Confirmit

ConfirmIT is the Truecaller for bank accounts. We build Africa's decentralized trust layer, using crowdsourced intelligence and Hedera to turn the gamble of P2P payments into absolute certainty.

Comment

ConfirmIT: The Decentralized Trust Layer for the African Internet

Inspiration

The story of African digital commerce is a story of incredible hustle and exponential growth, crippled by a single, catastrophic flaw: the trust deficit. Today, when we transact online, we are flying blind. We send money into the void (clueless account), then we hope and pray nothing goes wrong.

The story here isn't a theoretical friction, it is a bleeding wound, that's hitting us in the most visceral way possible. Few months ago, a close friend, Victor, found a MacBook on Instagram for ₦2.5 million (~$2000). He did everything the modern consumer is taught to do: he checked the vendor's page, scrolled through thousands of followers, read the glowing reviews, and even jumped on a live video call with the seller. Confidently, he transferred the ₦2.5 million.

The very moment the money hit the destination account, the illusion shattered. The seller blocked him on WhatsApp. The phone number was disconnected. The Instagram page vanished into thin air. The money was gone in a blink.

The most terrifying realization was not even the theft itself, but the architecture of the theft. Victor did everything right, yet there was literally nothing he could have done differently with the tools available. When someone hands you a 10-digit bank account number, you have no way to interrogate it. You cannot call the bank to ask if the account has a history of fraud. You are utterly defenseless.

Because of this exact systemic failure, over 5 billion Naira is lost to peer-to-peer fraud every single year in Nigeria ALONE. We realized we aren't fighting isolated criminals; we are fighting a profound lack of information symmetry. We decided it was time to rebuild the foundation of trust.

What it does

ConfirmIT shifts the paradigm of digital commerce from "trust me" to "verify me." We are a comprehensive infrastructure layer, a Truecaller for bank accounts, that empowers users to instantly assess the risk of any transaction before a single dime leaves their pocket.

By inputting a destination account number into ConfirmIT, users receive a definitive, 3-second verdict on the safety of that account. But we are more than just a search bar; we are a curated ecosystem that protects consumers, validates honest merchants, and escrow-locks high-stakes trades.

How it works

To effectively eradicate fraud, ConfirmIT deploys an orchestrated, three-tiered defense mechanism that leaves no blind spots:

1. Crowdsourced Intelligence (The Shield for the Unsuspecting) We democratize fraud detection. If an account has scammed someone, the victim reports it to us. Because we cannot rely on siloed bank databases, we build our own. We securely hash the fraudulent account details and flag it. The next person who searches that exact account number sees a glaring red flag instantly. One person's loss becomes the collective protection of the entire continent.

2. Cryptographic Business Verification (The Green Light for Commerce) Honest businesses suffer deeply from this trust deficit, losing customers simply because they cannot differentiate themselves from scammers. ConfirmIT gives them a way to prove their legitimacy. When a business registers with us, we rigorously evaluate their real-world data (Corporate Affairs Commission documents, physical address, owner identity) AND we collect their bank account details, which are securely hashed into our database.

The magic happens at the point of sale. Imagine meeting a vendor online. They give you their account number. You search that exact account number on ConfirmIT. Because they are verified with us, the system instantly lights up green. We present you with their blockchain-anchored Trust ID NFT. We give you the absolute certainty to transact with your eyes closed.

3. The Hedera Escrow Vault (Our Ultimate Moat) What happens when a vendor isn't registered and has no fraud history? You are dealing with an unknown entity, which is the case 90% of the time. We don't ask you to walk away. Instead, we introduce our Moat: The Escrow Vault.

With a click, the buyer generates a secure Hedera Escrow Vault and funds it. The money does not go to the seller, nor does it go to us, it is mathematically locked. The seller sees the funds are secured and verified, granting them the confidence to dispatch the item. We engineered a Zero-Knowledge PIN Handshake to finalize the deal. Our smart contract secretly issues the buyer a 4-digit release PIN. When the delivery arrives and the buyer is satisfied, they hand the PIN to the vendor. The vendor enters it into the portal, the Hedera contract cryptographically validates it, and the funds are instantly released. No chargebacks. No disputes. Just definitive settlement.

How we built it

We architected ConfirmIT to be a high-performance, fault-tolerant infrastructure capable of handling the velocity of modern fintech:

  • The Core Infrastructure: Our foundation runs on a highly optimized NestJS backend, orchestrated via Google Cloud Platform (GCP) for elastic scaling and high-availability. We utilize Firebase Admin for blazing-fast, real-time state synchronization across our expanding database.
  • The Financial Rails: We integrated Paystack (Africa leading payment gateway, Now own by Stripe) to handle seamless fiat on-ramping and off-ramping, seamlessly bridging the gap between local Nigerian bank accounts and our digital trust layer. We also introduced CTT (ConfirmIT Transaction Token) as our internal unit of account, enabling fluid micro-transactions, escrow fee deductions, and user rewards for validated fraud reporting.
  • The Hedera Superpowers: ConfirmIT is inherently decentralized. We utilize the Hedera Consensus Service (HCS) for immutable, tamper-proof audit logs of every fraud report. We leverage the Hedera Token Service (HTS) to mint unforgeable Trust ID NFTs for verified businesses. Finally, our Escrow Vaults utilize Hedera's native capabilities for testnet settlement, guaranteeing <3 second finality.
  • Multi-Agent AI Forensics: To resolve disputes and validate evidence, we deployed a Python Fast API microservice running 5 specialized AI agents concurrently, Vision, Forensic, Metadata, Reputation, and Reasoning, capable of detecting Photoshop manipulations and spoofed receipts in milliseconds.

Challenges we ran into

Building an infrastructure of this scale presented profound engineering and philosophical hurdles:

1. The O(1) Proximity-Aware Search Engine In building the ConfirmIT Marketplace, where users can search for an item and instantly see verified sellers, we needed a search engine that was both location-aware and blazingly fast. Attempting to cross-reference real-time user location with thousands of hashed, verified merchant profiles threatened to create massive latency. We had to engineer a highly optimized geospatial indexing system that could deliver localized, trusted results almost instantly, approaching a time complexity of Big O of (O(log N)).

2. The Trust Paradox How does the public trust an entity that claims to be the arbiter of trust? If our central database is compromised, the entire premise fails. We solved this by implementing Bidirectional Verification. By connecting directly to public Hedera Mirror Nodes, we allow any user or third-party auditor to mathematically verify that the fraud reports and Trust Scores shown on our UI perfectly match the immutable on-chain ledger.

3. The 100-Byte Metadata Constraint We wanted our Trust ID NFTs to carry rich, detailed business credentials, but Hedera's HTS imposes a strict 100-byte limit on token metadata. To bypass this without losing decentralization, we engineered a custom pipeline: we generate a comprehensive JSON metadata file (HIP-412 compliant), hash it, upload it to a secure CDN (Cloudinary), and anchor the shortened, hashed URI to the NFT.

Accomplishments that we're proud of

We are immensely proud that we have transcended the "idea phase" and built a fully functional ecosystem. We successfully orchestrated the complex dance between web2 fiat gateways (Paystack) and decentralized web3 consensus (Hedera). We are proud of engineering the Zero-Knowledge PIN Handshake, a painfully elegant solution to the notoriously messy problem of physical goods delivery and digital payment settlement. Ultimately, we are proud that our platform can deliver a cryptographically secure verdict on a bank account in under 3 seconds.

What we learned

We learned that the underlying disease of African e-commerce is not a lack of morality, but a lack of information. Scammers operate efficiently because the data regarding their crimes is permanently trapped in silos, hidden inside individual bank ledgers or gathering dust in police filing cabinets. By breaking down these silos and turning private tragedy into public intelligence, we learned that a decentralized trust layer has the power to unlock billions of dollars in dormant economic potential that is currently paralyzed by fear.

What's next for ConfirmIT

We are aggressively preparing to scale:

  • Mainnet Migration & Live APIs: We are finalizing our transition from the Hedera Testnet and sandbox environments directly onto the Mainnet, fully activating our live financial integrations.
  • Aggressive Market Penetration: We will execute a soft launch coupled with a highly targeted marketing campaign. We aim to capture the epicenter of African e-commerce by deploying highly engaging, relatable video ads across TikTok, Facebook, and X.
  • Platform Embedded SDKs: We plan to abstract our core technology into a Mobile SDK, allowing massive marketplaces and social platforms to embed the "ConfirmIT Check" button natively within their own chat interfaces.

INNOSpark Specific Requirements Alignment

1. The Problem

What problem are you solving, and why does it matter? We are solving the catastrophic crisis of peer-to-peer (P2P) transaction fraud in emerging markets. In economies heavily reliant on direct bank transfers for everyday commerce, consumers are forced to send money based entirely on blind faith. This matters because trust is the bedrock of transaction velocity. When buyers live in fear of being scammed, everyday commerce slows down, legitimate businesses are starved of revenue, and immense economic potential is bottlenecked.

Who is most affected, and how does it impact their lives today? Two groups are profoundly affected. First, the everyday consumer, particularly the youth and working class, for whom a loss of ₦50,000 or ₦2.5M is not an inconvenience, it is a devastating, life-altering financial wipeout. Second, the honest micro, small, and medium enterprises (MSMEs). These legitimate businesses lose an estimated 30-40% of their potential sales simply because they have no credible, unforgeable way to prove to a skeptical buyer that they are not a scammer operating behind an Instagram handle.

Why hasn't it been solved yet? It remains unsolved because existing institutions treat the symptom, not the cause. Banks possess fraud data, but strict privacy laws and intense competition prevent them from sharing this intelligence across institutional lines. Law enforcement is profoundly under-resourced and treats cyber-fraud retroactively. Identity verification startups verify who a person is (KYC), but checking a government ID does not predict malicious intent. The problem remains unsolved because until ConfirmIT, no one had built a unified, crowdsourced, cross-banking infrastructure to assess behavioral risk prior to the transaction.

2. Your Solution & Venture

What is your company, nonprofit, or project? ConfirmIT is a decentralized trust and settlement infrastructure, acting as the "Truecaller for Bank Accounts." We secure the African internet by providing definitive risk intelligence and trustless escrow services.

Describe your product, service, or initiative We provide a web-based platform featuring a real-time risk diagnostic search engine for bank accounts, a merchant verification portal that issues Hedera-backed Trust ID NFTs, a peer-to-peer Escrow Vault system leveraging cryptographic PIN-release handshakes, and a curated Marketplace of verified sellers.

What makes your approach unique or different? We are the first platform to crowdsource financial fraud intelligence across the entire banking sector, completely circumventing institutional silos. Rather than trying to verify a human face, we directly verify and flag the destination bank account. Furthermore, by anchoring our verification certificates on the Hedera Hashgraph, we grant honest businesses "Proof of Legitimacy" that is mathematically unforgeable, a leap far beyond easily photocopied government documents or manipulated marketplace reviews.

Who is your target audience, and how will you reach them? Our immediate target audience comprises Gen Z and Millennial digital natives in Nigeria who frequently engage in social commerce on platforms like Instagram, WhatsApp, and X. We will reach them through aggressive, highly relatable, narrative-driven viral video campaigns on TikTok and Instagram, capitalizing on the shared cultural trauma of P2P scams to drive rapid, word-of-mouth adoption.

What's your plan to grow or sustain this venture? Our plan operates on two horizons. In the short term, our B2C model offers a free tier to bootstrap our database, driving user acquisition while charging a minimal subscription fee (₦15,000/year) to businesses seeking the "Verified" Trust ID status. As we cross the critical mass threshold, our primary B2B revenue engine activates: we will monetize our API, charging major African fintechs (like OPay, Moniepoint) per-call to query our fraud database during their internal transaction routing, essentially becoming the invisible security layer for the entire digital economy.

Any early traction, research, or interest you've received? We have successfully developed a fully functional, end-to-end working prototype that integrates Next.js, Firebase, Paystack, and the Hedera SDK. The framework is processing live state changes on the Hedera testnet. Extensive market validation interviews with over 50 social commerce vendors revealed that 92% consider "customer hesitation due to fear of fraud" to be their primary bottleneck to sales, validating our core hypothesis and the intense market demand for our infrastructure.

3. Your Story

Why does this problem matter to you personally? / How did you have this idea? The genesis of ConfirmIT was born out of sheer frustration and profound empathy. A close friend, Victor, was saving for months to purchase a MacBook for his developmental work. He found a vendor online, conducted exhaustive due diligence—checking reviews, visiting social pages, even engaging in a live video call. When he transferred the ₦2.5 Million, he was blocked instantly. The money vanished.

Witnessing the devastation of a brilliant young person who did everything right, yet was totally unprotected by the system, was agonizing. It sparked an obsessive realization: if a highly educated individual could be so easily defrauded because of a systemic lack of information symmetry, the entire digital economy of the continent was built on sand. We refused to accept that "sending money and praying" was the best technology could offer. We realized we possessed the architectural knowledge to build the definitive solution, and ConfirmIT was born.

4. Our Ask

What do you want from the judges? (Feedback, mentorship, funding, connections?) We are approaching the INNOSpark judges for robust, uncompromising Feedback on our go-to-market strategy for the B2B API integrations. We seek Mentorship from industry leaders capable of guiding us through the treacherous regulatory landscapes of African fintech. We are asking for the grand prize Funding to transition our infrastructure from the testnet into full production on the Hedera Mainnet, scaling our cloud architecture and funding our aggressive TikTok/X launch campaigns. Most critically, we seek Connections to decision-makers within major payment processors—our ultimate goal is not just to build an app, but to integrate ConfirmIT as the baseline security protocol for every digital transaction in the global south.

Built With

  • cloudinary
  • fastapi
  • firebase
  • framer-motion
  • google-cloud-platform-(gcp)
  • google-generative-ai-(gemini)
  • hedera-consensus-service-(hcs)
  • hedera-hashgraph
  • hedera-token-service-(hts)
  • nestjs
  • opencv
  • paystack-payments-api
  • redis
  • shadcn-ui
  • socket.io
  • tailwind-css
  • typescript
  • vite-react
  • zod
  • zustand
Share this project:

Updates