Delta Detection

The fraud you never feel
compounds into `₹ crores`.

Slivr is a real-time detection layer for micro-theft — the salami-slicing, penny-shaving, and rounding-attack patterns that hide beneath every payment rail. We ingest every authorisation, settlement, and reversal event, reconstruct the transaction graph in memory, and flag fractional theft long before it shows up on a reconciliation report.

Get Started

Core Capabilities

Numbers that speak for themselves

AUISY currently manages structured and unstructured data, including billions of records.

0ms

p99 decision

edge → verdict

0.0₹

Detected E

single-paisa slice

Rails covered

and counting

Covered Rails

One detection plane. Five settlement realities.

Each rail leaks differently — UPI in fractions of a paisa, SWIFT in conversion spreads. Slivr normalises them into a single ledger of intent.

UPI

180ms

11.2B/mo

instant retail

IMPS

560M/mo

24×7 interbank

AEPS

2.4s

210M/mo

biometric cash-out

SWIFT

minutes

44M/day

cross-border

RTGS

Real-time

₹1.7L cr/day

high-value gross

Rail Intelligence

Built for the way each rail actually leaks.

Generic AML tooling sees rails as a queue of strings. Slivr models each one as a distinct physical system with its own clock, its own settlement window, and its own adversary playbook.

UPI · IMPS

Retail rail micro-skim defence

On UPI we see 8,000+ TPS per PSP. Attackers exploit the rounding window between authorisation and settlement, skimming 0.001–0.05₹ across millions of legs into a single VPA. Slivr fingerprints the originating handle, the timing cadence, and the convergence pattern — usually within the first 2,000 transactions.

• VPA-graph reconstruction in 11ms

• PSP-side webhook + NPCI dispute reconciliation

• Auto-throttle suspicious handles per RBI 2024-IT/3.4

median catch window

2.1 minutes

AEPS · MICRO-ATM

Biometric cash-out drift

AEPS rides Aadhaar biometric auth at last-mile correspondents. The classic micro-attack: a corrupt operator skims a few rupees per withdrawal as 'service fee' across thousands of beneficiaries. Slivr correlates terminal-ID, operator fingerprint, and beneficiary-side delta against the issuer's expected disbursement.

• Terminal fingerprinting (TID + IMEI + geo)

• Operator-level delta against scheme disbursement

• DBT / NREGA wage-leak alerts pushed to issuing bank

avg uplift on recovered ₹

+38%

SWIFT · RTGS

Cross-border & gross-value spreads

On high-value rails the slice hides in FX conversion, intermediary correspondent fees, and the seconds between RTGS message types. Slivr replays MT103/MT202 traffic, matches against RTGS UTRs, and quantifies spread leakage per corridor and per correspondent bank — surfacing both fraud and silent fee creep.

• MT103 / pacs.008 / pacs.009 normalisation

• Correspondent-bank fee drift heatmaps

• Sanctions + dual-use goods overlay (OFAC + UN)

spread leak detected

4.2 bps avg

the engine

A streaming graph the size of the country, in memory.

Slivr's core is a sharded property graph that holds the last 90 days of account-to-account edges as a single in-memory structure. Every ingest event mutates the graph and triggers incremental motifs — fan-in, fan-out, single-sink convergence, and time-locked rebound loops — which are the structural signatures of salami attacks.

Edges held hot

12.4B

Motif scan latency

<9ms

Shards

1,024

Replay window

90 days

how it works

Six passes between a rail event and a recovered rupee.

Slivr is not a batch reconciliation job. It is a streaming detection plane that sits beside your switch, mirrors every leg, and converts raw rail noise into auditable action before the settlement window closes.

01PASSIVE LISTENER

Tap the rail

Slivr attaches as a passive listener on your rail integrations — UPI PSP webhooks, IMPS ISO-8583 taps, AEPS switch logs, SWIFT MT/ISO 20022 queues, and RTGS UTR feeds. Nothing is rewritten upstream; we mirror the same raw event your switch already emits.

02<2MS

Canonicalise & enrich

Every event is hashed into a canonical (payer, payee, amount, rail, ts, leg-id) tuple. Identity is reconciled across VPAs, account+IFSC, BIC, Aadhaar tokens, terminal IDs and device fingerprints — so the same actor is one node, not forty.

03IN-MEMORY

Mutate the graph

The tuple is upserted into a sharded property graph holding the last 90 days of edges in RAM. Each mutation fires incremental motif scanners — fan-in, single-sink, rebound loops, time-locked convergence — without ever re-scanning history.

04DUAL-LAYER

Score & corroborate

Deterministic motifs run beside a Bayesian risk model trained on your own historical ledger. Both must clear threshold for an escalation, which kills the false-positive tax that drowns analyst queues in legacy AML stacks.

05POLICY DSL

Decide & evidence

Your rules are code: freeze, hold, step-up auth, notify, or log. Every verdict ships with an evidence packet — the graph slice, motif hash, feature vector, and policy version — so audit, RBI inspection, and chargeback teams get the same artefact.

06CASE + CHARGEBACK

Recover the rupee

Confirmed slices open a recovery case with NPCI / scheme-spec chargeback templates pre-filled, a reconciliation diff for finance, and a feedback loop that retrains the risk model on what your operators actually upheld.

EDGE → VERDICT

11ms p99

REPLAY WINDOW

90 days hot

THROUGHPUT SUSTAINED

94k events/s

FALSE POSITIVE RATE

0.4%

anomaly map

Where the slices hide, hour by hour.

Micro-theft has a circadian rhythm. Most attacks cluster between 02:00–04:30 local — the gap between EOD reconciliation and the morning ops shift. Slivr's anomaly heatmap surfaces these windows per merchant, per BIN, per terminal, and per corridor, so your team can staff to the threat instead of the calendar.

Per-rail baselines learn in 14 days — no manual rule tuning

Drift detection on velocity, mix, and counter-party — catches new attack shapes

Export to your SIEM (Splunk, Chronicle, Sentinel) — preserves your runbooks

for banks & PSPs

What changes for your fraud, risk, and finance desks.

Micro-theft does not show up on a single transaction — it shows up on the reconciliation, weeks later, as unexplained leakage. Slivr collapses that timeline to seconds, and hands each desk the exact artefact they need to act.

IDENTIFY

Pre-settlement detection

Slivr flags micro-skim patterns inside the authorisation window — before funds settle into the mule account. Your fraud-ops team sees the convergence forming, not the post-mortem.

MEDIAN CATCH WINDOW2.1 min

QUANTIFY

Per-rail leakage ledger

A daily P&L of micro-leakage by rail, corridor, PSP, and branch. Finance gets a number; risk gets a heatmap; the board gets a trendline tied directly to recovered rupees.

UPLIFT ON RECOVERED ₹+38%

PREVENT

Auto-action with audit trail

Policy-driven freezes, step-up auth, throttles on suspicious VPAs/terminals, and operator-level blocks at AEPS BCs — every action carries a signed evidence packet for RBI inspection and customer redressal.

ACTIONS AUDIT-SIGNED100%

COMPLY

RBI / NPCI aligned

Reports map to RBI Master Direction on Fraud Risk Management (2024), NPCI dispute codes, and the AFA/CFR frameworks. Chargeback packets ship in scheme-native format — no manual reformatting.

CHARGEBACK DISPATCH1-click

RECOVER

Closed-loop recovery

Every upheld case feeds the risk model and reconciliation diff. The same engine that detected the slice now writes the journal entries your finance team signs to claw the money back.

RECONCILIATION DIFFT+0

DEFEND

Reduced customer abrasion

Because Slivr scores on graph structure, not blunt amount thresholds, legitimate small-ticket UPI flows pass through untouched. False positives drop, NPS holds, and call-centre volume on disputed micro-debits falls.

FALSE POSITIVE RATE0.4%

PREVENTIVE PLAYBOOK

From signal to stop, in one shift.

→ Detect the fan-in motif on a freshly minted VPA within the first 2,000 legs.
→ Auto-throttle the originating handle per your RBI-aligned policy; queue a manual review with the graph slice attached.
→ Notify the issuing bank's fraud desk over a signed webhook with motif hash, scores, and recommended action.
→ File the NPCI dispute with the pre-filled chargeback packet; finance signs the reconciliation diff the same day.

DEPLOYMENT

In your VPC. Your keys. Your perimeter.

Slivr installs into your VPC or on AUISY's RBI-aligned tenanted cloud. Data localisation defaults to India; no PAN, AA, or KYC artefact leaves the perimeter you choose. SOC 2 Type II and ISO 27001 attested.

Banks

Scheduled commercial & small-finance banks

Protect the rupee inside the authorisation window — before settlement, before reconciliation, before the customer notices.

11ms

edge-to-verdict, inside auth window

+38%

uplift in recovered rupees / quarter

1-click

RBI-aligned chargeback dispatch

0.4%

false positive rate, retail-grade NPS preserved

// where it hurts today

Sub-rupee skim on retail UPI/IMPS volume that the warehouse rounds away every night.
AEPS BC-channel drift: micro-cents pinched off Aadhaar-authenticated cash-outs in tier-3/4 geographies.
RBI Master Direction 2024 reporting load — fraud has to be classified, evidenced, and filed inside hard SLAs.
Chargeback ops drowning in manual NPCI dispute formatting for low-ticket cases that aren't worth the analyst hour.

// what each desk gets

Fraud Risk
Live motif queue with graph-slice evidence; no more post-mortem dashboards.
Reconciliation
T+0 leakage diff signed by the same engine that detected the slice.
Compliance
Auto-mapped to RBI MD-FRM 2024 + CFR; auditor gets the exact policy line that fired.
Branch / BC Ops
Per-terminal and per-operator drift scores — pinpoint the rogue AEPS device in hours, not weeks.

Fintech

PA/PG, neobanks & lending fintechs

Ship faster without inheriting card-era AML scaffolding. A graph-native plane that grows with your rail mix.

14 rails

native — UPI, IMPS, AEPS, cards, NACH, BBPS, wallets

DSL-first

your risk engineers extend motifs in code, not tickets

94k ev/s

sustained throughput per shard; scale-out is horizontal

VPC-native

ship in your AWS/GCP perimeter — no data egress

// where it hurts today

Card-built fraud vendors can't see UPI fan-in motifs forming across freshly minted VPAs on your platform.
Mule-net abuse on payouts: hundreds of low-ticket disbursements that look clean per-row but converge on one sink.
Reserve-bank scrutiny on PA licence holders — every flagged transaction needs an auditable rationale, not a vendor score.
Risk team is 4 people; you cannot staff a 24×7 motif-review desk on legacy rules.

// what each desk gets

Risk Eng
Open policy DSL — write a motif, version it, ship it, roll it back. Like product code.
Growth / KYC
Distinguish a mule-net onboarding wave from a genuine creator-economy spike, in real time.
Treasury
Per-corridor leakage P&L feeds straight into your unit economics model.
Founder / CXO
One platform for detection, decisioning, evidence, dispute, recovery — one SLA, one bill.

Infra

Payment infrastructure & networks

Switches, PA-Ps, ATM/AEPS networks, scheme operators — the layer that moves the money has to see the leak first.

12.4B

hot edges in-memory across the rail topology

90-day

replay window — re-run any motif against history

Signed

evidence packets sharable across issuers without leaking PII

100%

actions are policy-versioned & audit-signed

// where it hurts today

Cross-bank visibility: a salami attack is structural across issuers, but each issuer only sees their leg.
Schemes & switches absorb the reputational blast of mule-net abuse without owning the customer relationship.
Settlement diffs widen by a few paise per million legs — invisible per-day, material per-quarter.
Operational forensics on a UPI/AEPS incident takes weeks of cross-bank log reconciliation.

// what each desk gets

Network Risk
Full-graph view of inter-bank flows; spot convergence patterns no single issuer can see.
Settlement Ops
Daily paise-level leakage attribution per member bank, per corridor.
Scheme Compliance
Forensics-ready packets for NPCI/RBI escalations — minutes, not weeks.
Partner Banks
Push signed alerts to member-bank fraud desks over a webhook spec they can codify against.

// shared substrate

One graph, every counterparty.

The same in-memory topology serves the bank's reconciliation desk, the fintech's risk engineer, and the network's settlement analyst — with role-scoped projections, never shared PII.

// shared language

Motifs travel across the stack.

A fan-in motif raised by a PA-P can be replayed by the issuing bank against its own ledger and acknowledged back to the scheme — signed, versioned, hash-verifiable end to end.

// shared outcome

The rupee is recovered, not written off.

Detection without recovery is a dashboard. Slivr closes the loop with NPCI/scheme chargeback packets, T+0 reconciliation diffs, and a feedback signal back into the risk model.

who it's for

One detection plane. Three operating realities.

Banks own the regulatory floor. Fintechs own the velocity. Networks own the topology. Micro-theft exploits the seams between them. Slivr is engineered to collapse those seams — and to hand each operator exactly the artefact their mandate requires.

0111MS P50

Ingest

Webhooks, Kafka, ISO-8583 taps, and direct rail listeners. Slivr accepts every authorisation, reversal, refund, and settlement event in its native shape — no ETL, no schema translation upstream.

02GRAPH UPSERT

Normalise

Each event is hashed into a canonical (payer, payee, amount, rail, ts) tuple and upserted into the streaming property graph. Identity is reconciled across VPAs, account numbers, IFSCs, BICs, and Aadhaar tokens.

03MOTIFS + ML

Detect

Two layers run in parallel: deterministic motif matchers (fan-in, single-sink, rebound, time-locked) and a Bayesian risk model trained on your historical ledger. Both must agree above threshold to escalate.

04POLICY DSL

Decide

Your policies are code. Block, hold, step-up auth, notify, or log — each decision is auditable, version-controlled, and produces an evidence packet (graph slice, motif hash, scores).

05CASE + CHARGEBACK

Recover

Every confirmed micro-theft event opens a recovery case with chargeback templates pre-filled to NPCI / scheme spec, plus a reconciliation diff your finance team can sign in one click.

decision pipeline

From rail event to recovered rupee — in one pass.

Most fraud stacks bolt detection on after settlement. Slivr lives in front of the ledger: a single streaming pipeline that converts raw rail noise into auditable, recoverable action.

Axis

AUISY · Slivr

Typical India fraud-tech

Detection unit

Sub-paisa (0.001₹) per leg, scored on graph structure

₹-thresholded rules; sub-rupee deltas filtered as noise

Core engine

In-memory sharded property graph, 12.4B hot edges, custom Rust runtime

Batch SQL over warehouse snapshots; nightly re-scoring

Latency

11ms p99, edge → verdict, inside the authorisation window

Minutes to hours; flagged after settlement

Rail coverage

Native UPI, IMPS, AEPS, SWIFT, RTGS, NACH, BBPS, cards (14 rails)

Card-first; UPI/AEPS bolted on; SWIFT in a separate product

Motif library

Open DSL — fan-in, single-sink, rebound, time-locked, rounding-window — extend in policy code

Closed blackbox models; new patterns require vendor release

Evidence

Signed evidence packet per verdict: graph slice, motif hash, feature vector, policy version

Alert + raw row; analyst rebuilds context manually

Recovery loop

NPCI / scheme-native chargeback templates, T+0 reconciliation diff

Detection only; recovery handed to a separate ops vendor

Deployment

Your VPC or AUISY tenanted cloud in India; no data egress

Vendor SaaS in foreign region; data residency by ticket

What makes us one of one, not one of many.

Built for the paisa, not the rupee

Every other AML/fraud product in India treats sub-rupee deltas as rounding noise. AUISY was designed from day one around the hypothesis that the dangerous fraud is the fraud you never feel — and the math, the storage, and the policy DSL are all tuned for the 0.001₹ leg.

A graph, not a row-store

Indian incumbents run rules over a warehouse table. AUISY runs motif matchers over an in-memory property graph that holds the last 90 days of the country's account-to-account topology. Salami attacks are structural; you need a structural detector.

Rail-native, not rail-agnostic

We do not pretend UPI, AEPS, and SWIFT are the same problem. Each rail has a dedicated normaliser, dispute-spec mapping, and motif library — written by engineers who have shipped against NPCI, RBI, and SWIFT specs in production.

RBI-aligned by construction

Reporting maps to the 2024 RBI Master Direction on Fraud Risk Management. Chargeback packets ship in NPCI dispute-code format. Data localisation is the default, not an enterprise add-on. Built in India, for the Indian rail stack.

Open policy, no blackbox

Every motif, score, and action is inspectable, version-controlled code. When RBI, your auditor, or your board asks why a customer was frozen, you can show them the exact line — not a vendor-issued PDF.

One platform, end-to-end

Detect, decide, evidence, dispute, reconcile, and retrain — in one product. No data hand-offs between a detection vendor, a case-management vendor, and a chargeback ops vendor. One contract, one SLA, one source of truth.