ATM 3.0 - Bytehackz NP OCBC Hackathon 2022

OCBC Hackathon 2022 - #1 Place Overall Winner 🏆

Index Deployment: https://notaddison.github.io/ATM-3/Web/HTML/Index/
Dashboard Deployment: https://notaddison.github.io/ATM-3/Web/HTML/Dashboard/

Problem Statement:

What if we could build an intelligent electronic detection system which does not disrupt the customer experience at out automated teller machines to detect such scam activities?

API Flow

API Documentation: https://github.com/NotAddison/PFD-2022/blob/main/API/README.md

Demo Video

PFD_Team_D_Demo.mp4

Security Risks

Possible security risks that ATMs faces

1. PIN Thermal Imaging
2. Shoulder Surfing
3. Database Leaks
4. Scams
5. Card Skimming
6. Network Attack [Implemented alr (ATM Firewall)]
7. Lebanese Loop [ Hard to Detect ]
8. Cash Trapping [ Hard to Detect ]

Ideas

Possible ideas to mitigate the risks

1. Computer Vision (OpenCV)

   • Facial / Emotion Recognition
   • Hostile Object Recognition (E.g; Knife, Gun)

2. Covered Camera Check

   • Checks if camera of ATM is covered / broken.

3. Mobile App

   • To utilize Biometrics (fingerprint / face recognition)
   • Listen to ATM response > Request from device (on request auth)

4. Outlier Analysis (ML)

   • Check for outlier when withdrawing cash.
   • If an account receives a large amount of money within a short period, mark account as "Suspicious".
   • If an account withdraws a large amount of money within a short period, mark account as "Suspicious".
   • If an account receives many transactions from multiple accounts within a short period, mark account as "Suspicious".

5. Extra Validations

   • Withdrawal : Fingerprint + Age Check (if elderly / large amount :: show warning prompt of scam possibility)
   • Transfer of Funds : Check if address of transfer is "Blacklisted" or "Suspicious"
   • Integrate w/ ML to detect outliers > Prompt/Notify users.
   • (esp for Senior Citizen) & Scams.

6. Database Leak Checker (HaveIBeenPwned API)

   • Check if user's data has been leaked, send a pop-up notification on the ATM ONCE.

7. Message Alert (Webhook)

   • Integrate w/ Database Leak Checker & Authentications (OpenCV & Pin failure).
   • Send a message to the user's phone when the ATM detects a suspicious activity (ML - #4).
   • Send alert when user is withdrawing a large amount of money (#5).
   • Send alert if user is transferring money to a suspicious (blacklisted) account (#5).
   • Send an alert if user is in a hostage situation (#1).

8. NFC/EVC Chip Biometrics

   • Read Card Number > Query backend > Get biometric "fingerprint"/hash > Compare with user's biometrics

9. Operator Dashboard

   • Summary of all ATM : [E.G: 3 Hostage situation detected]

10. Transfer Details

    • Show details of the transferee (Name, Address, etc).
    • Allow the user to verify the details before transferring money (also can prevent accidental typo).

--- Contributions 👤 ---

Addison (@NotAddison)

Brainstorm & Ideation

API (NodeJS)

NodeJS API

Hostage Situation Detection (Computer Vision)

Broken/Covered Camera Detection

Discord (SMS) Webhooks

Flutter Mobile App (For auth)

Pin & Biometric Authentication

ATM Transfer Details

Assisted in other features (Toast Message, Website HTML Refactor, Breach Check)

UI Wireframe Design

Assisted in Dashboard Pages (all HTML pages)

Staff Authentication

Live Activity Logs (UI & Functions)

ATM Status (Online/Offline)

Live ATM Information (User & Machine)

Live ATM Camera Feed

Edit ATM User Information

Assisted in ATM Broadcast System (UI & Functions)

Paul (@realelongatedmusket)

Brainstorming & Ideation

UI Wireframe Design

All Website Pages (HTML & CSS)

Toast Notification (HTML & CSS)

Machine Learning (Data Cleaning & Preparation)

Outlier Analysis

Assisted in other features (Data creation)

Force Logout (Functions)

Fredor (@Lunebun)

Brainstorming & Ideation

Extra Validations (Blacklist Popup)

Extra Validations (Elderly Banner)

ATM Main UI

Dashboard Graph 

Jia Hau (@JiaHauHau)

Brainstorming & Ideation

Email Breach check

Breach Pop up

Dashboard Main UI

Broadcast Pop up

Haziq (@haziqakid)

Brainstorming & Ideation

Ideation 

Outlier Analysis [data scraping]

Research camera app to use

Login UI 

Setup

1. Clone the repo
2. Add a .env file in the API folder
3. Add the following variables in the .env file

WEBHOOK_URL = "YOUR_KEY_HERE"
HIBP_API_KEY = "YOUR_KEY_HERE"

1. Run the "Startup.bat" file
2. Launch your android emulator
3. Press "1" and press "Enter" to start all the services
4. Profit 👍

Dependencies

Dependencies for the project

• Python => 3.9

  • OpenCV (Custom CUDA Build) [pip install opencv-python]
  • Deepface [pip install deepface]
  • YoloV4
  • Matplotlib & Pandas
  • Requests
  • Tensorflow-GPU (https://www.tensorflow.org/install/source#gpu)

• Flutter

  • Flutter SDK 3.3.10
  • Android Studio SDK (Virtual Device)

• NodeJS (NPM)

  • Express
  • Requests
  • Python-Shell

• CUDA Toolkit

  • CUDA (Version 11.2)
  • cuDNN (Version 8.1.0)

OpenCV CUDA Build Properties

- CMAKE Options:
- (optional) PYTHON3_PACKAGE_PATH
- WITH_CUDA
- BUILD_opencv_dnn
- OPENCV_DNN_CUDA
- ENABLE_FAST_MATH
- BUILD_opencv_world
- OPENCV_EXTRA_MODULES_PATH (set path to opencv contrib folder "contrib/modules")
- (AFTER CONGIRUATION)
- CUDA_FAST_MATH
- CUDA_ARCH_BIN (set gpu architechture: https://en.wikipedia.org/wiki/CUDA) - config (set to Release)

Misc

Naming Conventions, Git, References & Credits

Naming Conventions

- Commits : https://www.freecodecamp.org/news/writing-good-commit-messages-a-practical-guide/
- Functions : PascalCase, Function names start with a capital letter. (E.g: ParseJson())
- Variables: camelCase or Hungarian Notation. (E.g: isValid or **b**IsValid)
- Constants: All uppercase. (E.g: const int MAX_SIZE = 100;)
- Classes: PascalCase, Class names start with a capital letter. (E.g: class MyClass)
- Asset Files: PascalCase, File names start with a capital letter. (E.g: MyFile.txt)
- Script Files: PascalCase or snake_case, File names start with a lowercase letter. (E.g: my_script.py or MyScript.py)

• References:

• Coding Practices: https://curc.readthedocs.io/en/latest/programming/coding-best-practices.html

References / Credits

- UX of digital randomized Numberpad : https://uxpajournal.org/usability-evaluation-of-randomized-keypad/
- HaveIBeenPwned API: https://haveibeenpwned.com/API/v3