TikTok Live AML Risk Scoring

Fun without fraud: safeguarding TikTok Live from money laundering.

Comment

TikTok Live AML Risk Scoring

Inspiration

We’ve all watched TikTok Live streamers light up when a roaring Lion appears on screen, and we know that effect comes with a hefty price tag. It’s fun and exciting, but when money flows so easily through something seen as just a simple activity, it raises an important question: could this be exploited for money laundering? As TikTok Live grows, we want to keep it safe, compliant, and trustworthy. That’s why we chose this project, to show how an AML Risk Scoring solution can protect the platform, its users, and its reputation while still keeping the fun alive.

What it does

Our AML Risk Scoring solution is designed to detect and assess suspicious activity on TikTok Live. By evaluating user transactions and behavior, the system calculates a risk score based on predefined metrics, helping identify potential money laundering activities.

How we built it

1. Concept Generation

The first stage focused on brainstorming and defining the overall approach. As a team, we identified the key tasks, divided responsibilities, and outlined what needed to be done to complete the project successfully.
During this stage, we decided on the metrics that could indicate money laundering activity.

  • Main Triggering Metrics (1.0 level): Transaction Activity, Synchronized Transactions, and Shared IPs across multiple accounts.
  • Supporting Metrics (0.5 level): User Engagement, Account Age, and Low KYC Risk.

Whenever a user activated one or more of these metrics, the values were summed to determine the overall risk level:

  • Level 1 - 1.5: low risk
  • Level 2 - 3 : medium risk
  • Level 3.5+ : high risk

2. Assigning Each Member’s Job

To ensure clear accountability and efficiency, each team member was given a specific role:

  • Phoebe Kuek: Set up and managed the SQL database on Supabase, ensuring the structure worked smoothly for risk scoring and integration.
  • Michelle Halim: Focused on the user interface and API integration, making the system user-friendly and reliable.
  • Kareena Nandwani: Designed and built the interactive dashboard, and worked on connecting it to the Supabase database.
  • Sofeanna Yusof: Supported the development of the user interface and API, improving navigation and overall usability.
  • Luvena Liethanti: Contributed to refining the SQL risk scoring logic and handled documentation for the project submission.

3. Linking it all up

a. React UI to Supabase

  • We built a small supabaseClient.js with our project URL and anon key.
  • The UI calls this client whenever a viewer sends a gift.
  • Each click inserts a row into the gift_events table with viewer_id, gift_type, gift_coins, and a live session_duration_secs (computed in React with a timer).

b. Row-Level Security

  • We enabled RLS on gift_events.
  • Our policy allows anonymous inserts only for U001, ensuring the demo remains safe.

c. Postgres Triggers

  • An AFTER INSERT trigger (trg_gift_events_ai_fn) updates users_master.
  • The trigger seeds users_master from profiles_catalog if needed.
  • It increments num_transaction, updates coins_per_transaction to reflect the average of all gifts so far, and sets avg_session_duration_secs from the latest event.
  • Finally, it calls apply_risk to recompute risk_score and risk_label.

d. Analytics Dashboard (Streamlit)

  • Our Streamlit app connects directly to Supabase Postgres using SQLAlchemy and the DATABASE_URL.
  • We query users_master for display and auto-refresh every 5 seconds using streamlit_autorefresh plus a cached load_data function with a 5-second TTL.
  • The dashboard shows:
    1. A leaderboard of all users.
    2. A drill-down panel for selected viewers.
    3. A colored badge for risk label (green, yellow, red) to highlight status changes instantly.

e. Demo Setup

  • We kept 29 users static for context.
  • Live updates were limited to U001 through RLS policies and trigger logic.
  • This gave us a safe, deterministic demo where only U001 changes dynamically, while the other users provide stable comparison points.

Challenges we ran into

  1. Learning Curve

    • Challenge: Some team members were not familiar with SQL, UI design, or API integration, so we had to quickly pick up new skills and apply them to the project.
    • Solution: We supported one another throughout the process, sharing knowledge and helping each other learn as we went along.

  2. Time Constraints

    • Challenge: With limited time, it was tough to balance learning new technologies while still meeting deadlines.
    • Solution: We managed this by collaborating closely, staying focused, and dedicating our time effectively to complete the project on schedule.

Accomplishments that we're proud of

  1. Built a working prototype to detect potential money laundering on TikTok live streams within the hackathon’s fast timeframe
  2. Designed a custom justified risk scoring system based on live-stream behaviours (e.g. abnormal gift transactions, rapid cash-outs, suspicious viewer activity)
  3. Integrated data pipeline, dashboard, and scoring logic into one functional system
  4. Adapted financial crime detection methods creatively to a social media context
  5. Everyone learned and applied new tools to build the solution

What we learned

  1. The Process Flow
    We started by going back to the basics, learning what money laundering really is and why detecting it matters. From there, we identified the key metrics and scenarios that could indicate suspicious activity. To make sense of these, we split them into two categories: main metrics with higher weight, and supporting metrics that add context. This became the foundation of our risk scoring model. We then defined how alerts should be grouped into low, medium, and high risk levels, based on the triggers from these metrics. Finally, we designed and built an interactive dashboard, which gave us practical insights into how TikTok might use risk scoring for reporting and monitoring.

  2. Skills and Collaboration
    Not everyone on the team started with the same strengths. Some of us were more comfortable with data, while others leaned toward UI design. Working together meant we had to teach and learn from each other. This collaboration helped us identify gaps, sharpen our skills, and bring both sides of the project together into a complete solution.

  3. Teamwork
    In the end, the biggest lesson was the importance of teamwork. With limited time, the project only came together because each team member committed their effort, shared their expertise, and supported one another. The experience not only strengthened our technical skills but also taught us how to work effectively as a team under pressure.

What's next for TikTok Live AML Risk Scoring

  1. Expand Metrics: Incorporate more behavioral and transactional signals, such as velocity of gifts, network analysis between accounts, and anomaly detection using machine learning.
  2. Real-Time Streaming Data: Move from event-based inserts to streaming pipelines (e.g., Kafka or Supabase Realtime) for faster detection and alerts.
  3. Scalability: Optimize the database and risk functions to handle millions of concurrent viewers and transactions.
  4. Integration with TikTok Systems: Connect the risk scores with moderation and compliance tools so that high-risk accounts can be flagged or reviewed in real time.
  5. Enhanced Dashboard: Add richer analytics, role-based access, and custom alert thresholds for compliance teams.
  6. Future Compliance Features: Explore case management workflows, audit logs, and reporting tools to align with AML regulations.

Built With

  • python-(streamlit)
  • react
  • sql
  • supabase
  • supabaseapi
+ 3 more
Share this project:

Updates