Definition
Transaction Security is a Setup feature in Salesforce Shield that allows administrators to create policies that monitor real-time events and take automatic action when suspicious activity is detected. Policies can block actions, require multi-factor authentication, freeze users, or send notifications based on conditions like data export volume or login location.
Real-World Example
The security admin at Granite Financial creates a Transaction Security policy that monitors report export events. If any user exports a report containing more than 10,000 records, the policy requires them to complete an MFA challenge before the download proceeds. If a user attempts to export more than 50,000 records, the policy blocks the action entirely and alerts the security team.
Why Transaction Security Matters
Transaction Security is a feature within Salesforce Shield that enables administrators to create real-time monitoring policies that detect and respond to suspicious activities as they happen. Policies can monitor events like report exports, data downloads, logins from unusual locations, and API access patterns. When a policy condition is met, the system can take immediate action: blocking the operation, requiring multi-factor authentication (MFA) to proceed, freezing the user account, sending an alert notification, or executing a custom Apex policy class for complex logic. This provides a proactive security layer that goes beyond static permissions.
As organizations handle increasingly sensitive data — financial records, healthcare information, PII — Transaction Security becomes essential for compliance and breach prevention. Traditional security models rely on upfront permissions, but they cannot detect anomalous behavior after a user is authenticated. A user with export permissions might normally download 100 records but suddenly exports 50,000 — Transaction Security catches this anomaly in real time. Organizations in regulated industries use these policies to demonstrate compliance with standards like SOC 2, HIPAA, and GDPR. Without Transaction Security, data exfiltration or unauthorized bulk operations often go undetected until after the damage is done.
How Organizations Use Transaction Security
- Granite Financial — Granite's security admin creates a Transaction Security policy that monitors report exports. Exporting more than 10,000 records triggers an MFA challenge, and exports over 50,000 records are blocked entirely with an alert to the security team. In the first month, the policy catches an employee attempting to export the entire client database before giving their two-week notice.
- MedSecure Healthcare — MedSecure implements a Transaction Security policy that monitors login events. Any login from outside the United States triggers an MFA requirement, and logins from countries on their blocklist are blocked outright. This policy prevented 23 unauthorized access attempts from overseas IP addresses in its first quarter, all using compromised credentials from a phishing attack.
- TrueNorth Data Solutions — TrueNorth creates a custom Apex Transaction Security policy that evaluates multiple risk factors simultaneously — time of day, user role, record count, and device type. If the combined risk score exceeds a threshold, the action is blocked and a Slack notification is sent to the security channel. This multi-factor approach catches subtle exfiltration patterns that single-condition policies would miss.