Start a project
← All work
Product · 2023

Account-Takeover Protection & OTP-Verified Request Flow

A leading Romanian retail bank

Overview

An account-takeover (ATO) protection module for a leading Romanian retail bank’s self-service banking platform. It manages high-risk customer requests (cereri) and gates sensitive actions behind one-time-password verification and CRM cross-checks.

The Challenge

Account-takeover is one of the most damaging fraud vectors in retail banking. Sensitive self-service actions must be verified through an independent channel (OTP) and reconciled against authoritative customer records before they are honoured, with every step recoverable and auditable.

What We Built

A Next.js 13 App Router app (under app/) organised around a request workflow: app/cereri route segments plus API routes, a models/cerere and repositories/cerere data layer, and a rich services/ layer including otpServices, validators, server-side rendering helpers (ssr_functions, redirectSsr), a dbConnection to DocumentDB, an APIResponder, a fetcher, and randomGenerators for OTP/identifiers. The UI is built from a reusable component library (Dialog, Alerts, Checkbox, Inputs, ButtonGroup, Loading). Per its README, the service requires an active CRM and OTP backend, and runs containerised against AWS DocumentDB with a bundled TLS CA.

Technologies & Approach

Next.js + React + Tailwind for the SSR UI, SWR for data fetching, react-hook-form with hookform resolvers for validated forms, and MongoDB/DocumentDB for persistence. OTP services and CRM checks are abstracted behind a service layer so the verification logic stays testable (Jest) and swappable.

Outcome / Impact

Delivered a focused anti-fraud module that adds OTP-verified, CRM-reconciled handling of sensitive customer requests, complementing the platform’s identity, core-backend and credit services.

Capabilities Demonstrated

  • Account-takeover (ATO) protection for regulated banking
  • OTP / second-channel verification flows
  • CRM-integrated, auditable request handling
  • Secure SSR banking UIs with a reusable component system
  • DocumentDB-backed, containerised service design
More work See all →
Client engagement 2025

Card-Issuing API Integration & Secure Card-Data Decryption (Python)

Banking/Fintech
Capability 2025

In-Browser ID/Document OCR with PaddleOCR ONNX Models

IoT/Computer Vision
Product 2025

Merchant Onboarding & Enrichment (Firebase + Genkit AI)

Crypto/Web3