GFDN (Global Fraud Defense Network)

Automated Realtime International Transaction Streaming AI Fraud Mitigation Pipeline for Financial Firms and Banks.

Comment

Inspiration

We set out to build an AI-first system that can spot and act on fraud anywhere in the world, in real time. The motivation came from how modern fraud unfolds across borders, devices, and payment rails within seconds. We wanted a platform that analysts can trust for instant signal, clear explainability, and hands-on control of the detection logic—without redeploys.

What it does

GFDN (Global Fraud Defense Network) continuously ingests transactions (simulated and live from Firebase), evaluates them through a configurable workflow, and emits decisions and insights to a live dashboard. Key capabilities:

  • Real-time detection: A streaming pipeline evaluates every transaction against a workflow of checks (geo, velocity, anomaly, AI) and emits APPROVE/FLAG/BLOCK.
  • Adaptive AI check: A Gemini-powered node adds contextual risk analysis for cross-border transfers, device changes, and high-risk payment methods.
  • Voice AI assistant: A Gemini + ElevenLabs chatbot answers analyst questions in natural language and can speak responses.
  • Global view: A 3D globe and live feed visualize where transactions originate, where they’re going, and which ones are risky.
  • Operator control: A visual Workflow Editor lets you add, reorder, and tune nodes; changes are saved to Firebase and applied instantly server-side.
  • Metrics and guidance: Live metrics, latency, and auto-generated suggestions surface bottlenecks and mitigation ideas.

How we built it

Architecture (JS end-to-end):

  +---------------------------+                              +-------------------------------+
  |          Frontend         |   WebSocket (Socket.io)      |            Backend             |
  |  React + Vite             |<---------------------------> |  Node.js + Express + Socket.io |
  |  - Workflow Editor        |                              |  - REST API                    |
  |  - Dashboard & Globe      |     REST (HTTPS)             |  - Workflow Engine             |
  |  - AI Assistant (voice)   | ---------------------------> |    executeWorkflow()           |
  |  - Socket.io Client       |   (save workflow, chat, etc) |    INPUT→GEO→VEL→ANOM→AI→DEC   |
  +-------------+-------------+                              |  - ChatbotService (Gemini)     |
                |                                            |  - VoiceService (ElevenLabs)   |
                |                                            |  - MetricsManager              |
                |                                            |  - TransactionGenerator        |
                |                                            |  - Firebase Watcher (/txn)     |
                v                                            +---------------+---------------+
        +-------+--------+                                                    |
        |   Firebase     |<---------------------------------------------------+
        | Realtime DB    |     Persist workflow, transactions, decisions
        | - /workflow    |
        | - /transactions|
        +-------+--------+
                |
                v
     +----------+-----------+
     |    External APIs     |
     |  - Google Gemini     |
     |  - ElevenLabs TTS    |
     +----------------------+

Flow (high level): 1) Transaction created (simulator or Firebase watcher) → executeWorkflow nodes → decision. 2) Decision + history persisted to Firebase and emitted to clients via Socket.io. 3) Frontend updates metrics, live feed, and globe in real time. 4) Analyst edits workflow → POST /api/workflows/active saves middle nodes → backend wraps with INPUT/DECISION and hot-swaps. 5) Analyst chats (text/voice) → Gemini generates text → ElevenLabs synthesizes audio → response returned to UI.

  • Backend: Node.js + Express + Socket.io serve APIs, run the workflow engine, and push live updates.

    • Workflow engine: Nodes are composed in order: INPUT → GEO_CHECK → VELOCITY_CHECK → ANOMALY_CHECK → GEMINI_CHECK → DECISION. Each node returns CONTINUE/FLAG/BLOCK with reasons; DECISION finalizes APPROVE/FLAG/BLOCK.
    • AI integration: Google Generative AI (gemini-2.5-flash) provides contextual reasoning inside the GEMINI_CHECK node and powers the chatbot. Conversation memory stores the last 10 Q/A turns per session for continuity.
    • Voice integration: ElevenLabs converts chatbot text to high-quality speech (model: eleven_multilingual_v2). If no API key, we gracefully fall back to text-only.
    • Data layer: Firebase Realtime Database stores workflow configuration and transactions. A watcher on /transactions calls the workflow for every new/updated record and persists the decision trail.
    • Validation & normalization: zod validates incoming payloads (e.g., /api/transactions/manual) and normalizes fields (currency casing, timestamps, route display) before processing.
    • Simulator: A TransactionGenerator produces realistic traffic (toggle via ENABLE_SIMULATOR env). All transactions go through the same workflow path as live data.
    • Observability: We collect per-decision counters, moving latency, and retain a recent transaction buffer; results are broadcast over Socket.io.

  • Frontend: React + Vite for a real-time analyst dashboard.

    • Workflow Editor (React Flow): Drag-and-drop nodes, edit JSON configs, and save. We auto-wrap with system INPUT/DECISION nodes and auto-connect edges to keep flows valid.
    • Dashboard & Globe: Live feed, country-to-country routes, and status badges; metrics update continuously via web sockets.
    • AI Assistant: A chat panel with voice mode; supports speech synthesis via ElevenLabs and browser speech recognition for input.
    • State: Lightweight global state via Zustand; socket hooks keep the UI reactive.

APIs and events of note:

  • GET /api/workflows/active — returns the active (system-wrapped) workflow
  • POST /api/workflows/active — saves middle-node workflow to Firebase and hot-swaps server workflow
  • POST /api/transactions/manual — validates and enqueues a manual transaction (zod schema)
  • GET /api/transactions/live — consolidated view of Firebase transactions with last workflow result
  • POST /api/chat — Gemini-backed text chatbot with session memory
  • POST /api/chat/voice — Text + speech response; returns base64 audio when ElevenLabs is configured
  • Socket events — metrics:update, suggestions:update, transaction:new, transaction:seed, workflow:update

Challenges we ran into

  • Real-time state sync: Keeping Firebase state, server workflow, and the React Flow editor consistent required a “middle-node only” persistence model with server-side system wrapping (INPUT/DECISION) to avoid user mistakes breaking the execution chain.
  • Voice pipeline reliability: Ensuring smooth TTS generation and playback while gracefully handling missing credentials or network hiccups; we implemented fallbacks to text-only responses.
  • Schema correctness: Validating and normalizing varied manual/live transaction formats (locations, currency casing, timestamps) with zod while staying compatible with Firebase’s JSON constraints.
  • Deterministic decisions under concurrency: Velocity checks with in-memory caches needed careful handling to avoid race conditions and to keep results explainable (history trail per transaction).
  • Developer ergonomics: We wanted hot-reloadable changes to the workflow without restarts; saving to Firebase triggers a server re-wrap and cache clear so new logic applies immediately.

Accomplishments that we’re proud of

  • End-to-end real-time loop: From ingestion (sim + Firebase) → workflow → persisted decision → live socket broadcast → UI updates, with per-transaction history and latency tracked.
  • Visual, safe workflow editing: The editor auto-adds system nodes and edges so analysts can experiment without breaking execution, and the server enforces the same constraints.
  • AI voice assistant with memory: Natural conversations that remember the last 10 exchanges, optionally spoken back via ElevenLabs for a hands-free analyst experience.
  • Clear explainability: Each node contributes a step with status and reason; final decisions include triggeredBy and joined reasons for FLAGS.
  • Robust fallbacks: If Gemini or ElevenLabs aren’t configured, the system continues to function with helpful defaults and messages.

What we learned

  • AI + real-time systems need thoughtful guardrails: deterministic fallbacks, memory limits, and strict validation prevent subtle failures.
  • Operator UX is critical: a visual editor with safe defaults and auto-connections encouraged rapid iteration on fraud strategies.
  • Observability pays off: lightweight metrics (counts, latency, recent buffer) made it fast to tune thresholds and verify changes.
  • Voice is a force multiplier: pairing concise AI summaries with audio makes monitoring less fatiguing during high-volume periods.

What’s next for GFDN (Global Fraud Defense Network)

  • ML-driven signals: Train statistical/ML models on historical data for risk scoring and anomaly baselines; surface model attributions in the history panel.
  • Deeper fintech integrations: Connect to real payment/issuer APIs for production-grade ingestion and decisioning (webhooks and idempotent processing).
  • Streaming speech: Low-latency, chunked TTS and server-side STT for more natural conversational monitoring.
  • Multi-tenant controls: Per-tenant workflows, role-based access, audit logs, and configuration versioning with rollback.
  • Cloud deployment & SRE: Containerization, infra-as-code, autoscaling, and dashboards for SLOs (latency/availability) and drift detection.
  • Policy/testing framework: Unit tests for each node, golden tests for workflows, and staged rollouts with shadow evaluation.

Built With

Share this project:

Updates