Payment limit & velocity controller
|
|
| ID |
MOD-021 |
| System |
SD04 |
| Repo |
bank-payments |
| Build status |
Deployed |
| Deployed |
Yes |
| Last commit |
178e49975435ec5926a3b4f612f5d9ee9efc8495 |
Enforces per-customer payment limits and velocity rules in real-time before any payment is executed. Supports six limit types: per-transaction, daily, weekly, monthly, 30-day rolling, and approval-threshold (FR-125 through FR-128). Limits are configured per-customer, per-payment-type, and per-channel with full audit history (FR-126). When a payment would breach a limit, the module returns a FAIL decision immediately with the breaching limit type and attempted/allowed values; it also emits bank.payments.limit_breach_detected for AML-005 structuring signal delivery. When a payment exceeds the approval threshold, it emits bank.payments.approval_required to trigger MOD-062's multi-step approval workflow. All limit check decisions are idempotent via a shared payments.idempotency_keys table. Limit checks are optimised for NFR-025 (p99 ≤ 20ms against active limits); alarms are provisioned for NFR-020 operational visibility.
Module dependencies
Depends on
| Module |
Title |
Required? |
Contract |
Reason |
| MOD-002 |
Immutable transaction log |
Required |
— |
Reads the transaction log to calculate cumulative velocity and enforce period-based limits. |
| MOD-104 |
AWS shared infrastructure bootstrap |
Required |
— |
AWS shared infrastructure provisioned by MOD-104 (EventBridge buses, S3, KMS, Kinesis, Cognito) is required before this module can be deployed. |
| MOD-103 |
Neon database platform bootstrap |
Required |
— |
Neon database and schema provisioned by MOD-103 must exist before this module can read or write Postgres. |
Required by
| Module |
Title |
As |
Contract |
| MOD-020 |
Pre-payment validation suite |
Hard dependency |
— |
| MOD-078 |
Card & account controls |
Hard dependency |
— |
Policies satisfied
| Policy |
Title |
Mode |
How |
| PAY-005 |
Payment Fraud Prevention Policy |
GATE |
Velocity limits prevent account takeover fraud patterns — enforced automatically |
| AML-005 |
Transaction Monitoring Policy |
ALERT |
Structuring detection assisted by velocity rules — rapid small payments flagged |
| CON-005 |
Fee & Pricing Transparency Policy |
AUTO |
Customer-set limits honoured immediately — no delay between setting and enforcement |
Capabilities satisfied
| Capability |
Title |
Mode |
How |
| CAP-015 |
Spending limits & card controls |
GATE |
Blocks any payment that would breach the customer's configured spending limit before execution. |
| CAP-010 |
Apple Pay & Google Pay |
AUTO |
Applies velocity limits and card controls to digital wallet token payments (Apple Pay, Google Pay) in the same enforcement path as physical card transactions. |
| CAP-042 |
Fee-free international transfers up to threshold |
AUTO |
Tracks cumulative international transfer volume against the fee-free threshold and flags breaches — the no-fee treatment is applied by MOD-110 but MOD-021 enforces the threshold gate. |
Part of SD04 — Payments Processing Platform
Compiled 2026-05-22 from source/entities/modules/MOD-021.yaml