Pre-KYC Risk Scoring

Decision-support tool для high-risk payment businesses

О проекте

Pre-KYC Risk Scoring помогает клиентам фильтровать рисковых мерчантов ДО онбординга, снижая:

• Нагрузку на ручной review
• Количество плохих approvals
• Риск блокировки PSP / MID

Важно: Этот продукт НЕ предоставляет AML, KYC или compliance решения.

Quick Start (Development)

# Клонировать репозиторий
git clone <repo-url>
cd pre-kyc

# Установить зависимости
pnpm install

# Запустить PostgreSQL и Redis
docker-compose up -d

# Применить схему БД
pnpm db:push

# Заполнить тестовыми данными
pnpm db:seed

# Запустить dev сервер
pnpm dev

После запуска:

• API: http://localhost:3002
• Admin Dashboard: http://localhost:3001
• Swagger Docs: http://localhost:3002/docs

Production Deployment

# Скопировать и заполнить переменные окружения
cp .env.production.example .env.production

# Собрать и запустить
docker-compose -f docker-compose.prod.yml --env-file .env.production up -d

# Применить миграции
docker-compose -f docker-compose.prod.yml run migrate

Переменные окружения (Production)

Variable	Description	Required
POSTGRES_PASSWORD	Database password	Yes
ADMIN_API_KEY	Admin dashboard auth key	Yes
ADMIN_PORT	Dashboard port (default: 80)	No

Testing

# Запустить все тесты
pnpm test

# Тесты rule engine
pnpm --filter @pre-kyc/rule-engine test

Структура проекта

pre-kyc/
├── apps/
│   ├── api/                 # NestJS REST API
│   └── admin/               # React Admin Dashboard
├── packages/
│   ├── rule-engine/         # Scoring logic
│   ├── database/            # Prisma schema
│   └── shared/              # Shared types
├── .cursor/rules/           # Правила для AI assistant
├── DEVELOPMENT_PLAN.md      # План разработки
└── README.md

API

POST /v1/score

Оценка риска мерчанта.

curl -X POST https://api.example.com/v1/score \
  -H "Authorization: Bearer <API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "external_id": "merchant-123",
    "company_name": "Test Company",
    "website_url": "https://example.com",
    "email": "contact@example.com",
    "country": "US",
    "vertical": "igaming"
  }'

Response:

{
  "score": 42,
  "risk_tier": "MEDIUM",
  "decision": "MANUAL_REVIEW",
  "reasons": [
    {
      "code": "FRESH_DOMAIN",
      "description": "Domain registered less than 6 months ago",
      "weight": 12
    }
  ],
  "meta": {
    "rules_version": "v1.0",
    "processed_at": "2026-01-23T12:00:00Z"
  }
}

POST /v1/feedback

Сбор feedback от клиентов.

curl -X POST https://api.example.com/v1/feedback \
  -H "Authorization: Bearer <API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "external_id": "merchant-123",
    "final_decision": "APPROVED",
    "comment": "Passed manual review"
  }'

Risk Tiers

Score	Tier	Decision
0–29	LOW	ALLOW
30–59	MEDIUM	MANUAL_REVIEW
60–100	HIGH	REJECT

Scoring Rules (v1.0)

Active Rules (10)

Rule	Weight	Category
NO_WEBSITE	+30	domain
DUPLICATE_WEBSITE	+20	behavioral
BURST_SUBMISSIONS	+15	behavioral
REUSED_CONTACT	+15	behavioral
HIGH_RISK_COUNTRY	+12	geo
FREE_EMAIL_PROVIDER	+10	email
BRAND_MISMATCH	+10	domain
SUSPICIOUS_TLD	+8	domain
HIGH_RISK_VERTICAL	+8	geo
NO_CONTACT_INFO	+6	email

Planned Rules (5)

Rule	Status
FRESH_DOMAIN	Requires WHOIS integration
VERY_FRESH_DOMAIN	Requires WHOIS integration
NO_LEGAL_PAGES	Requires website crawling
SINGLE_LANDING_PAGE	Requires website crawling
COUNTRY_LANGUAGE_MISMATCH	Requires language detection

Документация

• План разработки
• Master Product Document

Disclaimer

This service provides risk indicators only and does not constitute AML, KYC, or compliance advice.

License

Proprietary