SmurfDetect

SmurfDetect maps the full transaction network, spots the pattern, and sends the graph to GPT-4o vision to auto-generate a Suspicious Activity Report

Comment

Inspiration

bunq was fined €2.6M in 2025 for failing to properly investigate suspicious transactions. The problem wasn't that they had no alerts — it was that no system was connecting the dots across accounts. Smurfing hides in plain sight because every individual payment looks normal. That gap is what SmurfDetect was built to close.

What it does

SmurfDetect pulls transaction data from the bunq API, anonymises all account identifiers, builds a live transaction network graph, and detects smurfing clusters — multiple accounts funnelling money into one target within a short window. When a cluster is flagged, the graph image is sent to GPT-4o vision which reads the visual network topology and writes a full Suspicious Activity Report automatically.

How we built it

Five layers: bunq sandbox API for transaction data → SHA-256 privacy anonymiser (no PII ever enters the graph) → NetworkX graph engine → rule-based smurf pattern detector (star topology, amount similarity, time compression, below-threshold structuring) → GPT-4o multimodal vision for SAR generation. Deployed as a Flask app on Koyeb. Users can also upload a bank statement photo directly — GPT-4o extracts the transactions from the image and feeds them into the pipeline.

Challenges we ran into

The multimodal requirement pushed us to go beyond just sending text to an AI. The real challenge was making the image genuinely useful — not decorative. The graph image carries structural information that the numerical data alone doesn't: the visual star pattern is immediately obvious to GPT-4o in a way that a list of edges isn't. Getting that rendering right, and prompting the model to actually describe what it sees, took iteration.

Accomplishments that we're proud of

The privacy layer. No real IBAN or account identifier ever enters the graph, the AI prompt, or the SAR. Every account is replaced with a per-run HMAC-SHA-256 token before any processing happens. This is based on a published anonymous authentication architecture validated with NHS Digital — the same pattern applied to banking. GDPR compliant by design, not by policy.

What we learned

Graph topology is a modality in itself. A transaction network rendered as an image carries information that pure numerical data misses — the shape of money movement. GPT-4o can read that shape and reason about it. That combination of structured detection plus visual reasoning is more powerful than either alone.

What's next for SmurfDetect

Real-time webhook integration with bunq's notification API so clusters are flagged the moment transactions happen rather than on-demand. Expanding pattern detection beyond smurfing to layering and placement. And a compliance officer dashboard where SARs can be reviewed, approved, and submitted directly to financial intelligence units.

Built With

Share this project:

Updates