Various electronic devices are configured to perform financial transactions such as exchanging value in an account (e.g., monetary value in a debit or credit account) for goods and/or services. Ensuring that these transactions are legitimate (e.g., are actually being conducted between the purported parties) is a matter of great concern. For example, a user of an electronic device may have an account with a bank or other financial institution. To request a transaction, the electronic device generate a transaction request and send the request to a server operated by the financial institution. The server may analyze the request and determine how likely it is to be legitimate. For example, the server can adjust a security score for the transaction (e.g., elevate a threat level if there are potential problems). Transactions with especially problematic scores can be analyzed for legitimacy and/or declined.