🌐 Live Demo: https://securepay-ml-1.onrender.com/
SecurePay is a full-stack UPI payment simulation platform with a built-in CNN-based fraud detection model. Every transaction is analyzed in real-time using behavioral, geolocation, and device signals to block fraudulent payments before they go through.
- OTP-based login — 6-digit OTP sent to registered email, expires in 5 minutes
- Real-time fraud detection — CNN model scores every transaction before it's processed
- Multi-signal analysis — device fingerprint, geolocation, spending patterns, PIN retries, login failures
- Tiered fraud response — auto-block for high-risk, DOB confirmation for medium-risk, pass for low-risk
- Merchant portal — UPI setup, QR code generation, transaction history
- Admin panel — manage users, merchants, and all transactions
- QR code payments — scan-to-pay flow for merchants
| Layer | Technology |
|---|---|
| Backend | Python, Flask |
| ML Model | TensorFlow/Keras (CNN), Scikit-learn |
| Database | MySQL |
| Frontend | HTML, CSS, JavaScript (Jinja2 templates) |
| Auth | OTP via Gmail SMTP, device fingerprinting |
| Config | python-dotenv |
SecurePay/
├── app.py # Main Flask app & all routes
├── config.py # DB and email config (reads from .env)
├── database/
│ └── schema.sql # MySQL schema + sample data
├── model/
│ ├── upi_fraud_cnn_latest.h5 # Trained CNN model
│ ├── upi_fraud_scaler_latest.pkl # Feature scaler
│ ├── le_bank/category/device/network_latest.pkl # Label encoders
│ ├── feature_names_latest.npy # Feature order
│ ├── best_threshold_latest.npy # Optimal decision threshold
│ └── requirements.txt
├── static/
│ ├── css/style.css
│ ├── js/script.js
│ └── qr/ # Generated QR codes
├── templates/ # All HTML pages
└── .env # Environment variables (not committed)
git clone https://github.com/<your-username>/SecurePay.git
cd SecurePaypip install flask mysql-connector-python tensorflow scikit-learn joblib numpy qrcode python-dotenvmysql -u root -p < database/schema.sqlCreate a .env file in the root directory:
DB_HOST=localhost
DB_USER=root
DB_PASSWORD=<your_mysql_password>
DB_NAME=securepay
EMAIL_ADDRESS=<your_gmail>
EMAIL_PASSWORD=<your_gmail_app_password>For Gmail, use an App Password, not your regular password.
python app.pyVisit http://localhost:5000
This project uses a transaction dataset for fraud/anomaly detection in payment gateway systems.
- Transaction ID
- Amount
- Transaction Type
- Device Information
- Location
- Time Stamp
- Payment Method
- Fraud Label
- Format: CSV
- Preprocessed using Python and Pandas
- Used for training and evaluating the CNN model
Each payment triggers the CNN model with 23 features:
| Signal | Features |
|---|---|
| Transaction | amount, category, time (hour/day/month) |
| Behavioral | ratio to avg amount, txns last 1hr/10min, spending trend |
| Security | PIN retries, failed login attempts, OTP attempts |
| Device | device type, is_new_device (fingerprint comparison) |
| Location | latitude/longitude, distance from prev txn, is_new_location |
| Account | account age, user age, bank |
Fraud response tiers:
- Score ≥ threshold → BLOCKED immediately
- Amount ≥ ₹50,000 with unusual ratio → DOB confirmation required
- Amount ≥ ₹1,00,000 with unusual ratio → Auto-blocked, no confirmation
- Accuracy: 98.65%
- Precision (Fraud): 91.94%
- Recall (Fraud): 85.09%
- F1-Score (Fraud): 88.38%
- ROC-AUC: 0.9934
- PR-AUC: 0.9483
- Decision Threshold: 0.43
SecurePay was built to simulate a real-world UPI payment system with AI-powered fraud prevention at its core. Here's a quick overview of what the system does end-to-end:
User Flow
- User enters mobile number → OTP sent to registered email
- OTP verified → session created with device fingerprint
- User initiates payment → CNN model scores the transaction in real-time
- Based on fraud score and amount, transaction is either approved, flagged for DOB confirmation, or blocked
Merchant Flow
- Any user can register as a merchant with a UPI ID and category
- A QR code is auto-generated for the merchant's UPI
- Merchants can view all incoming transactions on their dashboard
Admin Flow
- Admin logs in with username + password (MD5 hashed)
- Full control over users, merchants, and transaction records
- Can create, edit, or delete user accounts
Fraud Detection Pipeline
Payment Request
↓
Extract 23 features (behavioral + device + location + account)
↓
Label encode categoricals → Scale with StandardScaler
↓
CNN model predicts fraud score (0.0 – 1.0)
↓
Score ≥ threshold → BLOCKED
Amount ≥ ₹50,000 + high ratio → DOB confirmation
Score < threshold → SUCCESS
Key Design Decisions
- Threshold tuned to
0.08to catch real fraud while ignoring small noise - Haversine formula used to calculate distance from user's home state
- Device fingerprint stored on first login, compared on every payment
- Spending trend only flagged when amount > ₹5,000 AND this month is 10x+ last month
This project is for educational purposes.