evaAI

• 

  eva AI chat

• 

  the upload form for suspicious message

• 

  medium payment (need to accept)

• 

  low risk payment

• 

  when eva find phising e-mail

• 

  when eva find a legit bunq e-mail

Inspiration

Every year, billions of euros are lost to scams: fake helpdesks, bank impersonation, lottery tricks, and social engineering. Often, the danger starts with a misleading incoming payment or a payment request designed to trick the user. We asked ourselves: what if every bank account had a guardian? Someone who never sleeps, speaks plain language, and identifies threats the moment they hit the account. That's Eva.

What it does

Eva AI is a real-time fraud detection assistant built into a banking interface. Every incoming payment is analyzed instantly by Claude Sonnet: scored for risk, classified by scam type, and either blocked automatically or flagged for the customer's attention. High-risk incoming transactions (such as those linked to lottery fraud or impersonation scams) are flagged before the user can be manipulated by them. Medium-risk payments are paused and shown to the user with a clear explanation. Eva also analyzes phishing screenshots and answers follow-up questions in plain, calm language: never alarming, always helpful.

How we built it

We built Eva on a Node.js/Express backend with WebSocket for real-time payment events, SQLite for transaction history, and the Anthropic API (Claude Sonnet 4.6) for all AI decisions. Every incoming payment runs through a single-step analysis pipeline: Claude receives the payment details, sender name, description, time of day, and the customer's last 30 transactions, then returns a risk score with a reason. On top of the AI score, we layered deterministic keyword floors for known scam phrases (such as "safe account" or "lottery winner") so that obvious scams are always caught even if the AI underscores. The frontend is a clean mobile-first chat UI built in vanilla HTML/CSS/JS, styled to feel like a trusted companion rather than a security tool.

Challenges we ran into

Getting the risk distribution right was the hardest part. Early versions flagged almost everything as high risk, which would make the tool useless in practice. We spent significant time calibrating the scoring prompt so that normal transactions score low, suspicious unknowns land in the middle tier, and real scam patterns reliably hit the top. We also had to handle the tension between speed and accuracy: users cannot wait 10 seconds for a payment decision. Optimizing the prompt length and token budget brought analysis time down to under 2 seconds.

Accomplishments that we're proud of

• A fraud detection pipeline that catches helpdesk fraud, bank impersonation, lottery fraud, and crypto scams based on incoming payment patterns with high accuracy.
• A UX that feels calm and human: never technical, never overwhelming.
• A layered safety net: AI judgment + deterministic keyword floors + amount anomaly detection working together.
• Real-time phishing image analysis: users can photograph a suspicious text or email and get an instant verdict.
• Medium-risk payments always require explicit human acknowledgment: the AI ensures the user is aware of the risk before they interact with the funds. * * * ## What we learned AI alone isn't enough for fraud detection: you need deterministic guardrails underneath. We also learned that prompt calibration is as important as model choice: the same model can be wildly over- or under-sensitive depending on how you frame the scoring guide. Most importantly, we learned that for any user, tone matters as much as accuracy. A technically correct warning that panics the user is just as harmful as missing the scam. * * * ## What's next for Eva AI
• Integration with real bunq accounts via the bunq API for live transaction monitoring.
• Multi-language support to protect diverse communities globally.
• Family guardian mode: a trusted contact who gets notified when a high-risk incoming payment is flagged.
• Voice interface so users who struggle with typing can still interact with Eva.
• Expanding the scam database with patterns from fraud reporting agencies and police.

Built With

• anthropic
• bunq
• bunq-api-ai-model:-claude-sonnet-4.6-(claude-sonnet-4-6)-frontend:-vanilla-html/css/js-(no-framework)-configuration:-dotenv-for-environment-variables
• css
• css-frameworks/runtime:-node.js
• dotenv
• express.js
• express.js-real-time:-websocket-(ws-library)-database:-sqlite-(better-sqlite3)-apis:-anthropic-api-(claude-sonnet-4.6)
• html
• javascript-(node.js)
• node.js
• runs-as-a-local-node.js-server-integrations:-bunq-sandbox-api-for-banking-functionality
• sqlite