A real-time fraud detection system that streams financial transactions through a weighted risk-scoring engine and surfaces alerts on a live dashboard.
Fraud doesn't announce itself โ it hides in velocity spikes, impossible travel, mismatched verification codes, and devices that don't quite look right. RiskRadar watches every transaction as it streams through Kafka, scores it against more than a dozen weighted risk factors, and raises an alert the moment something crosses the line.
It's built for the workflow financial teams actually need: ingest โ score โ alert โ review โ with a dashboard that turns raw fraud signals into something a human can act on in seconds.
|
|
|
| Category | Signals |
|---|---|
| ๐ Velocity | High-frequency transaction bursts |
| ๐ Geography | Impossible travel distance between transactions |
| ๐ช Merchant Risk | Suspicious merchants & high-risk categories |
| ๐ฑ Device Security | VPN, Tor, emulators, rooted devices |
| ๐ Verification | CVV and AVS mismatch monitoring |
| ๐ค Account Behavior | New-account risk, decline patterns |
| ๐ Timing | Unusual late-night transaction activity |
- Ingestion โ Transactions arrive (generated or external) and are published to the Kafka
transactionstopic, with full metadata: location, device, amount, and more. - Real-time processing โ A Kafka consumer picks up each transaction immediately and extracts scoring features: velocity, geo-distance, timing, verification status.
- Fraud scoring โ A weighted algorithm computes a fraud probability between 0 and 1, then maps it to a risk level:
LOWโMEDIUMโHIGHโCRITICAL. - Alerting โ Any transaction scoring โฅ 0.4 automatically generates an alert with reason codes explaining exactly why it was flagged.
- Dashboard โ The frontend polls the backend for live updates; alerts can be reviewed, assigned, and resolved in real time.
- Persistence โ Every transaction and alert is stored in MongoDB, building behavioral profiles over time.
const weights = {
velocityCount: 0.15, // Transaction frequency
amountDelta: 0.10, // Amount pattern deviations
geoDistance: 0.18, // Geographic anomalies
isNightTime: 0.08, // Unusual timing
isSuspiciousMerchant: 0.15, // Risky merchants
isSuspiciousCategory: 0.12, // Risky categories
isHighAmount: 0.08, // Large transactions
isVPN: 0.05, // VPN detection
isTor: 0.10, // Tor network detection
cvvFail: 0.12, // CVV verification failure
avsFail: 0.08, // Address verification failure
suspiciousDevice: 0.10, // Device fingerprinting
cardTesting: 0.12, // Card testing patterns
newAccount: 0.07 // New account risk
};Thresholds live in backend/server.js:
const CRITICAL_THRESHOLD = 0.7;
const HIGH_THRESHOLD = 0.5;
const MEDIUM_THRESHOLD = 0.3;
const ALERT_THRESHOLD = 0.4; // Alerts fire above this scoreBoth are tunable โ turn the dial up or down depending on how aggressive you want detection to be.
git clone <repository-url>
cd FraudDetectionApp-mainSet up backend environment variables in backend/.env:
MONGODB_URI=mongodb://localhost:27017/fraud_detection
KAFKA_BROKERS=localhost:9092
KAFKA_BROKER=localhost:9092
PORT=5000
Start everything:
docker-compose up -dThis brings up Zookeeper, Kafka, MongoDB, and the backend API. Then start the frontend:
npm install
npm run devApp available at http://localhost:5173
cd backend && npm install # backend deps
cd .. && npm install # frontend deps
docker-compose up zookeeper kafka mongodb -d # infra only
cd backend && npm run dev # start backend
npm run dev # start frontend (new terminal)|
Transactions Alerts |
Stats & System |
Fire a synthetic high-risk transaction straight at the API:
curl -X POST http://localhost:5000/api/transactions \
-H "Content-Type: application/json" \
-d '{
"id": "TEST001",
"accountId": "ACC001",
"amount": 75000,
"merchant": "UNKNOWN_MERCHANT",
"category": "CRYPTO",
"location": {"city": "Mumbai", "country": "IN"},
"cvvMatch": false,
"avsMatch": false,
"isVPN": true
}'This combination โ unknown merchant, crypto category, failed CVV, active VPN โ should land solidly in HIGH or CRITICAL territory.
- Financial institutions โ real-time payment fraud detection, automated alerting, audit trails
- E-commerce platforms โ order fraud prevention, account takeover detection
- Banking applications โ transaction monitoring, card fraud, AML compliance
| Symptom | Check |
|---|---|
| Kafka won't connect | Zookeeper must be running before Kafka; verify KAFKA_BROKERS and that port 9092 is free |
| MongoDB won't connect | docker ps to confirm the container is up; verify MONGODB_URI in backend/.env; confirm port 27017 is reachable |
| Frontend can't reach API | Confirm backend is running on port 5000; check CORS config; rule out a local firewall |
Built by Devanshu Sharma ยท provided for educational and development purposes.