fraud-de.tech — Intelligent Fraud Triage Dashboard

Inspiration

Trust & Safety analysts face severe alert fatigue. A Level 1 fraud reviewer often has to jump between five or more tools — a raw alert table, card history database, IP lookup tool, geo-map, and CRM — just to understand why a single transaction was flagged.

When every alert looks like another row in a database, reviewers experience cognitive overload. This slows decisions, increases missed patterns, and makes fraud investigation harder than it needs to be. We built fraud-de.tech to reduce context-switching and help analysts make confident decisions in seconds.

What it does

fraud-de.tech is an intelligent, single-pane-of-glass fraud triage dashboard. Instead of overwhelming analysts with a crowded table of alerts, the system presents transactions one at a time and pre-correlates the most important intelligence around each case.

Key features include:

• Explainable AI: Instead of showing only a black-box risk score, the system explains why a transaction was flagged in plain English, such as: “Amount is 14x the card median” or “New device used for this card.”
• Lightning-fast triage: The alert queue is fully keyboard-driven. Analysts can press A to approve, D to dismiss, or E to escalate without touching the mouse.
• Rich contextual visualizations: Analysts can instantly view 30-day card history charts, interactive entity relationship graphs using Vis.js, and geographic IP maps using Leaflet.js.
• In-session learning: When an analyst dismisses a false positive, the backend immediately down-weights similar merchant risk signals, suppressing related false positives for the rest of the session.
• Ask AI: For complex cases, an integrated LLM streams a real-time natural-language analysis of the transaction’s risk factors.

How we built it

We optimized for speed, reproducibility, and simplicity while avoiding unnecessary framework complexity.

• Backend and data engine: We used Python and FastAPI to build an asynchronous REST API. Instead of relying on a heavy database during the hackathon, we used in-memory Pandas for fast vectorized queries.
• Machine learning pipeline: We engineered 12 fraud-detection features, including time-windowed transaction velocity and cross-border mismatch indicators. We trained a Scikit-learn Random Forest classifier and used class_weight='balanced' to handle the highly imbalanced dataset, where only about 7% of transactions were fraudulent.
• Network analysis: We used NetworkX to build an entity graph connecting card_id → device_id → ip_address. This allowed us to identify coordinated fraud rings that would appear normal if each card were reviewed in isolation.
• Frontend: We built a zero-build-step vanilla HTML/CSS/JavaScript single-page application. We used Chart.js for transaction history charts, Vis.js for entity graphs, and Leaflet.js for geographic mapping.

Challenges we ran into

• Detecting coordinated attacks: Many fraud patterns, such as card testing and merchant burst waves, look normal at the individual-card level. We had to build cross-card aggregation rules and graph-based network analysis to catch shared IPs and devices across distinct cards.
• Noisy unsupervised learning: We initially explored Isolation Forests, Local Outlier Factor, and DBSCAN for anomaly detection, but they produced too many false positives. We pivoted to a supervised approach using deterministic labels reverse-engineered from the dataset.
• Class imbalance: Fraud is rare, so a naïve model can achieve high accuracy by predicting “not fraud” every time. Tuning the Random Forest to balance precision and recall was one of the most delicate parts of the project.

Accomplishments that we’re proud of

• Moving beyond black boxes: We are proud of our explainability engine. In fraud review, telling an analyst why a model made a decision is just as important as the decision itself.
• Building an in-session feedback loop: We successfully created a dynamic suppression system where the dashboard learns from analyst dismissals immediately, without requiring a slow model retraining loop.
• Creating a synchronized investigation interface: The UI connects alerts, card behavior, entity graphs, and geographic context into one workflow. For example, clicking a suspicious IP node in the network graph can immediately pan and zoom the map to its physical location.

What we learned

• In-memory Pandas operations are extremely fast at this scale and remove the friction of database migrations during a 24-hour hackathon.
• Complex synchronized visualizations can be implemented cleanly without heavy frontend frameworks like React or Next.js.
• Unsupervised anomaly detection is useful for initial exploration, but supervised learning with carefully engineered features is more reliable for high-precision fraud triage.

What’s next for fraud-de.tech

• Graph database migration: Move the in-memory network analysis to Neo4j to track multi-degree connections across months of historical data and detect slow-burn synthetic identity rings.
• Real-time streaming: Implement a Kafka pipeline for time-windowed velocity tracking as transactions arrive live.
• On-premise LLM deployment: Deploy a quantized Llama 3 8B model inside a secure VPC to support the Ask AI feature while ensuring cardholder PII never leaves the network perimeter.
• SIEM integration: Pipe comprehensive audit logs into Splunk or Datadog to build real-time SOC dashboards for analyst handle times and emerging attack vectors.

Built With

• chart.js
• css
• fastapi
• google-gemma-4
• html
• javascript
• leaflet.js
• openstreetmap
• pandas
• python
• scikit-learn
• vis.js