AI-powered transaction risk monitoring, compliance automation, and fraud detection for cross-border payments
🌐 Live Demo: https://payguard-ai-production.up.railway.app
PayGuard AI is a compliance and risk tooling SaaS platform built for the Afriex Cross-Border Fintech Hackathon. It provides financial institutions with real-time transaction monitoring, ML-powered risk scoring, a Human-in-the-Loop (HITL) review workflow, multi-tenancy, and a Rule Marketplace — all deployed on Railway with PostgreSQL.
Cross-border payment platforms process thousands of transactions daily. Compliance teams struggle with:
- Manual review bottlenecks — Can't keep up with transaction volume
- Delayed fraud detection — Suspicious activity caught too late
- Inconsistent decisions — No standardized risk assessment framework
- Audit trail gaps — Difficulty proving compliance to regulators
- One-size-fits-all rules — No industry-specific tuning for risk thresholds
PayGuard AI automates the first line of defense while keeping humans in control of critical decisions:
- Real-time Risk Scoring — Every transaction analyzed instantly via configurable rules + ML model
- ML-Powered Fraud Detection — Learns from HITL feedback, auto-retrains hourly
- Smart Routing — Low-risk transactions auto-approve; high-risk ones go to human reviewers
- Human-in-the-Loop — Compliance officers review, approve, or reject flagged transactions
- Rule Marketplace — Pre-built industry packs (Remittance, E-Commerce, Lending, Crypto) with one-click import
- Complete Audit Trail — Every decision logged for regulatory compliance
- Multi-Tenancy — Full data isolation per organization with RBAC
- 📊 Live Dashboard — Real-time stats, charts, risk distribution, and transaction monitoring
- 🔍 Risk Analysis Engine — 6 configurable rules + ML scoring with per-rule analytics
- 👥 HITL Review Queue — Prioritized list of transactions needing human review
- ⚡ Real-time Updates — SignalR-powered instant notifications
- 📋 Rules Management — Create, edit, toggle, and import risk detection rules
- 📈 Compliance Reports — Visual analytics with risk distribution charts and CSV export
- 📝 Audit Logging — Complete history of all actions and decisions
- 🤖 ML Risk Scoring — Binary classification model trained on HITL feedback (FastTree)
- 🔄 Auto-Retraining — Background service checks hourly for new labeled data
- 📊 Model Management — View training metrics (AUC, F1, precision/recall), activate/deactivate models
- 🧠 Feature Engineering — 12 features extracted from transaction context (amount, velocity, time, corridor risk)
- 💡 Smart Rule Suggestions — ML-driven analysis of review patterns to suggest new rules and threshold adjustments
- 🏪 Template Catalog — 24 pre-built templates across 4 industries
- 📦 Industry Packs — One-click import of all 6 rules optimized for your industry
- 📊 Rule Analytics — Per-rule effectiveness: hit rate, precision, false positive rate
- 🔄 Import/Update — Import new rules or update existing ones with recommended thresholds
- 📜 Rule Versioning — Full version history with diff comparison and rollback
- 🕸️ Fan-out/Fan-in Detection — Network analysis to detect structuring rings where one sender splits to many receivers or many senders funnel to one receiver
- 🚫 Watchlists & Blocklists — Custom watchlists with automatic matching against transactions using name/email/country criteria
- 🔗 Relationship Analysis — Graph-based visualization of transaction networks between entities
- 🛡️ GDPR Compliance — Data subject search, export (JSON/CSV), right-to-erasure with full audit trail
- 📄 Invoice PDF Generation — QuestPDF-powered professional invoices with automatic numbering and PDF download
- 📊 Advanced Reports — Scheduled report generation with background processing and viewer dialog
- 🧾 System Logs — Centralized, structured logging with retention policies and level-based filtering
- 🏢 Multi-Tenancy — Tenant-scoped data isolation via middleware + EF Core query filters
- 🔐 OAuth 2.0 & Magic Links — Production-ready auth (Azure AD/Google/Okta) + passwordless login
- 👮 RBAC — 4-tier roles: Reviewer, Manager, Admin, SuperAdmin with custom permissions
- 🚀 Tenant Onboarding — Guided wizard for new organizations
- 💳 Billing — Paystack-powered subscription management with usage-based pricing tiers (Trial/Starter/Pro/Enterprise)
- 📧 Email Notifications — Resend-powered alerts for critical risk events with per-user preferences
- 🔑 API Keys & Webhooks — Self-service API key management and webhook configuration with signature verification
- 💱 Multi-Provider Support — Afriex, Flutterwave, Wise payment provider abstraction
- 📡 Monitoring Dashboard — Real-time operational metrics: throughput, error rates, risk distribution, review queue depth, webhook activity, and 7-day trends
- 🚦 Rate Limiting — Fixed-window rate limiter scoped per tenant
- 💾 Response Caching — In-memory caching for dashboard stats and transactions
- 🚨 Alerting Service — Automatic alerts for critical-risk transactions
- 📡 Health Checks —
/healthendpoint for uptime monitoring - 📊 Prometheus Metrics —
/metricsendpoint with request timing and slow-request warnings - 🚩 Feature Flags — Safe deployment with instant rollback
- 🐘 PostgreSQL — Production database on Railway (SQLite for local dev)
- 🔒 Security Hardened — No eval() injection, Swagger restricted to dev, secure cookie policies, sanitized error messages
- 📱 Progressive Web App — Installable on mobile with offline shell caching
- 🔽 Mobile Bottom Navigation — Touch-friendly nav bar with badge counts
- 👆 Swipe-to-Review — Swipe right to approve, left to reject on mobile review queue
- 🔄 Pull-to-Refresh — Touch-native refresh gesture on review and transaction lists
- 📐 Responsive Layout — Auto-closing drawer on mobile, compact cards, 48px touch targets
- 🔔 Web Push Notifications — Service worker push support for real-time alerts
| Layer | Technology |
|---|---|
| Frontend | Blazor Server, MudBlazor 8.x |
| Backend | ASP.NET Core 10 |
| Database | PostgreSQL (production) / SQLite (development) |
| ML | ML.NET (FastTree binary classification) |
| Real-time | SignalR WebSockets |
| Auth | OAuth 2.0 / Magic Links / Demo mode |
| Resend HTTP API | |
| Billing | Paystack |
| QuestPDF | |
| Providers | Afriex, Flutterwave, Wise |
| Caching | IMemoryCache (tenant-scoped) |
| Monitoring | Prometheus, Health Checks, Serilog |
| Deployment | Railway (Docker) |
| Architecture | Clean Architecture (3-layer) |
PayGuardAI/
├── src/
│ ├── PayGuardAI.Core/ # Domain entities and interfaces
│ │ ├── Entities/ # 23 entities
│ │ │ ├── Transaction.cs # Transaction entity
│ │ │ ├── RiskAnalysis.cs # Risk scoring results
│ │ │ ├── RiskRule.cs # Configurable risk rules
│ │ │ ├── RuleTemplate.cs # Marketplace templates
│ │ │ ├── RuleVersion.cs # Rule version history
│ │ │ ├── RuleGroup.cs # Compound rule groups
│ │ │ ├── MLModel.cs # ML model storage
│ │ │ ├── CustomerProfile.cs # Customer risk profiles
│ │ │ ├── AuditLog.cs # Audit trail
│ │ │ ├── SystemLog.cs # Centralized system logs
│ │ │ ├── TeamMember.cs # RBAC team members
│ │ │ ├── CustomRole.cs # Custom permission roles
│ │ │ ├── Invoice.cs # Billing invoices
│ │ │ ├── Watchlist.cs # Watchlists & blocklists
│ │ │ ├── WatchlistEntry.cs # Watchlist entries
│ │ │ ├── WebhookEndpoint.cs # Webhook configuration
│ │ │ ├── TenantSubscription.cs # Billing subscriptions
│ │ │ ├── OrganizationSettings.cs # Tenant settings
│ │ │ └── ... # ApiKey, MagicLinkToken, etc.
│ │ └── Services/ # 23 service interfaces
│ │ ├── IRiskScoringService.cs
│ │ ├── IRuleMarketplaceService.cs
│ │ ├── IRuleSuggestionService.cs
│ │ ├── IMLScoringService.cs
│ │ ├── IWatchlistService.cs
│ │ ├── IRelationshipAnalysisService.cs
│ │ ├── IGdprService.cs
│ │ ├── ITenantContext.cs
│ │ └── ...
│ │
│ ├── PayGuardAI.Data/ # Data access and service implementations
│ │ ├── ApplicationDbContext.cs # EF Core context with multi-tenant query filters
│ │ └── Services/ # 34 service implementations
│ │ ├── RiskScoringService.cs # Rule evaluation + ML scoring
│ │ ├── RuleMarketplaceService.cs # Template browsing, import, analytics
│ │ ├── RuleSuggestionService.cs # ML-driven rule suggestions
│ │ ├── RuleVersioningService.cs # Rule version tracking
│ │ ├── MLScoringService.cs # ML prediction engine
│ │ ├── MLTrainingService.cs # Model training pipeline
│ │ ├── TransactionService.cs # Cached, tenant-scoped
│ │ ├── ReviewService.cs # HITL review workflow
│ │ ├── WatchlistService.cs # Watchlist matching
│ │ ├── RelationshipAnalysisService.cs # Fan-out/fan-in detection
│ │ ├── GdprService.cs # GDPR data operations
│ │ ├── InvoiceService.cs # Invoice CRUD
│ │ ├── MonitoringService.cs # Real-time operational metrics
│ │ ├── TenantOnboardingService.cs # Guided tenant setup
│ │ ├── DatabaseMigrationService.cs # Auto-migration for PostgreSQL/SQLite
│ │ ├── WebhookDeliveryService.cs # Webhook dispatch + retry
│ │ └── ...
│ │
│ └── PayGuardAI.Web/ # Blazor UI, API controllers, middleware
│ ├── Components/Pages/ # 47 pages/dialogs
│ │ ├── Home.razor # Dashboard with live stats
│ │ ├── Transactions.razor # Transaction list with filters
│ │ ├── Reviews.razor # HITL review queue
│ │ ├── Rules.razor # Rule management + suggestions
│ │ ├── RuleMarketplace.razor # Template browsing + analytics
│ │ ├── MLModels.razor # ML model management
│ │ ├── Reports.razor # Compliance analytics + CSV export
│ │ ├── Audit.razor # Audit log viewer
│ │ ├── Send.razor # Transaction simulator
│ │ ├── NetworkAnalysis.razor # Fan-out/fan-in graph visualization
│ │ ├── Watchlists.razor # Watchlist management
│ │ ├── GdprCompliance.razor # GDPR search, export, erasure
│ │ ├── Invoices.razor # Invoice management + PDF download
│ │ ├── Monitoring.razor # Operational monitoring dashboard
│ │ ├── SystemLogs.razor # Centralized log viewer
│ │ └── ... # Billing, Profile, Settings, etc.
│ ├── Controllers/ # 6 API controllers
│ │ ├── WebhooksController.cs # Multi-provider webhooks
│ │ ├── AuthController.cs # Auth endpoints (OAuth, magic link, demo)
│ │ ├── InvoiceController.cs # PDF download endpoint
│ │ └── ...
│ ├── Services/ # 20 middleware & background services
│ │ ├── TenantResolutionMiddleware.cs
│ │ ├── SecurityHeadersMiddleware.cs
│ │ ├── InputValidationMiddleware.cs
│ │ ├── MLRetrainingBackgroundService.cs
│ │ ├── ScheduledReportBackgroundService.cs
│ │ ├── LogRetentionBackgroundService.cs
│ │ ├── InvoicePdfService.cs
│ │ └── ...
│ ├── Hubs/
│ │ └── TransactionHub.cs # SignalR real-time hub
│ └── wwwroot/
│ └── js/payguard.js # Safe JS interop helpers
│
└── tests/
└── PayGuardAI.Tests/ # 266 tests
├── Services/ # 10 unit test classes
│ ├── RuleMarketplaceServiceTests.cs
│ ├── TenantOnboardingTests.cs
│ ├── RbacServiceTests.cs
│ ├── MLFeatureExtractorTests.cs
│ ├── SecurityMiddlewareTests.cs
│ ├── AfriexProviderTests.cs
│ ├── FlutterwaveProviderTests.cs
│ ├── WiseProviderTests.cs
│ ├── PaymentProviderFactoryTests.cs
│ └── TenantIsolationTests.cs
└── Integration/ # API integration tests
├── WebhooksControllerIntegrationTests.cs
└── SecurityIntegrationTests.cs
- .NET 10 SDK
- Git
- Docker Desktop (optional, for containerized deployment)
# Clone the repository
git clone https://github.com/Karinateii/PayGuard-AI.git
cd PayGuard-AI
# Restore dependencies
dotnet restore
# Run the application (uses SQLite by default)
cd src/PayGuardAI.Web
dotnet run
# Open in browser
open http://localhost:5054# Clone and start with Docker Compose
git clone https://github.com/Karinateii/PayGuard-AI.git
cd PayGuard-AI
./start-docker.sh
# Or: docker-compose up -d
# Open in browser
open http://localhost:5054
# View logs / stop
docker-compose logs -f payguard-web
docker-compose downThe app comes with 25 demo transactions and 24 rule templates pre-seeded for testing.
For production deployment to Railway, Heroku, or other cloud platforms, see DEPLOYMENT.md and DOCKER-HEROKU-GUIDE.md.
PayGuard AI supports three authentication modes:
Demo authentication is enabled by default for quick testing:
- Access the dashboard immediately at
http://localhost:5054 - Demo user:
compliance_officer@payguard.ai(SuperAdmin) - No login required
Passwordless email authentication via magic links:
- Users receive a one-time login link via email (Resend API)
- No passwords to manage or forget
Enable enterprise-grade authentication by setting FeatureFlags:OAuthEnabled to true:
{
"FeatureFlags": { "OAuthEnabled": true },
"OAuth": {
"Provider": "AzureAD",
"TenantId": "your-tenant-id",
"ClientId": "your-client-id",
"ClientSecret": "your-client-secret"
}
}Supported Providers: Azure AD, Google Workspace, Okta, any OIDC provider.
- No
eval()injection — All JS interop uses safe, parameterised helper functions (wwwroot/js/payguard.js) - Swagger restricted to development — API docs are not exposed in production
- Secure cookies —
HttpOnly,SameSite=Lax,SecurePolicy=Always - Sanitized error messages — Exception details never leak to the UI; generic errors shown to users with full stack traces logged server-side
- Security headers — CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy via middleware
- Input validation — Request validation middleware rejects malformed payloads
- Webhook signature verification — HMAC-based verification for all inbound webhooks
| Role | Access Level |
|---|---|
| Reviewer | View transactions, approve/reject flagged items, view reports |
| Manager | + Rules, Billing, Invoices, Audit, Rule Marketplace, Watchlists |
| Admin | + Team, API Keys, Webhooks, Analytics, ML Models, Organization Settings, Monitoring, System Logs, GDPR |
| SuperAdmin | + Tenant Management (platform owner) |
PayGuard AI supports multiple payment providers through a unified abstraction layer:
| Provider | Endpoint | Status |
|---|---|---|
| Afriex | POST /api/webhooks/afriex |
✅ Always enabled |
| Flutterwave | POST /api/webhooks/flutterwave |
⚙️ Feature flag |
| Wise | POST /api/webhooks/wise |
⚙️ Feature flag |
# Afriex
curl -X POST http://localhost:5054/api/webhooks/afriex \
-H "Content-Type: application/json" \
-H "X-Afriex-Signature: test-signature" \
-d '{"event":"transaction.completed","data":{"id":"TEST-001","type":"send","status":"completed","amount":500,"currency":"USD","source_country":"US","destination_country":"NG","customer":{"id":"cust-001","email":"test@example.com","name":"Test User"},"created_at":"2026-02-26T10:00:00Z"}}'| Rule Code | Description | Default Threshold |
|---|---|---|
HIGH_AMOUNT |
Large transaction amount | $5,000 |
VELOCITY_24H |
Too many transactions in 24h | 5 txns |
NEW_CUSTOMER |
First-time or new customer | < 3 txns |
HIGH_RISK_CORRIDOR |
OFAC-sanctioned countries | IR, KP, SY, YE, VE, CU |
ROUND_AMOUNT |
Suspiciously round amounts | $1,000 |
UNUSUAL_TIME |
Transactions at 2–5 AM UTC | Always flags |
The ML model augments rule-based scoring with learned patterns:
- Algorithm: FastTree binary classification (ML.NET)
- Features: 12 dimensions including amount, velocity, time, corridor risk, customer history
- Training: Learns from HITL review decisions (Approved = legitimate, Rejected = fraud)
- Auto-retraining: Background service checks hourly, retrains when 50+ new labeled samples exist
- Model management: View metrics, compare versions, activate/deactivate from Admin panel
The platform analyzes review patterns and transaction data to automatically suggest:
- New rules based on frequently-rejected transaction characteristics
- Threshold adjustments when existing rules under- or over-flag
- One-click apply to immediately enable suggested rules
| Level | Score Range | Action |
|---|---|---|
| Low | 0–25 | Auto-approved |
| Medium | 26–50 | Flagged for review |
| High | 51–75 | Requires manual review |
| Critical | 76–100 | Requires manual review |
Pre-built rule templates optimized for different industries:
| Industry | Templates | Example Threshold |
|---|---|---|
| Remittance | 6 rules | HIGH_AMOUNT: $10,000, VELOCITY: 3/day |
| E-Commerce | 6 rules | HIGH_AMOUNT: $2,000, VELOCITY: 15/day |
| Lending | 6 rules | HIGH_AMOUNT: $5,000, VELOCITY: 2/day |
| Crypto | 6 rules | HIGH_AMOUNT: $50,000, VELOCITY: 10/day |
Features:
- Browse and filter by industry, category, or keyword
- One-click import of individual templates or entire industry packs
- Rule analytics with precision, hit rate, and false positive tracking
- Import count (popularity) tracking across tenants
Network graph analysis identifies structuring rings:
- Fan-out: One sender splitting transactions across many receivers to stay below thresholds
- Fan-in: Many senders funnelling money to a single receiver
- Interactive graph visualization on the Network Analysis page
- Configurable thresholds and time windows
- Create custom watchlists with name, email, and country criteria
- Automatic real-time matching against incoming transactions
- Manual override options for compliance officers
- Bulk import/export support
Full General Data Protection Regulation tooling:
- Data Subject Search — Find all data for a customer by email or name
- Data Export — One-click export of all customer data in JSON or CSV format
- Right to Erasure — Anonymize or delete customer data with confirmation dialog
- Audit Trail — Every GDPR action is logged for regulatory proof
Real-time operational health with 30-second auto-refresh:
- Health Banner — Healthy / Warning / Degraded status based on error rate
- Throughput Metrics — 24h transaction count with hourly breakdown chart
- Risk Distribution — Donut chart of risk level distribution
- 7-Day Trend — Daily transaction volume bar chart
- Error Rate — Percentage of error-level system logs
- Review Queue — Pending review count for capacity planning
- Webhook Activity — Delivery success/failure rates
- Active Rules — Count of enabled risk detection rules
- Centralized structured logging via Serilog
- Filter by level (Debug, Info, Warning, Error, Fatal), source, and date range
- Automatic log retention with configurable cleanup via background service
| Endpoint | Auth | Description |
|---|---|---|
/health |
Public | Application health check |
/metrics |
Admin+ | Prometheus metrics |
| Plan | Price | Transactions/mo |
|---|---|---|
| Trial | $0 | 100 |
| Starter | $99/mo | 1,000 |
| Pro | $499/mo | 10,000 |
| Enterprise | $2,000/mo | Unlimited |
- Automatic invoice numbering (
INV-YYYY-NNNN) - Professional A4 PDF layout generated with QuestPDF
- Download via API endpoint (
GET /api/invoices/{id}/pdf) - Invoice history with summary cards (total billed, outstanding, overdue)
# Run all 266 tests
dotnet test
# Run with detailed output
dotnet test --logger "console;verbosity=detailed"
# Run specific test class
dotnet test --filter "RuleMarketplaceServiceTests"| Test Class | Tests | Coverage |
|---|---|---|
| PaymentProviderFactoryTests | 48 | Factory pattern, provider selection |
| AfriexProviderTests | 30 | Afriex API integration |
| FlutterwaveProviderTests | 28 | Flutterwave normalization |
| RuleMarketplaceServiceTests | 25 | Template browsing, import, analytics |
| RbacServiceTests | 24 | Roles, permissions, team management |
| MLFeatureExtractorTests | 20 | Feature extraction for ML |
| WiseProviderTests | 20 | Wise transfer mapping |
| TenantOnboardingTests | 16 | Tenant setup, rule seeding |
| SecurityMiddlewareTests | 15 | Auth, rate limiting, CORS |
| TenantIsolationTests | — | Multi-tenant data isolation |
| Integration Tests | 40 | End-to-end webhook processing |
| Total | 266 |
GitHub Actions workflow runs on every push:
- ✅ Multi-platform testing (Ubuntu, Windows, macOS)
- ✅ Code quality checks
- ✅ Security vulnerability scanning
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| POST | /api/webhooks/afriex |
API Key | Receive Afriex transaction webhooks |
| POST | /api/webhooks/flutterwave |
API Key | Receive Flutterwave webhooks |
| POST | /api/webhooks/wise |
API Key | Receive Wise webhooks |
| POST | /api/auth/demo-login |
Anonymous | Demo login (dev mode only) |
| POST | /api/auth/magic-link |
Anonymous | Request magic link email |
| GET | /api/auth/verify |
Anonymous | Verify magic link token |
| GET | /api/invoices/{id}/pdf |
Manager+ | Download invoice PDF |
| GET | /health |
Public | Application health check |
| GET | /metrics |
Admin+ | Prometheus metrics |
| — | /transactionHub |
Authenticated | SignalR real-time connection |
Each organization gets fully isolated data:
- Middleware-based resolution:
X-Tenant-Idheader or email→tenant lookup - EF Core query filters: All queries automatically scoped to current tenant
- Tenant onboarding: Guided wizard seeds rules, settings, and team
- Default tenant:
afriex-demofor development
{
"MultiTenancy": {
"DefaultTenantId": "afriex-demo"
}
}# Reset database
rm src/PayGuardAI.Web/payguardai.db
dotnet run # Auto-recreates with seed dataPostgreSQL is enabled via feature flag. The DatabaseMigrationService automatically:
- Creates all tables if they don't exist
- Adds missing columns to existing tables
- Seeds default data (rules, templates, demo transactions)
- Fixes indexes for multi-tenancy
{
"FeatureFlags": { "PostgresEnabled": true },
"ConnectionStrings": {
"PostgreSQL": "Host=...;Database=payguard;Username=...;Password=..."
}
}Key settings in appsettings.json:
{
"FeatureFlags": {
"OAuthEnabled": false,
"PostgresEnabled": false,
"FlutterwaveEnabled": false,
"WiseEnabled": false
},
"Auth": {
"DefaultUser": "compliance_officer@payguard.ai",
"DefaultRoles": "Reviewer,Manager,Admin,SuperAdmin"
},
"RateLimiting": {
"PermitLimit": 60,
"WindowSeconds": 60
},
"Afriex": {
"BaseUrl": "https://staging.afx-server.com",
"ApiKey": "your-api-key"
}
}Compliance and Risk Tooling — Building tools that help fintech companies maintain regulatory compliance while processing cross-border payments efficiently.
This project was built for the Afriex Cross-Border Fintech Hackathon. Contributions, issues, and feature requests are welcome!
MIT License — see LICENSE file for details.
- Afriex for the hackathon opportunity and API documentation
- MudBlazor for the Blazor component library
- ML.NET for the machine learning framework
- QuestPDF for the PDF generation library
- The ASP.NET Core team for SignalR and the middleware pipeline
Built with ❤️ for the Cross-Border Fintech Hackathon 2026