FINANCE

First-seen merchant and anomaly card alert

Watches the live Stripe Issuing feed for charges at never-before-seen merchants or sharp spend spikes, scores the risk, and pages finance via PagerDuty on high-risk hits.

CategoryFinance

Enginesim

Difficultyadvanced

Triggerwebhook

Steps5

Setup~25 min

How it runs

The automated pipeline, trigger to output.

TriggerStripe transaction-created webhookStripe
ActionLook up merchant history and baseline in PostgresPostgres
LogicScore risk from merchant novelty and spend deviation
ActionRecord transaction and update baseline in PostgresPostgres
OutputPage PagerDuty on high risk, else notify SlackPagerDuty

What it does

Monitors corporate-card activity for novelty and anomaly rather than fixed category rules. It flags the first charge ever seen at a given merchant, and transactions that spike well above a cardholder's normal pattern. Each hit is scored; low-risk novelties are logged quietly, while high-risk anomalies page the finance on-call so potential card misuse or fraud is caught fast.

When to use it

Use this alongside category-based policy when your real exposure is the unknown: a compromised card, a vendor a team quietly started using, or a sudden large purchase. It catches what a static denylist cannot.

How it works

1Stripe sends a transaction-created webhook for each new charge.
2The flow checks the merchant against the known-merchant history in Postgres and compares the amount to the cardholder's rolling baseline.
3A logic step assigns a risk score from novelty plus deviation.
4Every transaction and its score is recorded to Postgres, updating the baseline.
5Low and medium scores route to a Slack channel for awareness.
6High scores trigger a PagerDuty incident for the finance on-call.

Set it up

What you configure once, before turning it on.

1
Connect StripeCustomers, subscriptions, payments.
2
Connect PostgresAny Postgres URL — query, write, migrate.
3
Connect SlackChannels, DMs, threads, mentions.
4
Connect PagerDutyIncidents, on-call, escalations.
5
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
6
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
7
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Finance workflows

Month-End Uncoded Spend Chaser via Snowflake to Slack

On a month-end schedule, queries Snowflake for unaccrued or uncoded expenses, groups them by department owner.

Receipt Upload OCR Policy Check with Manager Escalation

When an employee drops a receipt into a Drive folder, it extracts the line items, checks them against expense policy.

Weekly Proration Anomaly Audit to Notion

Each week it aggregates all flagged proration discrepancies from Snowflake, scores them against anomaly thresholds, and publishes a finance-ready audit page in Notion with totals.

Accrual Chase Board in Monday with Per-Owner Tasks

On a schedule it reads open uncoded expenses from Snowflake and creates or updates a Monday item per department owner.

Detect Mid-Cycle Plan Change Mischarges and Queue Credit Memos

Listens for Stripe subscription plan changes, recomputes the correct prorated amount.

Draft and Send Proration Over-Billing Correction Emails

For each confirmed over-billing credit, an agent drafts a clear, customer-specific apology email explaining the proration error and the credit applied.

Browse all Finance →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Marketing

Content Marketing Agency

SEO, blogs, social, and reporting on autopilot.

E-commerce

E-commerce Operator

Listings, support, inventory, and ads — running 24/7.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →