duress-security-system(DSS)

AI-powered panic mode for banking apps - fake interface fools attackers, real protection saves lives.

Comment 2

Duress Security System (DSS)

Inspiration

The inspiration struck during a conversation about banking security vulnerabilities. Traditional fraud prevention focuses on detecting suspicious transactions after they occur, but what happens when someone is physically coerced into making transfers? Stories of ATM robberies and forced banking transactions made me realize we needed a fundamentally different approach ,not just detecting threats, but actively protecting users in real-time dangerous situations through intelligent deception.

What it does

DSS creates a "panic mode" for banking applications using AI-powered deception. Users register with two passwords: their regular password for normal banking, and a duress password for emergency situations. When the duress password is entered, the system:

  • Instantly switches to a convincing fake banking interface
  • Displays AI-generated fake account balances and transaction histories
  • Allows "transfers" of fake money to satisfy attackers
  • Silently collects evidence and alerts authorities and send to the email, i used local email for this test purposes(mailhog)
  • Maintains identical UI/UX so the deception appears authentic.

The attacker sees what looks like a real banking session while the user safely escapes with their actual funds untouched.

How we built it

Built on Google Kubernetes Engine with a microservices architecture, DSS operates as an intelligent security layer without modifying existing bank of anthos api rather comunicating to it viz the mcpclient :

Core Architecture:

  • Authentication Gateway: Dual password validation and user routing
  • Decoy Orchestrator: Manages fake banking interface and data consistency
  • Security Monitor: Real-time threat detection and evidence collection
  • Data Generator: AI-powered realistic fake financial data creation
  • Alert System: Multi-channel emergency response coordination

Key Technologies:

  • GKE: Container orchestration and scaling
  • Google Gemini AI: Intelligent fake data generation with personaliz ed spending patterns
  • Agent Development Kit (ADK): Building cooperative AI agents
  • A2A Protocol: Agent-to-agent communication for coordinated responses
  • Model Context Protocol (MCP): Secure API communication with existing banking services
  • Javascript: Programming language used for the micro backend created and the frontend too

AI Intelligence: The system uses Gemini AI to analyze real user spending patterns and generate mathematically consistent fake financial histories. Each fake transaction, balance, and merchant interaction is crafted to match the user's authentic behavior, making the deception completely believable. and in real application, the transfer might be locked in a kind of pending mode which mock a network issues so that the approach won't be misued/abused for fradulent activites

Challenges we ran into

Data Authenticity: Creating fake financial data that's convincing required deep analysis of spending psychology. The AI needed to understand not just transaction amounts, but timing patterns, merchant preferences, and seasonal behaviors. So the algorithm was quite buggy on the many instance

Response Time Consistency: Ensuring fake banking responses matched real system performance was crucial - any delay could reveal the deception. We optimized caching strategies and AI inference to maintain sub-200ms response times.

Security Architecture: Building a system that protects users while maintaining evidence integrity posed complex encryption and audit trail challenges. Every security event needed immutable logging without compromising user safety.

Future Fraudulent: Even Though this can be used wrongly or misunderstood in the future, hence supporting fake transfers and lot of money scam, but a banking operator or merchandise that will go this route, should make sure all dss transfers are in pending state and not successful to aviod story that touches.

Agent Coordination: Implementing seamless A2A communication between multiple AI agents required sophisticated message passing and consensus mechanisms to ensure coordinated responses.

Accomplishments that we're proud of

  • Deploying of the Dss cluster on the GKE engine - After rigorus up and downs, i was able to successfully deploy the Dss application alongide the MCP client to communicate with the existing BOA microservices

  • ** Gemini AI Smart financial analysis and data generation ** - Gemini was able to monitor user finacial spending and generate fake data for the purpose of convincing robbers or threat against fake alert transfer

What we learned

AI Personalization Complexity: Understanding human financial behavior patterns is incredibly nuanced. Simple randomization creates obviously fake data, but AI-driven personalization based on real patterns creates convincing deception.

Security vs Usability Balance: The most secure system is useless if people can't use it under stress. Every design decision prioritized user experience during high-stress situations.

Microservices Orchestration: Coordinating multiple AI agents across distributed services taught us valuable lessons about event-driven architectures and service mesh communication patterns.

Ethical Technology Design: Building deception technology requires careful consideration of use cases, safeguards, and responsible deployment practices.

What's next for Duress Security System (DSS)

Enhanced AI Capabilities: Integrate more sophisticated behavioral analysis using advanced ML models to detect duress situations automatically, even without explicit duress password usage.

Multi-Modal Security: Expand beyond banking to protect other financial apps, cryptocurrency wallets, and digital payment systems with similar panic mode functionality.

Biometric Integration: Add voice stress analysis, typing pattern changes, and other biometric indicators to automatically trigger protection modes.

Global Emergency Integration: Build partnerships with international emergency services and law enforcement for coordinated response protocols.

Open Source Framework: Develop a standardized duress protection framework that any financial institution can implement, creating an industry-wide safety standard.

Compliance Certification: Work toward regulatory approval and security certifications to enable widespread adoption across banking institutions.

** Mobile App Integration** It will not be used on website, maybe admin dashboard, grafana loggings and alert might still remain web based, more functionalities will stay on the mobile app, hence bringing about more confindence from the user

The ultimate vision is making DSS a standard security feature in all financial applications, turning a moment of vulnerability into an opportunity for protection and justice.

Share this project:

Updates