This document discusses how graph databases can help detect fraud. It outlines traditional discrete fraud detection methods and their weaknesses in detecting complex fraud schemes. A graph database approach allows for connected analysis across entities and relationships to better identify organized fraud, stolen identities, and other difficult to detect patterns. The document provides examples of insurance fraud detection using a graph database to visualize related individuals, vehicles, businesses and events.

1. Analyzing Fraud with
Graph Databases

2. What Does Fraud Look Like?

3. Organized in groups Synthetic Identities Stolen Identities Hijacked Devices
What Does Fraud Look Like?

4. Types of Fraud
• Insurance Fraud
• eCommerce Fraud
• Credit Card Fraud
• Rogue Merchants
• Fraud we don’t know about yet…

5. Endpoint-Centric
Analysis of users and
their end-points
1.
Navigation Centric
Analysis of
navigation behavior
and suspect
patterns
2.
Account-Centric
Analysis of anomaly
behavior by channel
3.
PC:s
Mobile Phones
IP-addresses
User ID:s
Comparing Transaction
Identity Vetting
Traditional Fraud Detection Methods

6. DISCRETE ANALYSIS
Endpoint-Centric
Analysis of users and
their end-points
1.
Navigation Centric
Analysis of
navigation behavior
and suspect
patterns
2.
Account-Centric
Analysis of anomaly
behavior by channel
3.
Traditional Fraud Detection Methods

7. INVESTIGATE
Revolving Debt
Number of Accounts
INVESTIGATE
Normal behavior
Fraud Detection with Discrete Analysis

8. Difficult or unable to detect:
• Synthetic identities
• Stolen identities
• Fraud rings
• Nth degree links
• And more…
Weaknesses
DISCRETE ANALYSIS
Endpoint-Centric
Analysis of users and
their end-points
1.
Navigation Centric
Analysis of
navigation behavior
and suspect
patterns
2.
Account-Centric
Analysis of anomaly
behavior by channel
3.
Traditional Fraud Detection Methods

9. CONNECTED ANALYSIS
Endpoint-Centric
Analysis of users and
their end-points
Navigation Centric
Analysis of
navigation behavior
and suspect
patterns
Account-Centric
Analysis of anomaly
behavior by channel
DISCRETE ANALYSIS
1. 2. 3.
Cross Channel
Analysis of anomaly
behavior correlated
across channels
4.
Entity Linking
Analysis of relationships
to detect organized
crime and collusion
5.
Modern Fraud Detection

10. Revolving Debt
Number of Accounts
Normal behavior
Fraudulent pattern
Fraud Detection with Connected Analysis

11. ACCOUNT
HOLDER 2
ACCOUNT
HOLDER 1
ACCOUNT
HOLDER 3
Fraud Detection with Connected Analysis

12. ACCOUNT
HOLDER 2
ACCOUNT
HOLDER 1
ACCOUNT
HOLDER 3
CREDIT
CARD
BANK
ACCOUNT
BANK
ACCOUNT
BANK
ACCOUNT
PHONE
NUMBER
UNSECURED
LOAN
SSN 2
UNSECURED
LOAN
Fraud Detection with Connected Analysis

13. ACCOUNT
HOLDER 2
ACCOUNT
HOLDER 1
ACCOUNT
HOLDER 3
CREDIT
CARD
BANK
ACCOUNT
BANK
ACCOUNT
BANK
ACCOUNT
ADDRESS
PHONE
NUMBER
PHONE
NUMBER
SSN 2
UNSECURED
LOAN
SSN 2
UNSECURED
LOAN
Fraud Detection with Connected Analysis

14. CONNECTED ANALYSIS
Endpoint-Centric
Analysis of users and
their end-points
Navigation Centric
Analysis of
navigation behavior
and suspect
patterns
Account-Centric
Analysis of anomaly
behavior by channel
DISCRETE ANALYSIS
1. 2. 3.
Cross Channel
Analysis of anomaly
behavior correlated
across channels
4.
Entity Linking
Analysis of relationships
to detect organized
crime and collusion
5.
Modern Fraud Detection

15. “Don’t consider traditional
technology adequate to keep
up with criminal trends”
Market Guide for Online Fraud Detection, April 27, 2015

16. Architecture
with Neo4j

17. Money
Transferring
Purchases Bank
Services Relational/tabular
database
Develop Batch Jobs
Data Scientists
+ Good for Discrete Analysis
– No Holistic View of Data-Relationships
– Slow query speed for connections
Insurance
Claims

18. Relational
database
Data Lake
+ Good for Map Reduce
+ Good for Analytical Workloads
– No holistic view
– Non-operational workloads
– Weeks-to-months processes
Develop Patterns
Data Scientists
Merchant
Data
Credit
Score
Data
Other 3rd
Party
Data
Money
Transferring
Purchases Bank
Services
Insurance
Claims

19. Data Lake
Neo4j powers
360° view of
transactions in
real-time
SENSE
Transaction
stream
RESPOND
Alerts &
notification
SYNC RELEVANT DATA
Relational
database
Visualization UI
Fine Tune Patterns
Develop Patterns
Data Scientists
Merchant
Data
Credit
Score
Data
Other 3rd
Party
Data
Money
Transferring
Purchases Bank
Services
Insurance
Claims
Neo4j
Cluster

20. Data Lake
Neo4j powers
360° view of
transactions in
real-time
SENSE
Transaction
stream
RESPOND
Alerts &
notification
SYNC RELEVANT DATA
Relational
database
Visualization UI
Fine Tune Patterns
Develop Patterns
Data Scientists
Merchant
Data
Credit
Score
Data
Other 3rd
Party
Data
Money
Transferring
Purchases Bank
Services
Insurance
Claims
Neo4j
Cluster
New perspective
into business

21. Data Lake
Neo4j powers
360° view of
transactions in
real-time
SENSE
Transaction
stream
RESPOND
Alerts &
notification
SYNC RELEVANT DATA
Relational
database
Visualization UI
Fine Tune Patterns
Develop Patterns
Data Scientists
Merchant
Data
Credit
Score
Data
Other 3rd
Party
Data
Money
Transferring
Purchases Bank
Services
Insurance
Claims
Neo4j
Cluster
Rule-based scoring
Predictive analytics
Case management
Augments
classic tools:

22. The Impact of Fraud
The payment card fraud alone,
constitutes for over 16 billion dollar in
losses for the bank-sector in the US.
$16Bpayment card fraud in 2014*
Banking
$32Byearly e-commerce fraud**
Fraud in E-commerce is estimated
to cost over 32 billion dollars
annually is the US..
E-commerce
The impact of fraud on the insurance
industry is estimated to be $80
billion annually in the US.
Insurance
$80Bestimated yearly impact***
*) Business Wire: http://www.businesswire.com/news/home/20150804007054/en/Global-Card-Fraud-Losses-Reach-16.31-Billion#.VcJZlvlVhBc
**) E-commerce expert Andreas Thim, Klarna, 2015
***) Coalition against insurance fraud: http://www.insurancefraud.org/article.htm?RecID=3274#.UnWuZ5E7ROA

23. Paper Collisions
Insurance scammers invent automobile
accidents complete with fake drivers,
passengers and witnesses
Insurance Fraud Example

25. Accidents
Cars
Doctor Attorney
People
Drives
Is Passenger
Drivers
Passengers
Witnesses
Insurance Fraud Example

26. View of fraud ring
in a graph database
Accident
1
Accident
2
Person
1
Person
2
Person
3
Person
4
Person
5
Person
6
Car
1
Car
2
Car
3
Car
4
INVOLVES
DRIVES
REPRESENTS
WITNESSES
ADJUSTS
HEALS
Insurance Fraud Graph

27. Dashboard Example

28. Patterns

29. KDD 2015 3
Subgraphs
Subset of nodes
and relationships in
the data

30. Ego networks
E
The subgraph made up of
all neighbors and the
relationships among them
Generalizable to Nth
degree neighbors

31. Same Data, Different Perspective

32. Mapping Ego Networks

33. slope=2
slope=1
slope=1.35
Mapping Ego Networks

34. Mapping Ego Networks

35. Mapping Ego Networks

36. 128.240.229.18
fred@rbs.co.uk
1234LOL
Personal Networks are Stars

37. 128.240.229.18
fred@rbs.co.uk
1234LOL nick@bearings.com
Ca$hMon£y
Overlapping Stars

38. Hmm….

39. MATCH (u1:User {name:”Rik”})––(x)––(u2:User)
WHERE u1 <> u2 AND NOT (x:IP)
RETURN x Network in common is OK
Sample Query

40. Remember, It Scales

41. Detect & prevent fraud in real-time
Faster credit risk analysis and transactions
Reduce chargebacks
Quickly adapt to new methods of fraud
Why Neo4j? Who’s using it?
Financial institutions use Neo4j to:
FINANCE Government Online Retail

42. Don’t be a lonely node.
Connect with us :-)