PRD-ALTSCORE-001 · Build Readiness Package

Alternative
Credit Scoring
for India's
Informal Retail

AltScore provides ML-powered creditworthiness scores for 12 million+ informal retailers — kiranas, pharmacies, general merchants — who are locked out of formal credit because they lack traditional financial histories. We turn distributor ERP transaction data into DPDP-compliant credit scores that NBFC lenders can act on.

₹3.5L Cr Working Capital Gap
12M+ Target Retailers
300–900 Score Range
13 Pre-Build Docs
Scroll to explore the documentation
What We're Building

The Problem, Solution,
and How We Deliver It

01 · Problem
Invisible to Formal Credit
India's 12M+ informal retailers — kiranas, pharmacies, chemists — generate ₹3.5L Crore in annual working capital demand. Banks reject them because they have no bank statements, no GST history, no credit bureau footprint. Their creditworthiness is real but invisible.
02 · Data Signal
ERP Transactions as Proxy Credit History
Distributors who supply these retailers already hold 2–5 years of invoice, payment, and return history in their ERP systems (Tally Prime, SAP B1, CSV exports). This data reveals payment discipline, order consistency, business trajectory, and seasonal resilience.
03 · What AltScore Does
DPDP-Compliant Scores for NBFC Lenders
AltScore ingests ERP data (with retailer consent via WhatsApp), runs an XGBoost-based scoring engine with 40+ engineered features, and surfaces a 300–900 score + risk band + SHAP reason codes via a REST API that NBFC lenders call at the moment of a credit application.
Core Constraint
The retailer's raw GST number never crosses the Bronze→Silver data boundary. All ML training and scoring operates on UUID-pseudonymized records. Compliance with DPDP Act 2023 and RBI FLDG guidelines is non-negotiable.
Core Technology Stack
XGBoost v1.7 Python 3.11 FastAPI Amazon EKS Apache Kafka (MSK) Apache Spark (EMR) AWS ap-south-1 Azure Central India (DR) PostgreSQL 15 (RLS) ElastiCache Redis 7 Apache Airflow (MWAA) dbt Core MLflow SHAP TreeExplainer Istio (mTLS) Kong Gateway JWT RS256 S3 Object Lock (WORM) Tally Prime TDL SAP B1 OData v4 WhatsApp Business API FIDO2 / WebAuthn
System Overview

How Data Flows Through
the AltScore Platform

01
ERP Connector SDK
Tally Prime TDL
SAP B1 OData v4
CSV/SFTP
Delta sync + HMAC signing
02
Bronze Lake
S3 WORM (Object Lock)
Per-distributor CMK
Raw PII present
7-year retention
03
Pseudonymization
GST → UUID via
HMAC-SHA256 lookup
Identity map physically
isolated from ML
04
Silver + Gold
Spark + dbt transforms
40+ features engineered
Airflow MWAA orchestration
Kafka events
05
Scoring Engine
XGBoost classifier
Isolation Forest
Croston's Method
SHAP reason codes
06
NBFC API
REST / OpenAPI 3.1
JWT RS256 auth
PostgreSQL RLS
100 req/min per lender
AltScore
742
Risk Band
B
Probability of Default
0.068
Recommended Limit
₹2,50,000
Top Reason Code
PAYMENT_CONSISTENCY_HIGH
Data Freshness
3 days
Delivery Timeline

Build Phases & Milestones

Phase 01
ERP Connector & Data Pipeline
Months 1–3
Tally + SAP B1 connectors. Bronze/Silver lake live. 3 pilot distributors onboarded.
Phase 02
Scoring Engine v1
Months 4–6
XGBoost model trained. Feature engineering complete. SHAP explainability live. AUROC ≥ 0.72.
Phase 03
NBFC API + Consent
Months 7–9
REST API live. WhatsApp consent flow deployed. First NBFC partner integration.
Phase 04
Compliance & Audit
Months 10–12
SOC 2 Type II evidence collection. DPDP consent audit. Pen test. 10K retailers scored.
Phase 05
Scale & Certify
Months 13–18
ISO 27001 certification. 250K → 2M retailers. RBI AA integration (v2 API).
Pre-Build Documentation

13 Documents · Everything
Needed Before the First Commit

📋
Foundation
1 document
PRD-ALTSCORE-001
Product Requirements Document
The source of truth for everything AltScore builds. Covers problem statement, user personas (Retailer Raju, Credit Manager Priya, Data Analyst Vikram), functional requirements, guardrail definitions, PDLC phases, and acceptance criteria.
13 sections · Master reference
🏗
Architecture
2 documents
FA-ALTSCORE-001
Functional Architecture
8 microservices with responsibilities, tech stacks, and Kafka events emitted. Data flows for ERP ingestion, NBFC score request, and consent grant. 11 inter-service connections and 8 architectural constraints that cannot be bypassed.
10 sections · Service mesh + flows
DA-ALTSCORE-001
Deployment Architecture
AWS ap-south-1 primary with Azure Central India DR. Amazon EKS (3 node groups), Istio mTLS, 3-environment pipeline, 5-stage CI/CD with canary rollout, and capacity planning from 10K to 2M retailers.
10 sections · Infra + CI/CD
API & Data
2 documents
API-ALTSCORE-001
API Specification
OpenAPI 3.1 spec for all 18 endpoints across 5 groups: Score, Consent, Ingestion, Grievance, Admin. JWT RS256 auth, rate limits (100 req/min), 13 error codes, versioning lifecycle, and full request/response examples.
10 sections · 18 endpoints
DAS-ALTSCORE-001
Data Architecture & Schema
Medallion lake design (Bronze → Silver → Gold), full table schemas for all layers, PostgreSQL RLS policy SQL, Redis cache key patterns, dbt model dependency map, and data retention schedule by layer.
10 sections · Full schema definitions
🔐
Security & Privacy
3 documents
SEC-ALTSCORE-001
Security Architecture
Multi-layer security controls: FIDO2 admin auth, JWT RS256 NBFC auth, mTLS ERP connectors, Istio STRICT mesh, VPC isolation, WAF + DDoS rules, SOC 2 Type II controls, and the full threat response playbook.
Comprehensive security spec
PVY-ALTSCORE-001
Privacy Documentation
DPDP Act 2023 compliance: consent architecture, data localisation, retailer rights (access, correction, erasure, nomination), purpose limitation, data minimisation, and DPO responsibilities.
DPDP Act · Retailer rights
TM-ALTSCORE-001
Threat Model
STRIDE analysis across all attack surfaces, ranked threat register with likelihood × impact scoring, mitigations mapped to security controls, and residual risk acceptance thresholds.
STRIDE · Threat register
🧠
ML, Guardrails & Quality
3 documents
MC-ALTSCORE-001
Model Card
Full documentation of the XGBoost credit scoring model: 5 feature families, 40+ features, OOT performance metrics (AUROC ≥ 0.72, KS ≥ 0.35), fairness / AIR analysis, 7 known limitations, and SHAP reason code taxonomy with Hindi translations.
10 sections · Regulator-ready
GR-ALTSCORE-001
Guardrails Design Plan
6 compile-time guardrail constants (GR-1 through GR-6): score floor (300), hard cap (₹25L), cold-start cap (₹25K), gaming detection threshold, PD ceiling, and minimum data window. No runtime override permitted.
Compile-time · Non-bypassable
TCS-ALTSCORE-001
Test Cases
Comprehensive test suite: unit tests (feature engineering, guardrails), integration tests (ERP connectors, API endpoints), fairness regression tests, adversarial gaming detection, and performance load tests (1K req/sec peak).
Full test coverage spec
🔌
Integration & Decisions
2 documents
ERP-ALTSCORE-001
ERP Integration Specification
Complete integration guide for distributor ERP systems: Tally Prime TDL XML API, SAP Business One OData v4, CSV/SFTP fallback. SDK architecture (8 internal modules), canonical payload schema, delta sync algorithm, and 10-step onboarding checklist.
10 sections · 3 ERP adapters
ADR-ALTSCORE-001–010
Architecture Decision Records
10 MADR-format ADRs documenting every major technical decision: XGBoost selection, AWS+Azure cloud strategy, medallion lake, WhatsApp consent, UUID pseudonymization, PostgreSQL RLS, JWT RS256, Kafka messaging, SHAP explainability, and compile-time guardrails.
10 ADRs · All status: Accepted
Regulatory
Compliance
Framework
DPDP Act 2023
Data localisation, explicit consent, retailer rights (access / correction / erasure), purpose limitation, DPO appointment.
RBI FLDG
Mandatory SHAP reason codes for all credit decisions. Score justification in Hindi. Grievance redressal SLA ≤ 30 days.
SOC 2 Type II
Target certification at Month 12. Trust service criteria: Security, Availability, Confidentiality, Processing Integrity.
ISO 27001
Target certification at Month 18. ISMS covering all data assets, risk treatment plan, and continuous monitoring programme.
↓ All Documents ↓ Architecture ↓ What We Build