Fraud Detection leverages years of risk control experience from the Alibaba security team and risk management expertise from platforms such as Alibaba Cloud, Taobao, and Alipay. The service provides an intelligent, lightweight, and mature solution for business risk control, helping you quickly resolve security risks and reduce losses. This document describes the data security and compliance capabilities of Fraud Detection.
Full-lifecycle business risk control coverage
Fraud Detection provides risk detection across the entire business lifecycle, including on devices, during account registration and logon, for marketing campaigns, and with business risk intelligence. It helps your business prevent large-scale threats at every stage.
Encryption of data in transit
The Fraud Detection application programming interface (API) supports the HTTPS protocol and provides SDKs for API calls. This protects your data from being tampered with or stolen during transmission.
Data storage
Fraud Detection permanently stores your API call records. These records include the call time, the API name, and the number of calls. You can query records from the past year.
Real-time call results
Fraud Detection performs real-time calculations for metrics, models, and policy rules based on incoming requests and traffic. The results are returned directly to you. The overall response time is 200 ms or less, depending on the event and scenario, and the fastest response time is under 20 ms.
ActionTrail
Fraud Detection is integrated with ActionTrail. ActionTrail helps you monitor and record activities on your Alibaba Cloud account, including access to and use of Fraud Detection through the Alibaba Cloud Management Console, OpenAPI, and developer tools. Currently, call records are available for the ExecuteRequest and ExecuteRequestSG API operations. Support for other API operations is being added. For more information, see What is ActionTrail?.
Access control
Fraud Detection supports Resource Access Management (RAM). You can use the RAM console or API operations to set access permissions for RAM users and customize more fine-grained access control. For more information, see Create a custom policy.
Compliance and certifications
Fraud Detection has obtained the following authoritative certifications: ISO 27001, ISO 27017, CSA STAR, ISO 27018, ISO 27701, ISO 29151, ISO 9001, ISO 20000, ISO 22301, BS 10012, PCI-DSS, and SOC 1, 2, and 3 reports. For detailed certification information, see the Trust Center.