Inspiration
🚨 The Problem: Payroll Diversion Attacks
Hackers aren't just stealing passwords anymore; they are bypassing login gates completely using session hijacking and social engineering. Once inside a standard HR portal, they silently change an employee's Direct Deposit routing number, effectively stealing their entire paycheck.
Current Solutions Fail Because:
- They rely on "annoying" binary security (MFA every time, causing user fatigue).
- Their audit logs are stored in standard databases—meaning a hacker (or compromised admin) can just delete the log to cover their tracks.
- Security analysts are flooded with raw data and false-positive "rules", lacking the context to act quickly.
✨ The Solution: PayrollGuard
PayrollGuard wraps the highest-value action (the money transfer) in an intelligent, friction-less Zero-Trust vault.
1. 🔗 Cryptographically Secure Audit Trails (Tamper-Proof)
We implemented a blockchain-inspired hash-chaining system for all security events. Every Direct Deposit change is cryptographically hashed with the signature of the previous event.
- If a bad actor alters or deletes a single database record to hide a fraudulent routing number, the entire chain breaks.
- The Admin Dashboard instantly detects the broken hash and flags the tampering. It is mathematically impossible to silently cover your tracks in PayrollGuard.
2. 🧠 Context-Aware AI Threat Engine
Instead of bombarding security teams with raw SQL data and "Error Code 402" alerts, we use Google Gemini AI.
- Gemini translates complex threat telemetry (IP distances, velocity, device fingerprints) into human-readable attack narratives.
- Analysts see: "Medium Risk: Employee logged in from a novel IP in a different country and attempted a direct deposit change within 10 minutes of a password reset."
- Incident response drops from hours of investigation to seconds of comprehension.
3. 🛡️ Dynamic, Frictionless "Zero Trust" Risk Scoring
We balance intense security with seamless user experience:
- Low Risk (Familiar device & IP): Auto-approved. Zero friction.
- Medium Risk (Suspicious velocity): Dynamically injects an OTP email challenge or requires Manager Multi-Approval routing.
- High Risk (Clear Account Takeover): Instantly blocks the action, locks the account, and automatically generates a high-priority Fraud Ticket for the security team.
💻 Tech Stack
- Frontend Engine: React 18, Vite, Vanilla CSS (Glassmorphism UI)
- Backend Architecture: Node.js, Express.js
- Database: MongoDB & Mongoose (NoSQL Document Store)
- AI Integration: Google Gemini API (Threat contextualization)
- Cryptography: Node Crypto (SHA-256 Hash Chaining)
- Authentication: JWT & OTP verifications
🚀 Running Locally (Development)
Prerequisites
- Node.js (v18+)
- MongoDB (Local or Atlas URI)
- Google Gemini API Key
1. Backend Setup
bash cd backend npm install
Create a .env file in the backend directory:
PORT=5000
MONGO_URI=your_mongodb_connection_string
JWT_SECRET=your_super_secret_jwt_key
GEMINI_API_KEY=your_google_gemini_key
npm run dev
2. Frontend Setup
bash cd frontend npm install
Create a .env file in the frontend directory:
VITE_API_URL=http://localhost:5000/api
npm run dev
3. Testing the System
- Log in as an employee and attempt to change your bank account.
- Log in as an admin to view the Live Threat Map, verify **Cryptographic Chains, and simulate an **Attack Surge.
👥 Contributors
- Hand-crafted with precision for BisonHacks 2026. ## What it does
Log in or sign up for Devpost to join the conversation.