TikTrust

Fair rewards, safe flows: our AML-powered system ensures transparent value-sharing with real-time risk scoring, economic controls, and clear creator & Risk-Ops UX.

Comment

Inspiration

The rapid growth of livestreaming platforms like TikTok has created new opportunities for creators, but also new risks. Fraudulent activities such as money laundering, structuring (bursty top-ups), and geo-hopping threaten platform integrity and regulatory compliance. We were inspired to build a system that protects both creators and platforms by embedding tiered KYC verification and real-time AML risk detection, while maintaining a smooth user experience.

What it does

Our system provides:

  • Tiered KYC verification with sanctions/PEP screening and geofencing
  • Real-time & batch risk scoring on money-in events (top-ups, tips)
  • Dynamic controls such as holds, freezes, and shadow-economics that change financial outcomes instantly
  • Case management with audit trails for Risk-Ops teams
  • Explainable dashboards for both creators and reviewers, improving trust and transparency

How we built it

Frontend (Lynx + React):

  • KYC tier pages where users see their current level, perks, and can apply for upgrades
  • An Apply button linked to backend APIs (e.g., /api/kyc-tiers/info) to fetch and update verification status
  • Risk-Ops console mockups for case review and visualization of flagged events
  • Wallet for users to top-up cash

Backend (Nest.js):

  • API Gateway with event-driven risk scoring
  • Risk Engine implementing real-time rules (velocity bursts, device clustering, age/tenure)
  • Case & Controls service for triggering holds/freezes
  • Integration with external sanctions/PEP providers.

Data Layer:

  • Object store for KYC documents
  • Postgres for transactions, sanctions cache, and audit logs.

Challenges we ran into

  • Designing risk thresholds that balance fraud detection without over-blocking legitimate users
  • Integrating multi-step KYC flows (government ID, liveness, proof-of-address) smoothly into the user interface
  • Synchronizing frontend Lynx preview with backend API responses during development
  • We faced issues where TypeScript did not recognize custom Lynx JSX tags such as <lynx-view>, which slowed down development
  • Learning Lynx framework conventions (view, text, bindtap)
  • Making UI responsive (Apply button shifting depending on content length)
  • Collaborating with backend engineers to define the KYC API shape

Accomplishments that we're proud of

  • Built a risk engine that runs real-time scoring rules such as: $$ MaxTransaction(t) = \begin{cases} 500, & 0 \leq t < 1 \ 500 + 500 \cdot \frac{t-1}{6}, & 1 \leq t < 7 \ 1000, & t \geq 7 \end{cases} $$

and

$$ ReservePercentage(t) = \begin{cases} 10\%, & 0 \leq t < 1 \ 5\%, & 1 \leq t < 7 \ 0\%, & t \geq 7 \end{cases} $$

  • Implemented tiered KYC with clear user-friendly messaging instead of technical jargon
  • Designed shadow-economics control, allowing suspicious transactions to appear normal to users while being blocked internally
  • Delivered an explainable Risk-Ops UI so fraud analysts can trace why a transaction was flagged

What we learned

  • Fraud prevention is not just about blocking, but it’s also about minimizing false positives to keep user experience smooth
  • Tiered KYC design improves trust while reducing friction for low-risk users
  • The importance of explainability. Risk-Ops must understand why the system flagged a transaction
  • Collaboration between frontend and backend engineers is key to integrating compliance checks seamlessly.

What's next for TikTrust

Since this project was built within the tight timeframe of a hackathon, some parts of the system were not fully refined. Some improvements that could be made are:

  • Improve thresholds and fine-tune rule parameters to reduce false positives while catching more sophisticated fraud patterns
  • Add smoother UI/UX for creators applying to higher tiers and integrate more advanced verification methods
  • Incorporate additional signals such as device fingerprinting, behavioral biometrics, and geolocation patterns
  • Provide clearer dashboards and case management tools so that Risk-Ops teams can understand why a risk score or block was triggered
  • Stress-test the architecture for higher transaction volumes
Share this project:

Updates