Feature Module
Drift Detection and Alerting
Compare baseline and current merchant signals to detect policy-relevant drift before risk accumulates. When a merchant's profile changes, you need to know why.
How it works
Baseline established
The initial scan creates a content profile (categories, keywords, products, payment methods) that becomes the merchant's approved baseline.
Subsequent scans compared
Each monitoring scan compares current content against the baseline. A drift score quantifies how much has changed.
Alerts routed by severity
Drift above the soft threshold creates informational alerts. Drift above the hard threshold or toward prohibited categories creates critical alerts.
Alerts
Active violations & SLA tracker
Warung SeribuPT Warung Seribu
BRAM violation detected — unlicensed pharma
INV DUE
4d 6hPho Minh TradingPho Minh Trading Co Ltd
BRAM violation detected — mcc miscoding
ACK DUE
2d 1hSinar Jaya PaySinar Jaya Pay Sdn Bhd
BRAM violation detected — illegal gambling
INV DUE
12hBunga Emas DigitalBunga Emas Digital Sdn Bhd
BRAM violation detected — mcc miscoding
INV DUE
11d 4hBaseline comparison model
Each scan is compared against the merchant's historical profile: primary business category, keyword vectors, product types, payment methods, and outbound links. The drift score measures how much the current content has diverged from what was approved. Comparing against the original baseline catches gradual pivots that would be invisible scan-to-scan.
Alert prioritization
Severity levels classify changes into neutral (cosmetic updates), attention (meaningful content shift), and critical (drift toward prohibited categories like gambling, adult content, or unlicensed pharmaceuticals). Critical alerts go to the top of the analyst queue. Soft-drift alerts are batched for periodic review.
Human override discipline
Analysts can validate, escalate, or dismiss any alert. Every action is logged with decision rationale. Dismissals require a reason code. Escalations create investigation cases with SLA timers.
Configurable thresholds
Different merchant segments can have different drift sensitivity. A high-risk category like online-gambling-adjacent merchants might alert at 20% drift, while a standard retail segment allows 40% before flagging. Thresholds are configurable per organization and per risk tier.
Frequently asked questions
- What triggers a drift alert?
- Material content, category, or behavioral changes relative to the baseline profile. The specific threshold depends on the merchant's risk tier and your organization's configuration.
- Can analysts override model output?
- Yes. Analysts can validate, escalate, or dismiss any alert. All actions are logged with decision context for auditability.
- How is the baseline established?
- The initial scan creates the baseline automatically. It captures content categories, keyword distribution, product types, payment methods, and structural signals. Baselines can be manually reset after legitimate business changes.
- What about gradual drift?
- AURA compares against the original baseline, not the previous scan. Slow pivots that accumulate over months are caught because the total drift from the approved profile is measured, even when each individual change is small.