Fraud MCP Server — unified fraud detection (signals + risk scoring) and case review (alerts, gated decisions, block/allow lists) for retail and insurance SIU fraud agents
Fraud MCP Server
A unified fraud layer for ADK-Rust Enterprise agents — combining fraud signals + risk scoring (detection) and case alerts + gated decisions (review) in one server. 19 MCP tools serving both the retail Fraud Review Agent and the insurance SIU Fraud Triage Agent.
One server, both halves of fraud
Fraud detection and fraud review are two ends of the same pipeline, so they live together: signals feed scores, scores open cases, cases reach decisions — with an immutable audit trail throughout.
| Agent | What it uses |
|-------|-------------|
| Retail / e-commerce — Fraud Review | order/transaction signals → score_entity → create_case/triage_entity → decide_case (approve/decline) → block/allow lists |
| Insurance — SIU Fraud Triage | claim signals (staged accident, duplicate claim, provider ring) → score → case → escalate_case to SIU → decide_case (refer) |
Architecture
How Scoring Works
- Each signal on an entity contributes a weight; the risk score is the capped sum (0–100).
- A signal's weight is its explicit weight → else its risk rule weight → else a severity default.
- Bands: Low (<30) · Medium (30–59) · High (60–79) · Critical (≥80).
- Lists override: allow-listed entities score 0; block-listed force 100.
- Rules are configurable at runtime (
upsert_rule) — no code changes to tune the model.
Tools (19)
Signals & Scoring (5)
| Tool | What It Does |
|------|-------------|
| add_signal | Record an indicator on an entity |
| get_signals | List an entity's signals |
| score_entity | Aggregate score, band, and per-signal contributions |
| upsert_rule | Create/update a signal-type → weight rule |
| list_rules | List configured rules |
Cases & Decisions (10)
| Tool | What It Does |
|------|-------------|
| create_case | Open a review case (scores at creation) |
| get_case · search_cases | Read / filter (highest-risk first) |
| rescore_case | Recompute from current signals/lists |
| assign_case | Assign to a reviewer |
| escalate_case | Escalate (e.g. to SIU) — gated |
| add_note | Investigation note |
| decide_case | approve / decline / refer / hold — gated |
| close_case | Close after a decision — gated |
| get_audit_trail | Immutable decision record |
Block / Allow Lists (3)
add_to_list (gated) · remove_from_list (gated) · list_entries
Agentic (1)
triage_entity — score an entity and auto-open a case when it reaches the threshold band; returns score + recommendation. The final decision still flows through the gated decide_case.
Example
> add_signal(entity_type: "order", entity_ref: "order:LIVE1", signal_type: "velocity", severity: "medium")
> add_signal(entity_type: "order", entity_ref: "order:LIVE1", signal_type: "prior_chargeback", severity: "high")
> add_signal(entity_type: "order", entity_ref: "order:LIVE1", signal_type: "new_account_high_value", severity: "high")
> triage_entity(domain: "retail_ecommerce", entity_type: "order", entity_ref: "order:LIVE1", reporter: "fraud-bot")
→ risk_score 95 (critical) · recommendation "decline_or_refer" · case FRD-1011
> assign_case(id: "FRD-1011", actor: "lead", assignee: "review.amy")
> decide_case(id: "FRD-1011", actor: "review.amy", decision: "decline", disposition: "confirmed ATO fraud")
→ decided
> add_to_list(kind: "block", entity_type: "customer", entity_ref: "cust:BADActor", reason: "ATO ring", actor: "ops")
> score_entity(entity_ref: "cust:BADActor") → 100 (block_listed)
Installation
1. Build
git clone https://github.com/zavora-ai/mcp-fraud
cd mcp-fraud
cargo build --release
2. Add to your MCP client
Claude Desktop / Kiro / Cursor / Windsurf:
{
"mcpServers": {
"fraud": {
"command": "/path/to/mcp-fraud"
}
}
}
3. Use it
> search_cases(domain: "insurance", risk_band: "critical")
> score_entity(entity_ref: "claim:CLM-5521")
Governance & Data Handling
- Gated high-impact writes —
decide_case,escalate_case,close_case, and list changes require approval in production; signal/score reads areread_only. - Defensible decisions — every case mutation appends to an immutable audit trail.
- Opaque entities — entities are references/tokens (
order:…,claim:…,cust:…), not raw PII. - Integration scaffold — the in-memory store and scoring model are for development; back them with your real signals platform and decision store, and bind actors to authenticated identities in production.
MCP Server Manifest
server_id = "mcp_fraud"
display_name = "Fraud Detection & Review"
version = "1.0.0"
domain = "risk"
risk_level = "high"
writes_allowed = "gated"
transports = ["stdio"]
Contributors
| 
James Karanja Maina |
|:---:|
License
Apache-2.0 — see LICENSE for details.
Part of the ADK-Rust Enterprise MCP server ecosystem.
Registry Compliance
This server implements the ADK MCP SDK contract:
- HealthCheck — async health probe for registry monitoring
- mcp-server.toml — manifest declaring tools, risk classes, and approval gates
- Structured tracing —
RUST_LOGenv-filter for observability