Open Source · Vendor Neutral · Privacy First

Your data stays home.
Only intelligence travels.

A hardened, vendor-neutral microservice that sits inside your bank's network. Raw PII goes in, anonymized signals go out — to any fraud vendor, ML platform, or regulatory system you choose.

Get Started View Architecture
<10ms
Processing Time
0 PII
Leaves Your Network
6.8MB
Docker Image
0 Deps
Pure Go Stdlib
Any Vendor
Plug & Play
System Architecture

From bank core to any external system

The Edge Gateway is the single privacy boundary between your internal systems and every external consumer of transaction intelligence.

BANK PRIVATE NETWORK EDGE GATEWAY EXTERNAL SYSTEMS Core Banking System (CBS) Transactions, Accounts, KYC ATM / POS Network Card Transactions, Withdrawals Mobile Banking App Transfers, P2P, Bill Payments Branch Operations Teller, Vault, Wire Transfers Local Audit Store PII Lookup for SAR Filing 🛡 EDGE GW SHA-256 Hashing Amount Tiering Geohash Zones Device/IP Hash HMAC Signing Rate Limit Retry + Backoff TLS Egress Metrics Graceful Shutdown Real-Time Fraud Monitoring Vendor NICE Actimize, Featurespace, FICO, SAS, etc. ML Model Training Platform AWS SageMaker, Vertex AI, Databricks, etc. Cross-Bank Intelligence Network Shared signal hub, consortium analytics Regulatory Reporting System Central Bank, FIU, AML Compliance SIEM / SOC Platform Splunk, Sentinel, Elastic, QRadar, etc. RAW PII ANON SIGNAL /resolve-pii
Use Cases

One gateway, every external integration

The same anonymized signal format works across all downstream consumers. Connect once, share everywhere.

01

Real-Time Fraud Monitoring

Stream anonymized transaction signals to your fraud vendor's real-time scoring engine. They detect patterns across your portfolio without accessing customer PII. Supports NICE Actimize, Featurespace, FICO, or any vendor with a REST/Kafka ingest.

CBS Edge GW Fraud Vendor API
02
🧠

ML Model Training

Export anonymized historical signals to your ML platform for fraud model training. Identity mosaics are deterministic — the same customer always produces the same hash, enabling behavioral modeling without PII exposure.

Transaction DB Edge GW SageMaker / Vertex AI
03
🌐

Cross-Bank Intelligence Sharing

Contribute anonymized signals to a shared intelligence network. Detect multi-bank structuring, mule routes, and credential stuffing that no single institution can see. The Hub correlates mosaics across banks — you keep your PII.

All Channels Edge GW Consortium Hub
04
📜

Regulatory Reporting

Generate privacy-safe aggregate signals for Central Bank reporting and FIU submissions. Amount tiers and near-threshold flags support AML structuring detection. Compliance officers use /resolve-pii locally for SAR re-identification.

Branch Ops Edge GW Central Bank / FIU
05
📡

SIEM / SOC Integration

Feed anonymized fraud signals into your SIEM for correlation with other security events. Device hashes, IP hashes, and branch IDs enrich your threat model without creating a PII liability in your security toolchain.

ATM / Mobile Edge GW Splunk / Sentinel
06
🔍

Third-Party Audit & Forensics

Share transaction patterns with external auditors and forensic investigators without exposing raw customer data. Auditors work with mosaics and tiers; only authorized compliance officers can resolve identities locally.

Audit Store Edge GW Forensic Firm
Core Capabilities

Everything you need. Nothing you don't.

Built around one principle: PII never crosses your network boundary. Every feature serves that promise.

🧬
Identity Mosaic
Customer identities are transformed into irreversible SHA-256 hashes using your unique BANK_SALT + REGIONAL_PEPPER. External systems see behavioral patterns, never the people behind them. The hash is deterministic — the same customer always produces the same mosaic, enabling longitudinal analysis without PII.
📊
Amount Tiering
Exact amounts become privacy-safe tiers (TIER_1 through TIER_4). External systems detect structuring without knowing real values.
🌍
Geohash Zones
GPS coordinates convert to standard geohash strings. Nearby locations share prefixes for spatial analysis; exact positions stay hidden.
🔏
HMAC-SHA256 Signing
Every outbound signal is cryptographically signed. Downstream systems verify integrity; tampered payloads are rejected.
🔄
Retry with Exponential Backoff
Destination unreachable? Signals are retried up to 3 times with exponential backoff (500ms, 1s, 2s, capped at 4s). Transient failures don't mean lost intelligence. 5xx responses trigger retry; 4xx responses fail fast.
🛡
Rate Limiting
Token-bucket limiter at 100 req/s with burst tolerance protects against upstream floods.
📈
Prometheus Metrics
/metrics endpoint: request counts, success/fail rates, forwarding stats, rate limit hits.
🐳
Distroless Container
No shell, no package manager, nonroot user. Multi-stage build, minimal attack surface.
Data Flow

PII in, anonymous signal out

Four deterministic steps between your internal systems and any external consumer.

1

Ingest

POST /process receives raw transaction JSON from any internal source. Validates fields, enforces 1MB body limit.

2

Anonymize

Creates Identity Mosaic, maps amount to tier, converts location to geohash, hashes device & IP fingerprints.

3

Sign

Computes HMAC-SHA256 over the payload. Downstream systems verify integrity via X-Intel-Signature header.

4

Forward

Sends the anonymized signal to the configured endpoint over TLS with automatic retry on transient failures.

Quick Start

Deployed in minutes, not months

One Docker image. Environment variables for credentials. A single REST endpoint. If your system can POST JSON, you're ready.

1

Configure your destination

Set HUB_API_URL to your fraud vendor's ingest endpoint, your ML platform's API, or any system that consumes signals.

2

Deploy the container

Run the Docker image inside your private network. Set your BANK_SALT, API credentials, and HMAC_SECRET for payload signing.

3

Connect your sources

Point your CBS, ATM switch, or mobile backend to POST transactions to /process. Anonymized signals flow automatically.

docker-compose.yml
edge-gateway:
  image: edgegw:latest
  environment:
    - INSTITUTION_ID=BNK_001
    - API_KEY=<your API key>
    - HMAC_SECRET=<shared signing secret>
    - HUB_API_URL=https://vendor.example.com/api/signals
    - BANK_SALT=<min-32-char-local-secret>
    - REGIONAL_PEPPER=<network-shared-pepper>
  ports:
    - "8080:8080"
Anonymized output (what external systems see)
{
  "institution_id": "BNK_001",
  "signal_type": "transaction",
  "identity_mosaic": "a3f8c1...e7b2d4",
  "metadata": {
    "amount_tier": "TIER_3",
    "location_zone": "s1499",
    "is_near_threshold": true,
    "device_id_hash": "7d2f1a...c9e0b3",
    "branch_id": "LAG-01"
  }
}
// No names. No accounts. No exact amounts.
// Just the signal any system needs.
Why Edge Gateway

For your compliance team, security team, and ops team

Regulatory Compliance

PII stays in your jurisdiction. Meets GDPR, NDPA, and data residency requirements by architecture, not policy.

🔍

Full Auditability

Every transformation is deterministic. Compliance officers can locally re-derive any mosaic for SAR filing via /resolve-pii.

🔗

Vendor Neutral

Works with any downstream system that accepts JSON over HTTP. Switch fraud vendors without changing your internal integration.

🔓

Open Source

Audit every line. No black boxes, no vendor lock-in. Your security team signs off before anything hits production.

Zero Friction

Single REST endpoint, no SDK, no agent. If your CBS can POST HTTP, deploy in a day.

🚀

Production Ready

Graceful shutdown, TLS, rate limiting, retry, Prometheus metrics. Battle-tested defaults out of the box.

Ready to protect your data pipeline?

Deploy the gateway, connect to any external system, and keep PII where it belongs — inside your network.

Request a Demo Check Gateway Status