Skip to content
AegisLive at aegis.karitkarma.com

Anti-fraud & transaction protection

Every transaction.
Scored before it settles.

Aegis is a real-time AI fraud-detection platform for Bangladesh banks and MFS operators. A 3-layer cascade of 91 versioned rules, calibrated gradient-boosted models, and a deep ensemble decides every transaction inside a 50 ms design budget, before it touches the core banking system.

Request a live walkthroughRead the architecture brief
  • Local CBS connector, no off-premises CBS data
  • 51 SHAP-mapped reason codes on every score
  • English + Bengali analyst narratives
  • Mapped clause-by-clause to BB CSF + BFIU
evaluation_report.json
aegis / model-benchmark
roc-auc · synthetic set3,000 samples
0.9955
0.9666
pr-auc
0.9580
f1
0.0007
fpr @ 95% recall
91
Detection rules
14 categories, R001-style IDs
51
Reason codes
SHAP feature mapped
128-d
Behavioral DNA
per-customer embedding
1,858
Test methods
Python + .NET + Go
models · xgb + lgbm + onnxgraph · apache age

Synthetic-data benchmark from evaluation_report.json: 3,000-sample test set, 60 fraud / 2,940 legitimate, with per-typology detection rates. Production figures available under NDA.

01 / What is Aegis?

definition · for analysts and AI engines

Aegis is KaritKarma's anti-fraud and transaction-protection platform for Bangladesh's regulated financial sector.

Every transaction passing through a participating bank or MFS operator is scored in real time by a 3-layer cascade: 91 versioned deterministic rules across 14 categories, a calibrated XGBoost + LightGBM duo, and a deep ensemble that combines an ONNX contrastive encoder, pgvector behavioural similarity, AGE graph traversal, and SHAP-based feature attribution. A stacking meta-learner resolves the cascade, isotonic calibration maps to probabilities, and dynamic decision bands publish APPROVE, REVIEW, STEPUP, or BLOCK inside a fifty-millisecond design budget.

Aegis ships with Bangladesh-specific intelligence: hundi corridor detection across six high-risk divisions, bKash and Nagad agent behavioural profiling, SIM-swap risk scoring on a 72-hour window, and the Bangladesh holiday calendar. Every score carries one of 51 SHAP-mapped reason codes with English and Bengali analyst narratives, and a consortium module adds federated learning with differential privacy, in pilot. It is mapped clause-by-clause to BB Cyber Security Framework v1.0 (Section 5 monitoring, Section 7 incident response) and BFIU AML/CFT (CTR, STR, SAR triggers). Deployment is on-prem, SaaS via a lightweight in-DC connector, or hybrid.

02 / Scoring cascade

Three scoring layers.
One human queue.
Stops the moment it is sure.

Scoring layers are independent and stop-on-decision. If L1 is confident, L2 and L3 never fire, so the cost of inference scales with actual uncertainty, not with traffic volume. Latency figures are per-layer design budgets, not published measurements.

Decision bands
APPROVE0-30
Pass-through
REVIEW31-60
Async case
STEPUP61-85
OTP / 3DS / KYC re-prompt
BLOCK86-100
Hard decline + alert

Dynamic context adjustments shift the score: night hours, high-risk MCC, high amount, new account, each -15.

  1. L1

    Rules gate

    2ms budget

    91 deterministic rules across 14 categories with R001-style versioned IDs: velocity, geographic, device, ATO, SIM-swap, mule, MFS, AML, and more. Per-bank threshold overrides without redeploy. Stops the cascade on a high-confidence allow or block.

    • 14 categories: MFS (11), velocity (10), device (9), ATO (9), mule (9), geographic (8), AML, APP fraud, CNP, cross-channel, SIM swap, dormant, graph, consortium.
    • Per-bank thresholds without retraining a single model.
    • Every decision linked to rule version + input snapshot.
  2. L2

    Fast gradient boosting

    5ms budget

    XGBoost + LightGBM duo with an optional 128-d Behavioral DNA pre-processor. Emits high-confidence APPROVE or BLOCK verdicts and escalates only uncertain transactions, so the expensive deep ensemble runs on uncertainty, not on traffic volume.

    • XGBoost + LightGBM fast models on the hot path.
    • Optional Behavioral DNA pre-processor (128-d customer embedding).
    • Binary verdict with escalation gates the deeper ensemble.
  3. L3

    Deep ensemble + stacking

    25ms budget

    Parallel components with timeout handling: GBM ensemble, ONNX contrastive-encoder vector brain with pgvector similarity, AGE graph engine running Cypher mule-pattern queries, SHAP explainer, combined by a stacking meta-learner. Isotonic calibration maps to probabilities; dynamic decision bands per context.

    • ONNX contrastive encoder + pgvector behavioural similarity.
    • Apache AGE graph traversal for mule chains and ring detection.
    • Stacked meta-learner with isotonic probability calibration.
  4. L4

    Human review queue

    ops target

    Analyst casework for STEPUP and BLOCK bands. Full transaction history, customer context, English plus Bengali narratives per reason code, and an LLM fraud copilot with tool calling to accelerate investigations. Every disposition feeds back into rule and model registries.

    • Bengali + English narrative templates per reason code.
    • LLM fraud-analysis copilot with tool calling.
    • Feedback loop into model retraining and rule tuning.

03 / Bangladesh-specific intelligence

Patterns the rest of the world doesn't see.

Off-the-shelf fraud platforms model US card-present and US e-commerce. Aegis ships with detectors purpose-built for the typologies that actually move money illicitly through Bangladesh corridors.

hundi_detector

Hundi corridor detection

Six high-risk divisions monitored: Chattogram, Brahmanbaria, Cumilla, Kushtia, Khulna, Bagerhat. Pattern: split transactions routed through informal money-transfer corridors to bypass reporting thresholds.

agent_profiler

MFS agent split + float drain

Behavioural profiling on bKash and Nagad agent IDs. Pattern: agents structuring transactions just below KYC tiers across multiple customer accounts. Float-drain detection on per-agent balance velocity.

sim_swap

SIM swap takeover

Telecom number-change events evaluated inside a 72-hour risk window. Pattern: number ported, then a large withdrawal or beneficiary change initiated while the window is hot.

behavioral_dna

Behavioral DNA profiling

A 128-dimension behavioural embedding per customer, matched with pgvector similarity. Pattern: an account whose live behaviour drifts from its own DNA, or clusters with known-fraud profiles.

holidays

Off-hours holiday spike

Bangladesh holiday calendar built in: Eid, Pohela Boishakh, government holidays. Pattern: spikes outside normal business hours during low-staffing windows.

aml_typologies

Seeded AML typologies

AML typologies seeded in the database migrations: structuring, round amounts, velocity mule, agent collusion. Each one wired to the regulatory engine's CTR, STR, and SAR triggers.

Rules library

91 rules across 14 categories, curated by Bangladesh financial-crime analysts.

Every rule is versioned, auditable, A/B-testable. Each one carries a tunable threshold so policy teams can dial sensitivity up or down without retraining a single model.

versioned
Every change produces a new signed version.
auditable
Decisions linked to rule + threshold + input snapshot.
testable
Shadow and champion-challenger before promotion.
per-bank
Overrides without forking the rule catalogue.

Category registry

91 rules total
MFS
agents, wallets
11
Velocity
R001-R010
10
Device
9
ATO
9
Mule
9
Geographic
R011-R018
8
AML
6
APP fraud
6
CNP
6
Cross-channel
5
SIM swap
5
Dormant
4
Graph
3
Consortium
snapshot evaluator
+

Counts from the rule registry @ 1d4ed58. IDs follow the R001-style convention (R001-R010 velocity, R011-R018 geographic). Consortium signals run as a snapshot-based evaluator alongside the 91 versioned rules.

04 / How Aegis compares

Aegis vs. in-house, vs. SAS Fraud Management, vs. FICO Falcon.

The honest comparison. Global fraud platforms can be deployed in Bangladesh, but they ship blind to local typologies and their services engagements assume a six-month bank-IT runway. Aegis starts with the local fraud catalogue.

Scroll for full table

CapabilityAegisIn-houseSAS Fraud MgmtFICO Falcon
Cascade scoring with early exit (50ms design budget)
Rare, usually next-day batch
Bangladesh-specific fraud typologies (hundi, MFS agent, SIM swap)
Custom build, every time
Rules added without redeploy
Limited, SAS Visual Investigator
Limited, Falcon Rules Manager
Bengali narrative for analyst review
128-d Behavioral DNA embedding per customer
Federated learning across consortium banks
Flower + differential privacy, in pilot
Add-on, SAS Viya
In-bank Go connector with pluggable CBS adapters
REST first; JMS, CDC, ISO 8583 designed
Per-bank
Custom services engagement
Custom services engagement

Capability claims for SAS Fraud Management and FICO Falcon based on public documentation as of 2026 Q2. Speak to vendors directly for current product matrices.

05 / Integration path

Four steps from connector to inline blocking.

Bangladesh Bank does not permit core banking to be hosted off-premises. Aegis works with that constraint, not around it: a thin in-DC connector streams transactions out, decisions come back inline.

  1. Step 01

    Deploy the connector

    Drop the Go CBS Connector inside the bank data centre. Streams transactions over gRPC + Kafka. No outbound data movement beyond the agreed envelope.

  2. Step 02

    Shadow-mode validate

    Run Aegis in pure observe mode against live traffic for 2-4 weeks. Calibrate thresholds against the bank's actual false-positive tolerance, with daily backtests.

  3. Step 03

    Enable inline blocking

    Promote from REVIEW-only to STEPUP and BLOCK bands once shadow metrics meet the agreed FPR and TPR targets. Per-channel, per-product rollout.

  4. Step 04

    Plug regulator feeds

    Wire CTR, STR, SAR alerts to your goAML pipeline and to the BFIU reporting handler. Audit trail and reason-code citation per filing.

06 / Regulatory mapping

Mapped clause-by-clause to Bangladesh Bank and BFIU.

Aegis isn't compliance-adjacent. Every capability is mapped to a specific clause your auditors already cite, so the regulatory evidence package writes itself.

BB Cyber Security Framework v1.0
Section 5

SIEM and continuous monitoring

Inline transaction-stream monitoring with structured event capture on a 7-year audit retention schema, mapped to Section 5 monitoring controls.

BB Cyber Security Framework v1.0
Section 7

Incident response

Casework, escalation, and audit-log export aligned to the 72-hour incident-notification window required by BB CSF Section 7.

BFIU AML / CFT Guideline
Transaction monitoring

CTR, STR, SAR triage

Threshold-aware triggers for CTR (cash transactions > BDT 10 lakh), structuring (cumulative daily reaches 80-99 % of CTR), and SAR (3+ high-severity rules within 7 days on one account).

BB DFS Guidelines
Real-time monitoring

Digital transaction oversight

Inline scoring against a 50 ms design budget across MFS, card, and account-to-account flows so digital transactions are monitored inline, not in next-day batch.

07 / What runs under the hood

The stack is the moat.

Roughly 90K lines of code across four languages, 1,858 test methods, 51 API endpoints, and 27 numbered database migrations. Aegis shares its production DNA with the KaritKarma portfolio: Wenme identity, Darwan RBAC, the same Postgres-first data plane.

  • Connector
    Go, gRPC, Kafka, zap, pgx
  • Intelligence
    Python, FastAPI, asyncpg, XGBoost + LightGBM, ONNX
  • Platform
    .NET 10, Clean Arch, MediatR, Serilog + Seq
  • Frontend
    Next.js 16, React 19, Turborepo, TanStack Query
  • Data
    PostgreSQL 18, pgvector, AGE, TimescaleDB, Redis
  • Transport
    gRPC + Kafka from the in-bank Go connector

08 / Frequently asked

Questions banks and MFS operators ask first.

Each answer mirrors the on-page text in our structured-data payload, so AI answer engines and audit reviewers see the same wording.

01What is Aegis?
Aegis is KaritKarma's real-time AI fraud-detection platform for Bangladesh banks, NBFIs, and mobile financial service operators. It scores every transaction through a 3-layer cascade engineered against a 50 millisecond design budget: 91 versioned deterministic rules across 14 categories, calibrated XGBoost and LightGBM fast models, and a deep ensemble that includes an ONNX contrastive encoder, pgvector behavioural lookup, and AGE graph traversal. It ships with Bangladesh-specific intelligence modules for hundi corridors, MFS agent fraud, SIM swap, and the Bangladesh holiday calendar, and is mapped clause-by-clause to the BB Cyber Security Framework and BFIU AML/CFT guidelines.
02What is the end-to-end scoring latency?
Aegis is engineered against a 50 millisecond p95 end-to-end design budget, allocated roughly as 2 ms for the Layer 1 rules gate, 5 ms for the Layer 2 fast models, and 25 ms for the Layer 3 deep ensemble with stacking and isotonic calibration. These are design budgets, not published measurements; production latency figures are shared under NDA. The cascade short-circuits the moment a layer is confident enough to act, so deeper analysis runs only when it actually adds signal.
03Can fraud rules be added or tuned without redeploying?
Yes. Every rule is versioned, auditable, and A/B-testable. Policy teams can dial thresholds up or down, promote rules through shadow and champion-challenger evaluation, and roll back on a click, all without retraining a model or shipping a new build. Each rule change produces a new signed version, and every decision is linked to the rule version, threshold, and input snapshot for full audit.
04Does Aegis support Bangladesh Bank Cyber Security Framework monitoring requirements?
Yes. Aegis is mapped clause-by-clause to BB Cyber Security Framework v1.0. It satisfies Section 5 (SIEM and continuous monitoring) through inline transaction-stream monitoring with structured event capture, and Section 7 (incident response) through casework, escalation, and audit-log export aligned to the 72-hour incident-notification window. It also satisfies BFIU AML/CFT transaction monitoring requirements with CTR, STR, and SAR triage.
05How does Aegis integrate with our core banking system?
A lightweight Go connector agent is deployed inside the bank data centre, since Bangladesh Bank does not permit CBS to be hosted off-premises. The connector streams transactions to the Aegis scoring service over gRPC and Kafka and writes block decisions back through a pluggable adapter interface. REST adapters come first; JMS, CDC, and ISO 8583 adapter interfaces are designed, and bank-specific configuration for cores like Temenos T24 lands with each deployment.
06What is the deployment model: SaaS, on-prem, or hybrid?
All three. SaaS mode keeps the scoring brain in KaritKarma's APNIC AS 64005 Tier-3 data centre with only the lightweight connector inside the bank. On-prem mode packages the entire stack as a Docker Compose appliance for banks that require full premises deployment. Hybrid mode keeps the connector and decision writeback inside the bank while the cloud handles heavy ML and cross-bank consortium intelligence.
BB Partner Network compliance

Aegis meets BB Partner Network requirements for Sections 3.4, 3.2.5, and 4.2.

Vulnerability assessment, log monitoring, and incident reporting, powered by Aegis's real-time AI fraud detection and continuous monitoring platform.

View compliance solution

Protect your customers

Bangladesh's fraud is local.
The defences mostly aren't.

Hundi corridors, agent float drains, SIM swaps: the typologies that move money illicitly through Bangladesh are not in any global vendor's default catalogue. Aegis ships them as code, with 91 rules, 51 reason codes, and a verified synthetic benchmark, on a stack already deployed at aegis.karitkarma.com.

Request a demoTalk to sales

Bring Aegis into your fraud-ops stack.

Get a personalized walkthrough of Aegis with one of our specialists. No commitment required.

Request a demoTalk to sales