Fintech Transaction Risk Engine (Fraud Detection Lite)

A production-ready transaction fraud detection system with real-time risk assessment capabilities. Built with Go backend and React frontend.

Requirements

• Detects suspicious financial transactions in real time
• Allows users to make transactions
• Evaluates transactions for risk
• Flags or blocks suspicious transactions
• Transaction ingestion through APIs
• Stores transaction data in a database
• Streams transactions for evaluation

Risk Scoring

Risk scoring based on rules such as:

• Large transaction amounts
• Multiple transactions in a short time
• Transactions from new devices

Returns a risk score for each transaction

Other Details

• Inspired by real-world systems like Visa, Stripe, and Razorpay
• Uses event-driven and asynchronous processing
• Maintains audit trails for transactions and fraud flags

Prerequisites

• Go 1.24+ - Backend runtime
• Node.js 18+ - Frontend runtime
• PostgreSQL 12+ - Database
• Redis 6+ - Session cache
• Make - Build automation
• Git - Version control

Getting Started

1. Clone the Repository

git clone <repository-url>
cd Transaction-Risk-Analysis

2. Environment Configuration

Copy the example environment file and configure your credentials:

cp .env.example .env

Edit the .env file with your database, Redis, email, and admin credentials. Note: The admin credentials you set here will be used for initial login.

3. Run Setup Script

Execute the automated setup script from the root directory:

./setup.sh

Important: When prompted to overwrite the .env file, select No if you've already configured it in step 2.

The setup script will:

• Install backend dependencies
• Install frontend dependencies
• Create the PostgreSQL database
• Run database migrations
• Verify Redis connection

4. Start the Application

Open two separate terminals:

Terminal 1 - Backend:

cd Backend
make run

Backend will start on http://localhost:8080

Terminal 2 - Frontend:

cd Frontend
npm run dev

Frontend will start on http://localhost:3000

Application Flow

Initial Setup & Admin Login

1. Login as Admin

   • Use the admin credentials you configured in the .env file
   • Navigate to http://localhost:3000/login
   • Enter admin email and password
   • Verify OTP sent to your email

2. Create Users

   • Navigate to the Users tab
   • Create two users with the following details:
     • Name, email, phone, password
     • Device info (e.g., "phone")
     • Location (latitude/longitude)
     • Initial deposit: 5-10 lakhs or more (₹500,000 - ₹1,000,000)
   • Important: Use working email addresses - OTPs and transaction alerts will be sent there
   • Both users will receive account creation approval

Testing Fraud Detection

3. Login as User

   • Open a new browser or incognito window
   • Login with one of the newly created users
   • Complete OTP verification

4. Make a Transaction

   • Copy the second user's account number (the one you're NOT logged in as)
   • Navigate to Create Transaction
   • Enter the recipient account number

5. Trigger Risk Rules

   To flag or block a transaction, trigger one or more risk rules:

   a) Dynamic Amount Rule (35 points)

   • First transaction: Amount > ₹1 lakh (₹100,000)
   • Subsequent transactions: Amount > 2x your average transaction amount
   • (Make 3-4 small transactions first, then a large one to trigger)

   b) New Device Rule (20 points)

   • User was created with device info: "phone"
   • Make transaction with different device: "laptop" or "tablet"

   c) Geo-Location Anomaly Rule (20 points)

   • Use different latitude/longitude than user's registration location
   • Example: Register at (19.0760, 72.8777), transact from (28.6139, 77.2090)

   d) Velocity Rule (25 points)

   • Make 5+ transactions within 5 minutes

   Risk Score Thresholds:

   • Score 30-69: Transaction is FLAGGED (requires user approval)
   • Score ≥70: Transaction is BLOCKED (rejected immediately)

   Tip: Trigger 1-2 rules for flagged transaction, 3+ rules for blocked transaction

6. Approve Flagged Transactions

   • When a transaction is flagged, an email is sent to the user
   • Click the verification link in the email
   • Important: Open the link in the same browser where the user is logged in
     • The link contains localhost address (app not deployed yet)
     • Opening in a different browser/device won't work
   • Review transaction details
   • Approve or reject the transaction

7. View Transaction Audits

   • Navigate to Transactions tab
   • Click on any transaction to view details
   • Check Audit Trail for complete event history
   • View Rule Breakdown to see which rules were triggered

Available Scripts

Backend

# Development
make run          # Run the application
make build        # Build the binary
make test         # Run all tests
make test-coverage # Run tests with coverage report
make fmt          # Format code
make lint         # Run linter
make clean        # Clean build artifacts

# Database
make migrate      # Run database migrations
make clean-db     # Clean database (removes all data)

Frontend

npm run dev       # Start development server
npm run build     # Build for production
npm run preview   # Preview production build
npm run lint      # Run ESLint

Additional Commands

Port Management

# Check if port is in use
lsof -i :8080     # Backend
lsof -i :3000     # Frontend

# Kill process on port
lsof -ti:8080 | xargs kill -9
lsof -ti:3000 | xargs kill -9

Database Management

# Access PostgreSQL CLI
psql -U postgres -d fraud_detection_db

# Check database connection
pg_isready -U postgres

# Count records
psql -U postgres -d fraud_detection_db -c "SELECT COUNT(*) FROM transactions;"

Redis Management

# Check Redis connection
redis-cli ping    # Should return: PONG

# View cached sessions
redis-cli KEYS "session:*"

# Clear all cache
redis-cli FLUSHALL

Logs

# Backend logs
cd Backend
tail -f server.log

# Search for errors
grep ERROR server.log

Project Structure

.
├── Backend/              # Go backend service
│   ├── cmd/             # Application entry points
│   ├── config/          # Configuration management
│   ├── internal/        # Private application code
│   ├── pkg/             # Public libraries
│   ├── migrations/      # Database migrations
│   └── tests/           # Test suites
├── Frontend/            # React frontend application
│   ├── src/            # Source code
│   ├── public/         # Static assets
│   └── package.json    # Dependencies
├── .env                # Environment variables
├── setup.sh            # Automated setup script
└── README.md           # This file

API Documentation

API documentation is available via Postman collection:

Backend/postman_collection.json

Import this file into Postman to test all API endpoints.

Troubleshooting

Backend won't start

• Check if PostgreSQL is running: pg_isready
• Check if Redis is running: redis-cli ping
• Verify .env file configuration
• Check if port 8080 is available

Frontend won't start

• Check if port 3000 is available
• Verify node_modules are installed: npm install
• Check backend is running on port 8080

Emails not sending

• Verify EMAIL_USER and EMAIL_PASS in .env
• For Gmail: Use App Password (not regular password)
• Enable 2FA and generate App Password in Gmail settings

Transaction not flagged

• Ensure you're triggering enough risk rules
• Check transaction amount relative to user's average
• Verify device info and location are different from registration
• View rule breakdown in transaction details

License

Proprietary - Internal Project