AI-Powered Fraud Prevention & Document Verification
v1.0 · Product Release · March 2026
Factory Scan is a multi-dimensional fraud prevention platform and document verification suite designed to protect eCommerce, ed-tech, and digital services from AI-assisted deception. By leveraging advanced forensics, cryptographic watermarking, and a shared Unified Trust Score, we provide a cross-platform credibility index that identifies malicious actors before they strike.
Factory Scan is built as a decoupled, multi-service ecosystem that functions both as a specialized API engine and a centralized management platform. The project is designed with a clear separation between the "Verification Engine" and the "Identity/Dashboard" layers.
Traditional fraud detection works in silos. Factory Scan’s core innovation is the Unified Trust Score. Every user interaction—whether submitting a refund request, having a certificate verified, or posting a product review—contributes to a global reputation index stored in our Neon Database.
- Nature of the Project: A security-as-a-service (SaaS) platform that democratizes high-end AI forensics and cryptographic verification for businesses of all sizes.
- Project Structure:
root/: Next.js Frontend (Identity management, Dashboard, Feature Showcase).backend/: Express.js API (AI forensics, image processing, OCR, Drizzle-powered DB interactions).backend/src/utils/: Centralized verification logic (AI detection, EXIF, steganography).src/lib/auth/: Integrated authentication via Neon Auth, bridging the gap between database identity and web session.
We have moved from a feature-isolated hackathon prototype to a fully integrated, identity-focused platform. The development direction is currently focused on:
- Unified Authentication: Migrating from hardcoded guest sessions to Neon Auth, enabling persistent trust profiles that follow a user across different partner platforms.
- Automated Trust Profiling: Implementing logic that dynamically creates trust scores upon a user's first interaction and updates them in real-time based on the "verdict" of our AI models.
- Scalable Multi-Service APIs: Refining each feature (Refund, Documents, ID, Reviews) into autonomous routes that can be consumed as-is or as part of a larger workflow.
Detects AI-generated or modified photographs used for fraudulent refund claims.
- Pipeline: AI forensics (HuggingFace) → Metadata Analysis (EXIF) → Cross-platform history (Trust DB).
- Endpoint:
POST /api/v1/refund/verify
Cryptographically fingerprinted digital certificates (Degrees, Internships, Agreements).
- Mechanism: Invisible steganographic payload embedding at issuance.
- Tamper Evidence: AI-regeneration or tampering fundamentally breaks the pixel-level pattern.
- Endpoints:
POST /api/v1/document/watermark,POST /api/v1/document/verify
QR-code-based ground truth verification for photographed physical ID cards, enhanced with Gemini-based visual reasoning.
- Flow: Extract QR Token → Fetch DB Record → Gemini-powered OCR Photograph → Cross-compare fields.
- Endpoint:
POST /api/v1/id/verify
Scores user reviews for authenticity using NLP and History Analysis.
- Signals: AI Detection (sentence structure) → Spam Detection (coordinated patterns) → Reviewer Trust History.
- Endpoint:
POST /api/v1/review/score
Dedicated proxy endpoint allowing the Factory Scan Chrome Extension to run deep Gemini-based reviews without distributing API keys to end-users.
- Flow: Extract DOM Text → Batch Query Backend → Stream Classification Overlay.
- Endpoint:
POST /api/v1/extension/classify
A striking visualization of the cross-platform reputation index. Shows network node map mapping the user's trust history across multiple digital properties.
- Features: Live network topography, universal trust score halo, and global audit log detailing transactions and cross-shop score deltas.
- Route:
/trust-database
To ensure Factory Scan remains a first-class fraud prevention tool, all future development should adhere to these maintenance principles:
- Every new feature must answer: "How does this affect the user's Unified Trust Score?"
- Any verification route should always call the
trustProfileutility to update scores based on outcomes.
- Frontend: Use Next.js App router conventions. Components should be styled using vanilla CSS for max flexibility, leveraging the premium dashboard theme.
- Backend: Adhere to the
src/routes/...pattern for feature isolation andsrc/utils/...for pure detection logic. Keepserver.jsclean and only used for orchestration. - Database: Use Drizzle ORM for schema migrations in the
backend/directory.
- AI models (via HuggingFace) should be abstracted in
utils/aiDetection.js. If models are swapped or updated, only the utility should change, not the routes. - EXIF extraction logic is kept in
utils/exifAnalysis.js. Update this when adding support for newer phone metadata or more forensic signals.
- Always prefer
Neon Authover custom auth solutions. Theprofile-setuplogic is the entry point for all new "Partner" and "User" profiles.
| Layer | Technology | Purpose |
|---|---|---|
| Frontend | Next.js / React (App Router) / Vanilla CSS | Management Dashboard, Trust DB Visualization |
| Backend | Node.js / Express | Core API Engine & Forensics Orchestration |
| Database | Neon DB (Serverless Postgres) | Trust DB, Hashed Records, Logs |
| Auth | Neon Auth | Identity Provider & Multi-tenant Access |
| Forensics | HF Ateeqq/ai-vs-human-image-detector |
AI-generated Image Detection |
| Metadata | exifr + jimp |
Forensic Analysis & Document Fingerprinting |
| AI / OCR | Google Gemini API | Advanced OCR, NLP review scoring, ID data extraction |
| Extension | Chrome Extension (Manifest V3) | Zero-config browser scanner for users |
- Node.js v18+
- Neon Project (Compute & Auth enabled)
- HuggingFace API Token (for image forensics)
- Frontend:
npm install && npm run dev(in root) - Backend:
cd backend && npm install && node src/server.js
Factory Scan · v1.0 · Protect the Digital Truth · 2026