Increasingly, private companies – including Twitter, airlines, and banks – find themselves in the frontline of fighting terrorism and other security threats, because they are obliged to mine and expel suspicious transactions. This analytical work of companies forms part of a chain, whereby transactions data are analysed, collected, reported, shared, and eventually deployed as a basis for intervention by police and prosecution. This article develops the notion of the Chain of Security in order to conceptualise the ways in which security judgements are made across public/private domains and on the basis of commercial transactions. Drawing on the work of Bruno Latour, this article understands the security chain as the set of practices whereby commercial transactions are collected, stored, transferred, and analysed, in order to arrive at security facts. Understanding the trajectory of the suspicious transaction as a series of translations across professional domains draws attention to the processes of sequencing, movement, and referral in the production of security judgements. The article uses the chain of financial suspicious transactions reporting as example to show how this research ‘thinking tool’ can work. In doing so, it aims to contribute to debates at the intersection between International Relations (IR) and Science-and-Technology Studies (STS).