Transaction type is a category of the activity represented by a certain record. In Transaction Monitoring, system uses types to decide how to process and evaluate the event. Depending on the type, transactions contain different sets of required and optional fields.
Sumsub supports the following types:
finance — Monetary movements such as deposits, withdrawals, transfers, payments, or refunds.
kyc — Includes pre-KYC checks on sign-ups, document verification, or periodic checks. They serve as behavioral and risk signals that can be combined with financial and platform activity to maintain an up-to-date risk profile and drive automated KYC renewal logic. When an applicant completes the onboarding flow and passes checks, a Verification section is automatically created so that the event can be scored with the rules installed in accordance with your risk matrix.
travelRule — Transactions related to the Travel Rule data exchange for crypto transfers between VASPs or between a VASP and an unhosted wallet. They include originator/beneficiary information, asset details, and blockchain identifiers required to comply with Travel Rule regulations and to monitor risk on these transfers.
userPlatformEvent — Non-financial user actions on the platform that are relevant for monitoring (for instance both failed and successful logins, password reset, or any other significant action you would like to monitor and act on). You can use such events for triggering additional checks such as liveness or email and phone verification to protect accounts from account takeover.
📘Note
The same crypto withdrawal can have both a finance and a travelRule transaction, so you can monitor financial patterns and Travel Rule compliance together.
Use cases
In the table below, you can find examples of transaction use cases with its key fields that define a specific transaction type.
Transaction type
Use case
Key fields
finance
Fiat card deposit into account
A customer tops up their balance by 500 EUR using a debit card. The operation must be screened for
AML risk (high-risk geography, card country mismatch, etc.). It allows you to detect unusual funding
behaviour (for example, sudden spikes in deposits or repeated attempts just below configured
limits).
type = "finance" — classifies the record as a financial transaction.
info.direction = "in", info.amount = 500, info.currencyCode = "EUR", info.currencyType =
"fiat" — describe that this is an incoming fiat deposit and its amount/currency.
applicant.paymentMethod.type = "card", applicant.paymentMethod.accountId — identify the card
used and make it available for card-level risk checks and limits.
Crypto withdrawal to external wallet
A user withdraws 0.005 BTC from their platform balance to an external wallet. The transaction should
be checked for unusual amount patterns, previous risk flags, and high-risk wallet characteristics.
Monitoring such withdrawals enables you to identify potentially sanctioned or risky destinations,
and detect rapid outflows after large inflows.
type = "finance" — classifies the record as a financial transaction.
info.direction = "out", info.amount = 0.005, info.currencyCode = "BTC", info.currencyType =
"crypto" — indicate an outgoing crypto withdrawal and the asset/amount.
applicant.paymentMethod.type = "crypto", applicant.paymentMethod.accountId — store the
originating wallet/address on your side (e.g. internal wallet ID), while
counterparty.paymentMethod.accountId can be used for the external destination wallet.
Internal P2P transfer between users
One user sends 200 USD from their wallet to another user on the same platform (P2P transfer). These
operations must be monitored to detect structuring, mule accounts and circular transactions.
type = "finance" — classifies the record as a financial transaction
info.direction = "out" — indicates the sender's perspective, info.amount = 200, info.currencyCode =
"USD" — indicates amount and currency.
applicant.externalUserId (sender) and counterparty.externalUserId (receiver) — user
identifiers on the client side.
userPlatformEvent
Suspicious login pattern
A user has several failed login attempts from a new device and IP, followed by a successful login.
These sequences may indicate credential stuffing or account takeover. Recording each event allows
you to correlate unusual authentication behavior with subsequent financial or KYC actions, so you
can react before any monetary loss occurs.
type = "userPlatformEvent" — denotes a behavioral/platform event, not a financial
transaction.
userPlatformEventInfo.type = "login" ("failedLogin" as subtype for failed attempts) —
differentiates between event kinds in rules.
applicant.device.ipInfo.ip, applicant.device.fingerprint — capture IP, device fingerprint
for anomaly detection.
Password reset/2FA reset request
A user initiates a password reset or 2FA reset from an unfamiliar device and IP. Such events are
critical for detecting attempted account takeover and should be monitored closely. When seen
together with failed logins, new devices or high-risk geolocation, these resets can provide a strong
signal that the account is compromised and further authentication is required.
type = "userPlatformEvent" — classifies the record as a platform event.
userPlatformEventInfo.type = "passwordReset" or "twoFaReset" — distinguishes
security-sensitive actions from general logins.
applicant.device.ipInfo.ip, applicant.device.fingerprint, applicant.device.userAgent —
capture detailed device and browser info for risk assessment.
kyc
New user sign-up
A new account appears on the platform. This event is used to detect sign-up spikes from risky IP
ranges, devices reused across many accounts, and abuse of bonuses or referrals. Tracking sign-ups as
platform events also gives you a complete timeline of the user lifecycle, enabling stronger risk
models that combine origin, device reputation and subsequent behavior.
type = "userPlatformEvent" — classifies the record as a platform event.
userPlatformEventInfo.type = "signup" — explicitly marks the event as a sign-up.
applicant.device.fingerprint, applicant.device.ipInfo.ip — identify device/IP for later
correlation.
travelRule
Withdrawal to an external VASP
A customer initiates a crypto withdrawal above the Travel Rule threshold to an external VASP. Before
broadcasting the blockchain transaction, your platform initiates a Travel Rule data exchange to send
originator information and receive beneficiary details.
type = "travelRule" — indicates that the transaction belongs to the Travel Rule data
exchange flow rather than a standard financial transfer.
info.amount, info.currencyCode, info.cryptoParams.cryptoChain, info.paymentTxnId — describe
the on-chain asset and amount, link the Travel Rule event to the blockchain transaction
hash, and specify the crypto chain.