Security And Trust
Fraud operations handle sensitive data. Loci is built around server-side authentication, tenant isolation, role-based access, auditability, and safe production error handling.
Authentication
API integrations authenticate with issued credentials for the relevant organization and environment. Credentials should be stored server-side and rotated according to the client's security policy.
See Authentication.
Tenant Isolation
Loci is multi-tenant. Organization context is enforced across API calls, data access, module enablement, and operator workflows. Tenant users should only see organizations and modules assigned to them.
Roles And Permissions
Role-based access controls govern what users can see or do in the operator workspace. Typical permissions include alert review, case assignment, case approval, rule editing, rule deployment, reporting, and administrative configuration.
Customer workspaces expose customer-appropriate operator and administrator roles. Platform administration is managed separately from customer operator access.
MFA And Identity Policy
Identity and step-up requirements are configured per deployment, based on the institution's security policy and environment.
Auditability
Important operational actions should be auditable, including:
- Rule creation, edits, tests, approvals, and activation.
- Alert assignment and disposition.
- Case status changes, notes, approvals, and closure.
- Screening feedback and whitelist changes.
- Administrative configuration changes.
Error Hygiene
Production APIs and UIs return user-safe error messages. Stack traces, file paths, database table names, and implementation details are kept out of end-user responses.
Data Retention And Export
Retention, export, and deletion policies should be configured per deployment. Large exports should be asynchronous so they do not affect online evaluation or operator reliability.
Optional Module Data
AccessGate and AccessGate AML may introduce device, session, profile, screening, and relationship data. These modules should be enabled deliberately and documented in the client's data protection review.