Documentation
API ReferenceChangelogFAQDashboard

Transaction types

Explore the full list of transaction types supported by Sumsub.

Transaction type is a category of the activity represented by a certain record. In Transaction Monitoring, system uses types to decide how to process and evaluate the event. Depending on the type, transactions contain different sets of required and optional fields.

Sumsub supports the following types:

  • finance — Monetary movements such as deposits, withdrawals, transfers, payments, or refunds.
  • kyc — Includes pre-KYC checks on sign-ups, document verification, or periodic checks. They serve as behavioral and risk signals that can be combined with financial and platform activity to maintain an up-to-date risk profile and drive automated KYC renewal logic. When an applicant completes the onboarding flow and passes checks, a KYC transaction is automatically created so that the event can be scored with the rules installed in accordance with your risk matrix.
  • travelRule — Transactions related to the Travel Rule data exchange for crypto transfers between VASPs or between a VASP and an unhosted wallet. They include originator/beneficiary information, asset details, and blockchain identifiers required to comply with Travel Rule regulations and to monitor risk on these transfers.
  • userPlatformEvent — Non-financial user actions on the platform that are relevant for monitoring (for instance both failed and successful logins, password reset, or any other significant action you would like to monitor and act on). You can use such events for triggering additional checks such as liveness or email and phone verification to protect accounts from account takeover.

📘

Note

The same crypto withdrawal can have both a finance and a travelRule transaction, so you can monitor financial patterns and Travel Rule compliance together.

Use cases

In the table below, you can find examples of transaction use cases with its key fields that define a specific transaction type.

Transaction type

Use case

Key fields

finance

Fiat card deposit into account



A customer tops up their balance by 500 EUR using a debit card. The operation must be screened for AML risk (high-risk geography, card country mismatch, etc.). It allows you to detect unusual funding behaviour (for example, sudden spikes in deposits or repeated attempts just below configured limits).

  • type = "finance" — classifies the record as a financial transaction.

  • info.direction = "in", info.amount = 500, info.currencyCode = "EUR", info.currencyType = "fiat" — describe that this is an incoming fiat deposit and its amount/currency.

  • applicant.paymentMethod.type = "card", applicant.paymentMethod.accountId — identify the card used and make it available for card-level risk checks and limits.

Crypto withdrawal to external wallet



A user withdraws 0.005 BTC from their platform balance to an external wallet. The transaction should be checked for unusual amount patterns, previous risk flags, and high-risk wallet characteristics. Monitoring such withdrawals enables you to identify potentially sanctioned or risky destinations, and detect rapid outflows after large inflows.

  • type = "finance" — classifies the record as a financial transaction.

  • info.direction = "out", info.amount = 0.005, info.currencyCode = "BTC", info.currencyType = "crypto" — indicate an outgoing crypto withdrawal and the asset/amount.

  • applicant.paymentMethod.type = "crypto", applicant.paymentMethod.accountId — store the originating wallet/address on your side (e.g. internal wallet ID), while counterparty.paymentMethod.accountId can be used for the external destination wallet.

Internal P2P transfer between users



One user sends 200 USD from their wallet to another user on the same platform (P2P transfer). These operations must be monitored to detect structuring, mule accounts and circular transactions.

  • type = "finance" — classifies the record as a financial transaction

  • info.direction = "out" — indicates the sender's perspective, info.amount = 200, info.currencyCode = "USD" — indicates amount and currency.

  • applicant.externalUserId (sender) and counterparty.externalUserId (receiver) — user identifiers on the client side.

userPlatformEvent

Suspicious login pattern



A user has several failed login attempts from a new device and IP, followed by a successful login. These sequences may indicate credential stuffing or account takeover. Recording each event allows you to correlate unusual authentication behavior with subsequent financial or KYC actions, so you can react before any monetary loss occurs.

  • type = "userPlatformEvent" — denotes a behavioral/platform event, not a financial transaction.

  • userPlatformEventInfo.type = "login" ("failedLogin" as subtype for failed attempts) — differentiates between event kinds in rules.

  • applicant.device.ipInfo.ip, applicant.device.fingerprint — capture IP, device fingerprint for anomaly detection.

Password reset/2FA reset request



A user initiates a password reset or 2FA reset from an unfamiliar device and IP. Such events are critical for detecting attempted account takeover and should be monitored closely. When seen together with failed logins, new devices or high-risk geolocation, these resets can provide a strong signal that the account is compromised and further authentication is required.

  • type = "userPlatformEvent" — classifies the record as a platform event.

  • userPlatformEventInfo.type = "passwordReset" or "twoFaReset" — distinguishes security-sensitive actions from general logins.

  • applicant.device.ipInfo.ip, applicant.device.fingerprint, applicant.device.userAgent — capture detailed device and browser info for risk assessment.

kyc

New user sign-up



A new account appears on the platform. This event is used to detect sign-up spikes from risky IP ranges, devices reused across many accounts, and abuse of bonuses or referrals. Tracking sign-ups as platform events also gives you a complete timeline of the user lifecycle, enabling stronger risk models that combine origin, device reputation and subsequent behavior.

  • type = "userPlatformEvent" — classifies the record as a platform event.

  • userPlatformEventInfo.type = "signup" — explicitly marks the event as a sign-up.

  • applicant.device.fingerprint, applicant.device.ipInfo.ip — identify device/IP for later correlation.

travelRule

Withdrawal to an external VASP



A customer initiates a crypto withdrawal above the Travel Rule threshold to an external VASP. Before broadcasting the blockchain transaction, your platform initiates a Travel Rule data exchange to send originator information and receive beneficiary details.

  • type = "travelRule" — indicates that the transaction belongs to the Travel Rule data exchange flow rather than a standard financial transfer.

  • info.amount, info.currencyCode, info.cryptoParams.cryptoChain, info.paymentTxnId — describe the on-chain asset and amount, link the Travel Rule event to the blockchain transaction hash, and specify the crypto chain.

Updated 1 day ago