From Insight to Action: Powering Faster, Smarter Defenses

This month, we’re delivering updates that help both fraud teams and developers move faster and smarter. From AI-generated fraud insights and remote access detection to new developer controls like double encryption and SDK error documentation, this release is all about turning signals into action. Whether you're monitoring threats in real time or refining user journeys, you’ll find new tools to boost your response and expand what’s possible with Mosaic.

Highlights

AI-Powered Insights for Fraud Campaigns

Fraud Campaigns now include AI-generated summaries that highlight key patterns across related fraud events. These narrative insights cover timing, geography, device usage and attack vectors, helping analysts understand the big picture faster.

* General availability.

Automate Identity Verification Actions with the New Workflow Connector

You can now integrate Identity Verification events directly into your Automated Workflows. This new connector lets you respond to verification outcomes in real time, with no manual follow-up required.

With this update, you can:

• Trigger workflows based on Identity Verification API responses or events.

• Send real-time alerts (like failures) to Slack or other channels.

• Take immediate actions like deleting sessions, applying labels or generating insights based on Identity Verification activity.

For example, you can automatically alert your fraud team when a synthetic identity is detected or when the system flags a match with a known fraudster’s face — enabling a rapid response before the attack escalates.

* General availability

New Kafka Connector for Event Streaming

You can now stream Mosaic events directly into Kafka using the Confluent HTTP Source Connector, making it easy to pull data from the Event Streaming API and push it to a Kafka topic for real-time monitoring, threat detection or downstream analytics.

* General availability

Fraud Prevention

Smarter Decisions with Label-Based Reasons

Mosaic recommendations now include label-based reason codes, showing when entities were recently involved in analyst-labeled actions. This gives fraud teams greater visibility into why decisions are made and how their feedback shapes detection in real time.

* General availability

Spot Remote Access Before It Becomes a Threat

Mosaic’s remote access detection has been significantly enhanced to better identify when a user’s device is being controlled by external tools or software. This includes both known remote access programs and behavioral signals that suggest interference with normal usage.

When combined with other indicators, remote access becomes a strong signal of fraud risk. With this update, security teams gain improved visibility into compromised sessions and can respond to threats earlier and more effectively.

* General availability

New Documentation: SDK Error Codes for Fraud Prevention

Understanding and handling SDK errors just got easier. We've published a new documentation page detailing error codes related to our Fraud Prevention SDKs — making it faster to debug issues and build more resilient integrations.

Check out the SDK error code documentation to get started.

Customer Identity Management

Investigate Smarter with Enhanced User Activity Logs

We’ve made a series of UX improvements to help you get more out of User Activity data and streamline investigations:

• Filter by country name to quickly isolate events from specific regions.

• See richer context with new data points like country flags, device platform, OS and browser details.

• Jump directly to Identity Verification sessions from related user activity events so you can access deeper context without switching views.

These updates make it easier to monitor behavior, trace suspicious actions and respond faster to potential threats, all from a single, unified interface.

* Available in sandbox

Double Encryption for Journey Session Data

Mosaic now supports double encryption for journey session data, delivering end-to-end protection from the client to the orchestration service. This enhancement ensures that sensitive information remains secure across any network topology or SSL termination setup.

This capability is currently available in sandbox and being gradually rolled out. If you’re interested in enabling double encryption for your environment, please check out our securing journeys guide and contact the Transmit Security Support.

* Available in sandbox