Truely

A Flask-based universal add-on MFA verification layer for online payments that merchants can integrate to add extra security to their payment flows.

What it does

Truely is a plug-and-play JavaScript component, where online retailers can attach our automatic MFA library to their product pages while only writing a few lines of code!

Like a captcha, but even hotter. We ensure that online merchants avoid costly refunds and transaction fees associated with fraudulent payments with almost no overhead cost and no inconvenience to customers. Users are instantly notified via email of any potentially fraudulent activity, even before the scammer tries to get through MFA.

How we built it

Our app leverages a lightweight Flask backend, a React-based frontend library, and a MongoDB Atlas database. Users can choose to authenticate through SMS or mobile push, powered by Cisco's Duo authorizer.

Challenges we ran into

Reducing the footprint of our plugin as much as possible was a challenge, as we focused on making Truely as easy to install as possible for non-technical retailers. Ultimately, this led to us having to limit one of our planned 2fA features - call-based authentication, because it added too much overhead to the application. If given more time, we'd really like to expand our repertoire of authorization options.

Accomplishments that we're proud of

Truely is incredibly fast, safe, and easy to use. It integrates seamlessly into any application, so merchants can use it at almost no cost to themselves or their users. Our service is opt-in, so if you aren't interested in using Truely, you won't even know it's there.

What we learned

None of us had ever done a substantial authorization project before, so this was a really great learning experience. Looking back, we understand so much more about technical implementations of MFA, as well as the real-world implications it has on topics like online payment fraud.