors. Each has a specific signal combination, a step-by-step execution protocol, and defined KPIs. Not guidelines — protocols.
ZAIS is RBI-primary, globally structured. Every control maps to a global control family first — then to jurisdiction-specific requirements as overlays. RBI is fully mapped. PSD2/SCA and MAS TRM overlays are framework-ready.
Every ZAIS signal maps to one of five global control families. Jurisdictions map to these families as overlays — not the other way around. This means adding a new regulator never requires rebuilding the signal library.
Specific RBI requirement to ZAIS control mapping. PSD2 and MAS detail mapping available on request.
| RBI Requirement | ZAIS Control | Global Family | Signals |
|---|---|---|---|
| Device & IP anomaly detection (Digital Payment Security Controls) | ZAIS-G201 Device & Network Domain | ZAIS-G201 | SIG-DEV-001 → 008, SIG-NET-001 → 008 |
| Velocity monitoring for suspicious transaction patterns | ZAIS-G301 Transactional Domain | ZAIS-G301 | SIG-TRX-001, 002, 005, 006, 007, 008 |
| Behavioural biometrics for account activity monitoring | ZAIS-G101 Behavioural Domain | ZAIS-G101 | SIG-BIO-001 → 006 |
| Customer limited liability — burden of proof on institution | ZAIS-G401 Forensic Evidence Model | ZAIS-G401 | All signals — sealed in SHA-256 manifest |
| SIM swap / telecom profile change monitoring | ZAIS-G201 SIM Swap trigger (PB-03) | ZAIS-G201 | SIG-NET-006 (primary), SIG-AUTH-001 (secondary) |
| Explainability of AI/ML fraud decisions | ZAIS-G401 Explainability Narrative | ZAIS-G401 | All — signal weights documented per decision |
Note on Architecture Defined status: PSD2/SCA and MAS TRM overlays are structurally mapped to ZAIS global control families. Architecture Defined status means the structural mapping to ZAIS global control families is confirmed. Article-level citation mapping is built during client engagement for the specific regulatory profile — this is always implementation-specific. This is the correct sequencing — jurisdiction overlays are always implementation-specific.
The ZAIS Maturity Assessment measures your current ATO controls across 5 dimensions and shows exactly where the gaps are. These are illustrative scores — your assessment will reflect your actual setup.
Scores above are illustrative — typical NBFC baseline. Your actual maturity assessment will produce real scores from your setup.
Zarelva reviews your current ATO detection, investigation, and explainability controls against the ZAIS standard — and gives you a maturity score, control gap list, and remediation roadmap.
Delivered in 10 working days · Fixed fee · NDA before any data is shared