VeriFlow

VeriFlow Inspiration Online payment security is often a black box for both consumers and merchants. Users face increasing friction, while merchants lack a clear, trustworthy view into their own risk landscape. We were inspired to build a unified system that protects users from fraud with a seamless "Payment Passport" while giving merchants transparent, actionable analytics to see fraud patterns and checkout health in one place, fast.

What it does VeriFlow is a smart, two-sided payment verification network that protects users and empowers merchants.

For Users: The Payment Passport Our system introduces a portable, user-centric identity. The first time a user checks out on any site in our network, we use Plaid for a one-time, high-trust bank verification. For all future purchases, the system recognizes them via device fingerprinting. High-value transactions (≥$500) or suspicious activity trigger a seamless push notification to their Microsoft Authenticator app, ensuring security only when it's needed.

For Merchants: The Analytics Dashboard Without requiring any backend integration, VeriFlow provides merchants with a live analytics dashboard. It aggregates and visualizes transaction data, showing fraud origins by location, MFA conversion rates, and checkout funnel health. A key feature is our Gemini integration, allowing merchants to generate on-demand charts from natural-language prompts.

How we built it We built VeriFlow with a modern, modular architecture to serve both sides of the platform.

Backend: A Node.js/Express API serves as the core risk engine, with all data stored in a MongoDB Atlas cluster. It integrates with the Plaid API for bank verification and the Microsoft Graph API for push notification MFA.

User-Facing Frontend: A lightweight Chrome Extension built with Vanilla JavaScript handles device fingerprinting and user interaction on merchant sites.

Merchant-Facing Frontend: The analytics dashboard is a Next.js application using the App Router, with a strongly-typed, modular component library built with React and Tailwind CSS.

Challenges we ran into Integrating multiple complex systems presented significant challenges. On the backend, managing the Plaid API's multi-step token exchange and the Microsoft Graph API's token storage was a major hurdle. We also faced persistent MongoDB connection issues (SSL errors and timeouts) that required careful configuration.

On the frontend, implementing an efficient real-time polling mechanism without overwhelming the server was difficult. For the dashboard, normalizing heterogeneous transaction data into a single, type-safe shape for visualization proved to be a complex data modeling challenge.

Accomplishments that we're proud of We are incredibly proud of building a cohesive, dual-value platform that serves both users and merchants. Creating a seamless, adaptive security experience for users that simultaneously feeds a zero-integration, production-lean analytics dashboard for merchants was a huge success. The prompt-to-chart feature using the Gemini API is a standout accomplishment, offering truly flexible, ad hoc analytics.

What we learned This project provided deep insights into both product design and technical implementation. We learned the importance of balancing robust security with a frictionless user experience. Technically, we gained a deep understanding of Plaid and Microsoft's complex authentication flows, mastered real-time communication patterns between the frontend and backend, and learned effective patterns for maintaining type-safety and clean client/server boundaries in a Next.js App Router application.

What's next for VeriFlow VeriFlow is poised to become the future of secure, intelligent payment verification. Our roadmap includes:

Enhanced Security: Integrate biometric authentication and build a machine learning-based risk scoring engine to move from static rules to predictive fraud detection.

User Experience: Develop a native mobile app and Progressive Web App (PWA) to create a ubiquitous "Payment Passport" for users.

Technical Enhancements: Migrate to a microservices architecture, implement WebSockets for true real-time notifications, and build out a comprehensive automated testing suite for continuous deployment.