Oneclick AI Squad This workflow corresponds to n8n.io template #6266 — we link there as the canonical source.
This workflow follows the Agent → Gmail recipe pattern — see all workflows that pair these two integrations.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"id": "MMiXWOQE8aw4OD3k",
"meta": {
"templateCredsSetupCompleted": true
},
"name": "Fraudulent Booking Detector: Identify Suspicious Travel Transactions with AI",
"tags": [],
"nodes": [
{
"id": "664a521a-7b7c-4a9a-ae3a-06cb326d6923",
"name": "Booking Transaction Webhook",
"type": "n8n-nodes-base.webhook",
"position": [
-1540,
120
],
"parameters": {
"path": "fraud-detection",
"options": {},
"httpMethod": "POST",
"responseMode": "responseNode"
},
"typeVersion": 1
},
{
"id": "940ec478-de93-4595-a391-8aefb170b5d9",
"name": "Extract Booking Data",
"type": "n8n-nodes-base.set",
"position": [
-1320,
120
],
"parameters": {
"values": {
"string": [
{
"name": "user_id",
"value": "={{ $json.body.user_id }}"
},
{
"name": "booking_amount",
"value": "={{$json.body.amount}}"
},
{
"name": "booking_time",
"value": "={{$json.body.timestamp}}"
},
{
"name": "ip_address",
"value": "={{$json.body.ip_address}}"
},
{
"name": "payment_method",
"value": "={{$json.body.payment_method}}"
},
{
"name": "booking_location",
"value": "={{$json.body.location}}"
},
{
"name": "session_id",
"value": "={{$json.body.session_id}}"
}
]
},
"options": {}
},
"typeVersion": 1
},
{
"id": "e138c720-be0f-4182-8cc7-a5b9ea0cfbd5",
"name": "IP Geolocation Check",
"type": "n8n-nodes-base.httpRequest",
"position": [
-1120,
120
],
"parameters": {
"url": "=http://ip-api.com/json/{{$node['Extract Booking Data'].json['ip_address']}}",
"options": {}
},
"typeVersion": 1
},
{
"id": "5a9d3b88-ddb3-46dc-93f1-3f142cba5050",
"name": "Enhanced Risk Calculator",
"type": "n8n-nodes-base.code",
"position": [
-660,
120
],
"parameters": {
"jsCode": "const bookingData = $input.first();\nconst geoData = $node['IP Geolocation Check'].json;\nconst agentResponse = $node['AI Agent'].json.output;\n\n// Parse AI agent response\nlet aiAnalysis;\ntry {\n // Extract JSON from agent response\n const jsonMatch = agentResponse.match(/\\{[\\s\\S]*\\}/);\n if (jsonMatch) {\n aiAnalysis = JSON.parse(jsonMatch[0]);\n } else {\n throw new Error('No JSON found in response');\n }\n} catch (e) {\n console.error('AI Analysis parsing error:', e);\n // Fallback analysis\n aiAnalysis = {\n risk_score: 50,\n risk_level: 'MEDIUM',\n reasons: ['AI analysis parsing failed - manual review required'],\n fraud_indicators: ['System error'],\n recommendation: 'REVIEW'\n };\n}\n\n// Calculate additional rule-based risk factors\nlet additionalRiskScore = 0;\nlet riskFactors = [];\n\n// Amount-based risk assessment\nconst amount = parseFloat(bookingData.booking_amount);\nif (amount > 10000) {\n additionalRiskScore += 25;\n riskFactors.push('Very high transaction amount (>$10,000)');\n} else if (amount > 5000) {\n additionalRiskScore += 15;\n riskFactors.push('High transaction amount (>$5,000)');\n} else if (amount < 10) {\n additionalRiskScore += 10;\n riskFactors.push('Unusually low amount - potential testing');\n}\n\n// Geographic risk assessment\nif (geoData.country === 'Unknown' || geoData.status === 'fail') {\n additionalRiskScore += 20;\n riskFactors.push('IP geolocation failed or unknown');\n} else if (['TOR', 'VPN', 'Proxy'].includes(geoData.proxy || '')) {\n additionalRiskScore += 15;\n riskFactors.push('VPN/Proxy detected');\n}\n\n// Time-based pattern analysis\nconst bookingTime = new Date(bookingData.booking_time);\nconst hour = bookingTime.getHours();\nif (hour < 6 || hour > 23) {\n additionalRiskScore += 10;\n riskFactors.push('Unusual booking time (late night/early morning)');\n}\n\n// Payment method risk evaluation\nconst highRiskPayments = ['cryptocurrency', 'prepaid_card', 'gift_card', 'mobile_payment'];\nif (highRiskPayments.includes(bookingData.payment_method?.toLowerCase())) {\n additionalRiskScore += 15;\n riskFactors.push(`High-risk payment method: ${bookingData.payment_method}`);\n}\n\n// Combine AI score with rule-based score\nconst aiRiskScore = aiAnalysis.risk_score || 0;\nconst combinedRiskScore = Math.min(100, Math.round((aiRiskScore + additionalRiskScore) / 2));\n\n// Determine final risk level\nlet finalRiskLevel;\nif (combinedRiskScore >= 80) finalRiskLevel = 'CRITICAL';\nelse if (combinedRiskScore >= 40) finalRiskLevel = 'HIGH';\nelse if (combinedRiskScore >= 40) finalRiskLevel = 'MEDIUM';\nelse finalRiskLevel = 'LOW';\n\n// Combine all risk factors and indicators\nconst allRiskFactors = [...riskFactors, ...(aiAnalysis.reasons || [])];\nconst allFraudIndicators = [...(aiAnalysis.fraud_indicators || []), 'Rule-based analysis completed'];\n\n// Determine final recommendation\nlet finalRecommendation;\nif (finalRiskLevel === 'CRITICAL') finalRecommendation = 'BLOCK';\nelse if (finalRiskLevel === 'HIGH') finalRecommendation = 'REVIEW';\nelse finalRecommendation = 'APPROVE';\n\nreturn {\n user_id: bookingData.user_id,\n booking_amount: bookingData.booking_amount,\n risk_score: combinedRiskScore,\n risk_level: finalRiskLevel,\n recommendation: aiAnalysis.recommendation || finalRecommendation,\n risk_factors: allRiskFactors,\n fraud_indicators: allFraudIndicators,\n ai_analysis: aiAnalysis.reasons || ['No AI analysis available'],\n location: `${geoData.city || 'Unknown'}, ${geoData.country || 'Unknown'}`,\n ip_address: bookingData.ip_address,\n timestamp: new Date().toISOString(),\n session_id: bookingData.session_id,\n payment_method: bookingData.payment_method,\n ai_raw_score: aiRiskScore,\n rule_based_score: additionalRiskScore\n};"
},
"typeVersion": 1
},
{
"id": "dddfa887-aef3-4a39-8f39-6d6bf663cc47",
"name": "Critical Risk Check",
"type": "n8n-nodes-base.if",
"position": [
-440,
20
],
"parameters": {
"conditions": {
"string": [
{
"value1": "={{$json.risk_level}}",
"value2": "CRITICAL"
}
]
}
},
"typeVersion": 1
},
{
"id": "770d0bee-3c76-44d8-9636-95ce05a71ad0",
"name": "High Risk Check",
"type": "n8n-nodes-base.if",
"position": [
-440,
220
],
"parameters": {
"conditions": {
"string": [
{
"value1": "={{$json.risk_level}}",
"value2": "HIGH"
}
]
},
"combineOperation": "any"
},
"typeVersion": 1
},
{
"id": "da250ec0-9f4a-459a-8764-a54f18f1bee7",
"name": "Block User Account",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
-200,
0
],
"parameters": {
"url": "https://oneclicktracker.in/booking/fraud/block-user",
"options": {},
"requestMethod": "POST",
"bodyParametersUi": {
"parameter": [
{
"name": "user_id",
"value": "={{ $('Extract Booking Data').item.json.body.user_id }}"
}
]
}
},
"executeOnce": true,
"typeVersion": 1
},
{
"id": "0b8dd1bc-b61d-4fc1-a36f-6cac7505228e",
"name": "Flag for Review",
"type": "n8n-nodes-base.httpRequest",
"onError": "continueRegularOutput",
"position": [
-200,
380
],
"parameters": {
"url": "https://oneclicktracker.in/booking/fraud/flag-transaction",
"options": {},
"requestMethod": "POST",
"bodyParametersUi": {
"parameter": [
{
"name": "user_id",
"value": "={{ $('Extract Booking Data').item.json.body.user_id }}"
}
]
}
},
"executeOnce": true,
"typeVersion": 1
},
{
"id": "fe50e27a-a223-4d1e-926b-eb52b308cb0e",
"name": "Log to Google Sheets",
"type": "n8n-nodes-base.googleSheets",
"position": [
0,
120
],
"parameters": {
"columns": {
"value": {},
"schema": [
{
"id": "user_id",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "user_id",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "booking_amount",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "booking_amount",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "risk_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "risk_score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "risk_level",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "risk_level",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "recommendation",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "recommendation",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "risk_factors",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "risk_factors",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "fraud_indicators",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "fraud_indicators",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "ai_analysis",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "ai_analysis",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "location",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "location",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "ip_address",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "ip_address",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "timestamp",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "timestamp",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "session_id",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "session_id",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "payment_method",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "payment_method",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "ai_raw_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "ai_raw_score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "rule_based_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "rule_based_score",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "autoMapInputData",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1mKhcdDnwEwzLlvjze_7A0D9KJNWt58ByOxM3mBm5mqA/edit#gid=0",
"cachedResultName": "Sheet1"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1mKhcdDnwEwzLlvjze_7A0D9KJNWt58ByOxM3mBm5mqA",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1mKhcdDnwEwzLlvjze_7A0D9KJNWt58ByOxM3mBm5mqA/edit?usp=drivesdk",
"cachedResultName": "Fraud Detection data for flight"
},
"authentication": "serviceAccount"
},
"credentials": {
"googleApi": {
"name": "<your credential>"
}
},
"typeVersion": 4
},
{
"id": "2e8c8aed-cd8d-4ec3-83c7-9b3c351a216e",
"name": "Send Response",
"type": "n8n-nodes-base.respondToWebhook",
"position": [
220,
120
],
"parameters": {
"options": {},
"respondWith": "json",
"responseBody": "={\n \"status\": \"processed\",\n \"risk_level\": \"{{$node['Enhanced Risk Calculator'].json.risk_level}}\",\n \"risk_score\": {{$node['Enhanced Risk Calculator'].json.risk_score}},\n \"recommendation\": \"{{$node['Enhanced Risk Calculator'].json.recommendation}}\",\n \"message\": \"Transaction analyzed: {{$node['Enhanced Risk Calculator'].json.risk_level}} risk detected\",\n \"actions_taken\": \"{{$node['Enhanced Risk Calculator'].json.risk_level === 'CRITICAL' ? 'User blocked, critical alert sent' : $node['Enhanced Risk Calculator'].json.risk_level === 'HIGH' ? 'Flagged for review, alert sent' : 'Logged for monitoring'}}\",\n \"fraud_indicators_count\": {{$node['Enhanced Risk Calculator'].json.fraud_indicators.length}},\n \"session_id\": \"{{ $('Extract Booking Data').item.json.body.session_id }}\"\n}"
},
"typeVersion": 1
},
{
"id": "2f2735be-f13e-4067-9bd5-e1a2c31abfc4",
"name": "AI Agent",
"type": "@n8n/n8n-nodes-langchain.agent",
"position": [
-960,
120
],
"parameters": {
"text": "=Analyze this booking transaction for potential fraud patterns and suspicious behavior:\\n\\n**Transaction Details:**\\n- User ID: {{$node['Extract Booking Data'].json['user_id']}}\\n- Amount: ${{$node['Extract Booking Data'].json['booking_amount']}}\\n- Booking Time: {{$node['Extract Booking Data'].json['booking_time']}}\\n- IP Location: {{$node['IP Geolocation Check'].json['city']}}, {{$node['IP Geolocation Check'].json['country']}}\\n- Payment Method: {{$node['Extract Booking Data'].json['payment_method']}}\\n- Session ID: {{$node['Extract Booking Data'].json['session_id']}}\\n\\n**Please provide your analysis in the following JSON format:**\\n{\\n \\\"risk_score\\\": [number between 0-100],\\n \\\"risk_level\\\": \\\"[LOW/MEDIUM/HIGH/CRITICAL]\\\",\\n \\\"reasons\\\": [\\\"reason1\\\", \\\"reason2\\\", \\\"reason3\\\"],\\n \\\"fraud_indicators\\\": [\\\"indicator1\\\", \\\"indicator2\\\"],\\n \\\"recommendation\\\": \\\"[APPROVE/REVIEW/BLOCK]\\\"\\n}",
"options": {
"systemMessage": "You are an advanced fraud detection AI specialist with expertise in identifying suspicious booking patterns and fraudulent transactions. Your role is to analyze booking data comprehensively and identify potential fraud indicators.\\n\\n**Analysis Framework:**\\n1. **Amount Analysis**: Evaluate transaction amounts for unusual patterns (too high, too low, round numbers)\\n2. **Temporal Patterns**: Check for suspicious timing (late night bookings, rapid successive transactions)\\n3. **Geographic Risk**: Assess location-based risks and IP geolocation inconsistencies\\n4. **Payment Method Risk**: Evaluate payment method security levels\\n5. **Behavioral Anomalies**: Identify unusual booking patterns or session behaviors\\n\\n**Risk Scoring Guidelines:**\\n- 0-25: LOW risk - Normal transaction patterns\\n- 26-50: MEDIUM risk - Some concerning factors, monitor closely\\n- 51-75: HIGH risk - Multiple red flags, requires human review\\n- 76-100: CRITICAL risk - Severe fraud indicators, immediate action needed\\n\\n**Response Format**: Always respond with valid JSON containing risk_score, risk_level, reasons array, fraud_indicators array, and recommendation. Be specific and actionable in your analysis."
},
"promptType": "define"
},
"typeVersion": 1.9
},
{
"id": "fe64d367-c1b7-4d4b-b45c-bafce9d52948",
"name": "Google Gemini Chat Model",
"type": "@n8n/n8n-nodes-langchain.lmChatGoogleGemini",
"position": [
-960,
340
],
"parameters": {
"options": {},
"modelName": "=models/gemini-2.5-pro"
},
"credentials": {
"googlePalmApi": {
"name": "<your credential>"
}
},
"typeVersion": 1
},
{
"id": "8eb4697e-38b8-4629-9169-28b34cd3fafb",
"name": "Workflow Overview",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1160,
-580
],
"parameters": {
"width": 600,
"height": 200,
"content": "## Fraud Detection Workflow Overview\n\nThis workflow is designed to detect and manage fraudulent booking transactions by integrating various checks and AI-powered analysis. It processes incoming booking data, performs IP geolocation, enriches data with AI insights, calculates risk scores, and takes automated actions based on the risk level. Finally, it logs all transactions and sends appropriate notifications."
},
"typeVersion": 1
},
{
"id": "73367c54-cf16-4254-b9dd-0e8e2534235a",
"name": "Data Ingestion Notes",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1560,
320
],
"parameters": {
"color": 4,
"width": 500,
"height": 240,
"content": "## 1. Initial Data Ingestion & Extraction\n\n- **Booking Transaction Webhook**: This node acts as the entry point for the workflow, receiving incoming booking transaction data via a `POST` request to the `/fraud-detection` endpoint.\n- **Extract Booking Data**: This `Set` node extracts key booking details (user ID, amount, timestamp, IP address, payment method, location, session ID) from the incoming webhook payload, making them easily accessible for subsequent nodes."
},
"typeVersion": 1
},
{
"id": "817d9283-4967-485e-be6a-323613db855d",
"name": "Geolocation & AI Notes",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1020,
480
],
"parameters": {
"color": 5,
"width": 600,
"height": 250,
"content": "## 2. IP Geolocation and AI Analysis\n\n- **IP Geolocation Check**: This `HTTP Request` node enriches the booking data by fetching geolocation details (city, country) based on the extracted IP address.\n- **AI Agent (Langchain)**: This AI Agent node uses the `Google Gemini Chat Model` to analyze the booking and geolocation data. It provides an AI-driven `risk_score`, `risk_level`, `reasons`, `fraud_indicators`, and `recommendation` in a structured JSON format.\n- **Google Gemini Chat Model**: This node provides the large language model capabilities to the AI Agent for fraud analysis."
},
"typeVersion": 1
},
{
"id": "a7fe1d15-9007-42b6-a2ec-f06cda926232",
"name": "Risk Calculation Notes",
"type": "n8n-nodes-base.stickyNote",
"position": [
-880,
-280
],
"parameters": {
"color": 6,
"width": 600,
"height": 260,
"content": "## 3. Risk Calculation and Decision Logic\n\n- **Enhanced Risk Calculator**: This `Code` node combines the AI-generated risk score with additional rule-based risk factors (e.g., amount, unusual time, payment method, IP geolocation status) to calculate a `combinedRiskScore` and `finalRiskLevel`.\n- **Critical Risk Check**: This `If` node checks if the `risk_level` is `CRITICAL`.\n- **High Risk Check**: This `If` node checks if the `risk_level` is `HIGH` or `MEDIUM`.\n\nBased on the risk level, the workflow branches into different paths for further action."
},
"typeVersion": 1
},
{
"id": "d5b0ffe4-cfdd-4c4b-a2a5-c57ea75b2193",
"name": "Action & Notification Notes",
"type": "n8n-nodes-base.stickyNote",
"position": [
0,
-280
],
"parameters": {
"color": 3,
"width": 600,
"height": 240,
"content": "## 4. Action & Notification\n\n- **Block User Account**: If `CRITICAL` risk, this `HTTP Request` node triggers an external system to block the user.\n- **Gmail1**: If `CRITICAL` risk, this `Gmail` node sends a critical fraud alert email.\n- **Flag for Review**: If `HIGH` risk, this `HTTP Request` node flags the transaction for manual review in an external system.\n- **Gmail**: If `HIGH` risk, this `Gmail` node sends a high-risk transaction email for review."
},
"typeVersion": 1
},
{
"id": "ee5f8df1-f361-49ff-943c-78873c58b96a",
"name": "Logging & Response Notes",
"type": "n8n-nodes-base.stickyNote",
"position": [
40,
340
],
"parameters": {
"color": 2,
"width": 600,
"height": 200,
"content": "## 5. Logging & Response\n\n- **Log to Google Sheets**: This `Google Sheets` node logs all transaction details, risk analysis, and actions taken to a Google Sheet for record-keeping and auditing.\n- **Send Response**: This `Respond to Webhook` node sends a final JSON response back to the originating system, summarizing the fraud analysis status, risk level, score, recommendation, and actions taken for the session."
},
"typeVersion": 1
},
{
"id": "c751fd4f-a299-4144-a008-c4bf0c87d7b2",
"name": "Send a message",
"type": "n8n-nodes-base.gmail",
"position": [
-200,
-180
],
"parameters": {
"sendTo": "user@example.com",
"message": "=<h2 style='color: #d32f2f;'>\ud83d\udea8 CRITICAL FRAUD ALERT</h2><div style='background-color: #ffebee; padding: 15px; border-left: 4px solid #d32f2f; margin: 10px 0;'> <h3>Transaction Details</h3> <ul> <li><strong>User ID:</strong> {{ $('Extract Booking Data').item.json.body.user_id }}</li> <li><strong>Amount:</strong> ${{ $('Extract Booking Data').item.json.body.amount }}</li> <li><strong>Risk Score:</strong> {{$json.risk_score}}/100</li> <li><strong>Risk Level:</strong> {{$json.risk_level}}</li> <li><strong>Recommendation:</strong> {{$json.recommendation}}</li> <li><strong>Location:</strong> {{$json.location}}</li> <li><strong>IP Address:</strong> {{ $('Extract Booking Data').item.json.body.ip_address }}</li> <li><strong>Payment Method:</strong> {{ $('Extract Booking Data').item.json.body.payment_method }}=</li> </ul></div><div style='background-color: #fff3e0; padding: 15px; border-left: 4px solid #f57c00; margin: 10px 0;'> <h3>Risk Factors Identified</h3> <ul> {{$json.risk_factors}} <li></li> </ul></div><div style='background-color: #fce4ec; padding: 15px; border-left: 4px solid #e91e63; margin: 10px 0;'> <h3>Fraud Indicators</h3> <ul> {{$json.fraud_indicators}} <li></li> </ul></div><div style='background-color: #e3f2fd; padding: 15px; border-left: 4px solid #1976d2; margin: 10px 0;'> <h3>Additional Information</h3> <ul> <li><strong>Timestamp:</strong> {{$json.timestamp}}</li> <li><strong>Session ID:</strong>{{ $('Extract Booking Data').item.json.body.session_id }} </li> <li><strong>AI Score:</strong> {{$json.ai_raw_score}}/100</li> <li><strong>Rule-based Score:</strong> {{$json.rule_based_score}}/100</li> </ul></div><div style='background-color: #ffcdd2; padding: 15px; border: 2px solid #d32f2f; margin: 20px 0; text-align: center;'> <h3 style='color: #d32f2f; margin: 0;'>\u26a0\ufe0f IMMEDIATE ACTION REQUIRED \u26a0\ufe0f</h3> <p style='margin: 10px 0;'>This transaction has been flagged as CRITICAL risk. Please investigate immediately.</p></div><hr><p style='font-size: 12px; color: #666;'>Generated by Fraud Detection System | {{$json.timestamp}}</p>",
"options": {},
"subject": "=\ud83d\udea8 CRITICAL FRAUD ALERT - {{ $('Extract Booking Data').item.json.body.user_id }} - ${{ $('Extract Booking Data').item.json.body.amount }}"
},
"credentials": {
"gmailOAuth2": {
"name": "<your credential>"
}
},
"typeVersion": 2.1
},
{
"id": "18e9486f-00d9-41eb-ae4a-53a850965e5c",
"name": "Send a message1",
"type": "n8n-nodes-base.gmail",
"position": [
-200,
200
],
"parameters": {
"sendTo": "user@example.com",
"message": "=<h2 style='color: #f57c00;'>\u26a0\ufe0f HIGH RISK BOOKING DETECTED</h2><div style='background-color: #fff8e1; padding: 15px; border-left: 4px solid #f57c00; margin: 10px 0;'> <h3>Transaction Summary</h3> <ul> <li><strong>User ID:</strong>{{ $('Extract Booking Data').item.json.body.user_id }}</li> <li><strong>Amount:</strong> ${{ $('Extract Booking Data').item.json.body.amount }}</li> <li><strong>Risk Score:</strong> {{$json.risk_score}}/100</li> <li><strong>Risk Level:</strong> {{$json.risk_level}}</li> <li><strong>Recommendation:</strong> {{$json.recommendation}}</li> <li><strong>Location:</strong> {{$json.location}}</li> <li><strong>Payment Method:</strong>{{ $('Extract Booking Data').item.json.body.payment_method }}</li> </ul></div><div style='background-color: #fce4ec; padding: 15px; border-left: 4px solid #e91e63; margin: 10px 0;'> <h3>Risk Analysis</h3> <ul> {{$json.risk_factors}} <li></li> </ul></div><div style='background-color: #e8f5e8; padding: 15px; border-left: 4px solid #4caf50; margin: 10px 0;'> <h3>Recommended Actions</h3> <ul> <li>Review transaction history for this user</li> <li>Verify payment method authenticity</li> <li>Check for pattern similarities with known fraud cases</li> <li>Consider temporary account restrictions if needed</li> </ul></div><p style='margin-top: 20px;'><strong>Session ID:</strong>{{ $('Extract Booking Data').item.json.body.session_id }}</p><p><strong>Timestamp:</strong> {{$json.timestamp}}</p><hr><p style='font-size: 12px; color: #666;'>Fraud Monitoring System | Please review within 24 hours</p>",
"options": {},
"subject": "=\u26a0\ufe0f High Risk Transaction - Review Required - {{ $('Extract Booking Data').item.json.body.user_id }} "
},
"credentials": {
"gmailOAuth2": {
"name": "<your credential>"
}
},
"typeVersion": 2.1
}
],
"active": false,
"settings": {
"executionOrder": "v1"
},
"versionId": "96fe125c-cc90-4c67-a256-f6f59f7bbc91",
"connections": {
"AI Agent": {
"main": [
[
{
"node": "Enhanced Risk Calculator",
"type": "main",
"index": 0
}
]
]
},
"High Risk Check": {
"main": [
[
{
"node": "Flag for Review",
"type": "main",
"index": 0
},
{
"node": "Send a message1",
"type": "main",
"index": 0
}
]
]
},
"Critical Risk Check": {
"main": [
[
{
"node": "Block User Account",
"type": "main",
"index": 0
},
{
"node": "Send a message",
"type": "main",
"index": 0
}
]
]
},
"Extract Booking Data": {
"main": [
[
{
"node": "IP Geolocation Check",
"type": "main",
"index": 0
}
]
]
},
"IP Geolocation Check": {
"main": [
[
{
"node": "AI Agent",
"type": "main",
"index": 0
}
]
]
},
"Log to Google Sheets": {
"main": [
[
{
"node": "Send Response",
"type": "main",
"index": 0
}
]
]
},
"Enhanced Risk Calculator": {
"main": [
[
{
"node": "Critical Risk Check",
"type": "main",
"index": 0
},
{
"node": "High Risk Check",
"type": "main",
"index": 0
},
{
"node": "Log to Google Sheets",
"type": "main",
"index": 0
}
]
]
},
"Google Gemini Chat Model": {
"ai_languageModel": [
[
{
"node": "AI Agent",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"Booking Transaction Webhook": {
"main": [
[
{
"node": "Extract Booking Data",
"type": "main",
"index": 0
}
]
]
}
}
}
Credentials you'll need
Each integration node will prompt for credentials when you import. We strip credential IDs before publishing — you'll add your own.
gmailOAuth2googleApigooglePalmApi
Pro
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
This automated n8n workflow detects and manages fraudulent booking transactions through comprehensive AI-powered analysis and multi-layered security checks. The system processes incoming travel booking data, performs IP geolocation verification, enriches transaction details with…
Source: https://n8n.io/workflows/6266/ — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
This workflow contains community nodes that are only compatible with the self-hosted version of n8n.
Agent, @Apify/N8N Nodes Apify, HTTP Request +3
⏺ 🚀 How it works
Agent, Anthropic Chat, Output Parser Structured +6
ANIS_HUB 1. Uses gmail, googleDrive, googleSheets, httpRequest. Webhook trigger; 89 nodes.
Gmail, Google Drive, Google Sheets +3
Resume Screening & Behavioral Interviews with Gemini, Elevenlabs, & Notion ATS copy. Uses outputParserStructured, chainLlm, googleDrive, stickyNote. Webhook trigger; 67 nodes.
Output Parser Structured, Chain Llm, Google Drive +9
Candidate Engagement | Resume Screening | AI Voice Interviews | Applicant Insights
Output Parser Structured, Chain Llm, Google Drive +9