Hackathon Highlight: Mobile Banking Fraud Protection
The shift toward cashless payments has made banking more convenient, but also more vulnerable. Fraudulent transactions, identity theft, and SIM swap attacks are becoming alarmingly common. At a recent Vonage hackathon, one team set out to change that with their project: Mobile Banking Fraud Prevention.
Vonage software engineers Sahil Khanna, Arunraj Manrajan, and Ramaraj Karuppusamy built a proactive fraud detection system that uses Vonage Network and Communication APIs to verify identities and assess transaction risk in real-time. The result is a smooth yet secure experience for mobile banking users.
Their project is available on GitHub with full instructions below.
Mobile payment fraud is on the rise, including unauthorized transactions.
Most banking apps detect fraud only after it has happened.
Fraud lowers customer trust and causes large financial losses.
Maintain a smooth UX.
The team created a real-time validation system that uses Vonage APIs to verify user identity and transaction legitimacy, preventing fraud from occurring. It integrates with banking platforms and includes a responsive demo e-commerce website to simulate real-world use.
When a transaction is initiated, the system runs background checks, including SIM status, roaming, and geolocation. If any of these checks fail, the transaction is flagged. For suspicious activity, the user is prompted to verify their identity with a one-time password (OTP) sent via SMS, and the transaction is only allowed after successful OTP verification. To showcase this process, a fully functional demo website simulates the shopping and checkout experience, with Vonage API calls running behind the scenes.
Below is an image of the project workflow:
Project Workflow
You'll need the following installed:
The team built the core application with Node.js, NestJS for the backend API, and HTML, CSS and JS to create a responsive demo website. Along with the following Vonage APIs:
Number Verification API: Confirms that the phone number (MSISDN) is valid and active.
SIM Swap API: Detects if the SIM card was recently replaced, which is an indicator of possible fraud.
Device Status API: Identifies if the device is roaming internationally.
Device Location API: Verifies if the device is in the expected home region.
SMS API (OTP): Adds a final layer of user confirmation for high-risk transactions.
If you want to try this out yourself, clone the repo and set up your .env file with:
VONAGE_APPLICATION_JWT: Generated from https://developer.vonage.com/en/jwt
VONAGE_MESSAGING_API_KEY: Available on Vonage API Dashboard.
VONAGE_MESSAGING_API_SECRET: Available on Vonage API Dashboard.
OTP_WHITELISTED_MSISDN: Mobile number registered https://dashboard.nexmo.com/messages/sandboxTo run the demo standalone from the command line, do:
Once the server is running, you can access:
Swagger API docs: http://localhost:3000/api-docs
Demo website: http://localhost:3000/?user-id=67460869dc840fad5b062a60 (positive test user)
Demo website: http://localhost:3000/?user-id=67460bb3dc840fad5b062a61 (negative test user)
Online payment fraud isn’t just an inconvenience, it’s a billion-dollar problem. By combining Vonage’s SIM Swap, Number Verification, Device Info, and OTP APIs into a cohesive system, this project proves that fraud prevention doesn’t have to come at the expense of user experience.
We’re proud to spotlight this project as a model for what’s possible when developers creatively apply Vonage APIs to real-world problems.
Got any questions or comments? Join our thriving Developer Community on Slack, follow us on X (formerly Twitter), or subscribe to our Developer Newsletter. Stay connected, share your progress, and keep up with the latest developer news, tips, and events!
){kind=small}