-
-
Consumer view
-
Controlled mock demo scenarios
-
Landing page
-
Non-suspicious activity in mock third-party app
-
Analyst dashboard showing detailed API activity and reasoning for blocks
-
Suspicious activity in mock third-party app being blocked
FraudFlow — Submission Write-Up
Inspiration
Canada's Open Banking framework is expected to launch in 2026. Most of the discussion focuses on user consent and data sharing, but there is another risk that receives less attention: what if the apps themselves are malicious?
Traditional fraud detection systems monitor what users do with their money. We asked a different question: what if you monitored how fintech apps behave at the API layer, before any financial damage reaches the consumer?
That idea became FraudFlow — a middleware security layer designed to monitor and control how third-party apps interact with bank APIs.
Product Summary
FraudFlow is an AI-powered fraud detection middleware that sits between a bank's Open Banking API and third-party fintech apps. Every API request from an app passes through FraudFlow before the bank processes it.
Instead of only detecting suspicious transactions, FraudFlow detects suspicious app behavior. It analyzes how an app interacts with the banking API and determines whether that behavior matches what a legitimate fintech service should be doing.
When an API request comes in, FraudFlow:
- Intercepts the request at the gateway layer
- Logs the request and analyzes behavior patterns
- Generates risk signals based on activity patterns
- Looks up historical incidents for similar behavior
- Uses an AI model to reason about the situation
- Decides to APPROVE, FLAG, or BLOCK the request
This prevents malicious or compromised fintech apps from accessing sensitive financial data or initiating risky actions.
FraudFlow surfaces these results through two dashboards:
Consumer Dashboard
- Shows connected fintech apps
- Displays trust scores and permission levels
- Alerts users when suspicious activity occurs
Analyst Dashboard
- Provides a live feed of API activity
- Shows risk-ranked apps and decisions
- Allows analysts to inspect fraud events in detail
To demonstrate the system clearly, we built interactive demo scenarios where a simulated fintech app triggers suspicious activity. The request flows through the full fraud detection pipeline, and users can watch the decision process unfold step-by-step through an animated visualization.
The key innovation is shifting fraud detection from transaction monitoring to application behavior monitoring, allowing threats to be stopped before financial damage occurs.
Technology Stack
Languages
- Python: backend API and fraud detection pipeline
- TypeScript: frontend application
- SQL: database queries via ORM
Backend
- FastAPI: API server and middleware layer
- SQLModel + SQLite: database and ORM
- Uvicorn: ASGI server
- Anthropic Python SDK: AI reasoning using Claude
The backend is structured into four main modules:
- Gateway: intercepts and logs API calls
- Profiler: generates risk signals from app behavior
- Memory: stores and retrieves past fraud patterns
- Agent: calls the AI model and produces the final decision
Core data models include:
AppProfile, APICallLog, RiskSignals, FraudDecision, and AlertEvent.
Frontend
- React + TypeScript: main UI framework
- Vite: development server and build tool
- Tailwind CSS: styling
- shadcn/ui: UI component library
- Framer Motion: animated fraud decision timeline
- Axios: typed API client
The frontend includes:
- Landing page
- Demo scenario runner with animated decision pipeline
- Consumer dashboard
- Analyst dashboard
Platforms
- Anthropic API (Claude) for fraud reasoning and explanations
- Local FastAPI server simulating a bank Open Banking API
Was more than 70% of the code generated by AI?
Yes, approximately 75%.
Log in or sign up for Devpost to join the conversation.