In this article, we will focus on using graphs when analyzing potential fraud situations in banking.

Two important notes.

First. Sophisticated fraudulent groups operate in insurance or e-commerce industries too. Fraud patterns created by organized groups may differ across industries. Then, the main difference is in the type of event that needs to be analyzed. Insurance analysts and investigators search for potential fraudulent behavior in car crash accidents or injury events where fraudsters file false claims and collect money. Bank fraud analyst have to connect dots between suspicions events like payments, time events etc. We’ll describe few of them later in the article.

Second. Using graph databases with graphs for highly interconnected siloed data brings not only benefits of faster results and deeper understanding on how patterns are created for fraud analyst solely. Banks, insurance companies or e-shops that started to use graphs can step-by-step put more data from any source into the graph databases to get deeper understanding in many various use-cases like knowledge graphsm or customer experience improvement. Some of these use cases will be publishes in separate posts.

Following picture describes both above mentioned points:

  • Events are the triggers for start of any potential fraud investigation.
  • Graphs and graph databases are perfect for highly interconnected data. As they are much faster with these data compared to traditional RDBs. So, when company starts with graphs it can leverage any source of data – customer data, marketing and sales data, own internal or 3rd party data – for any other specific relationship driven analysis.

When mentioning fraud detection, we are pointing to potential customer fraud scenario – in retail banking consumer fraud scenario.

Following graph prepared in Graphlytic contains few details related to the consumer that come from different sources – consumer data in green, products (marketing and sales) data in orange and sample of 3rd party data relevant to consumer in gray.

Nothing suspicious so far :)

 

But when talking about potential fraud detection modern fraudsters:

- Operate as organized groups called bank fraud rings. Such group can consist of several criminals (number may even reach 10+) attempting to steal from financial institutions. Bank fraud rings use stolen personal information to apply for bank accounts, stolen credit or debit card numbers or fill in false loan applications.

- Use synthetic identities. Fraudsters combine real and fake data to create new synthetic identities. Fake data may come from physically stolen data (IDs, documents, credit cards etc.) or personal information stolen in internet environment. With these false identities bank fraud rings try to obtain credit, make purchases or open new accounts. Synthetic identity fraud is evolving significantly. In the U.S. synthetic identity fraud is responsible for 20 percent of credit losses, with an average charge of $15,000. [1]

- Hijack consumer devices and steal identity using hacking. This is designed to steal personal data using various techniques as fraudulent e-mails requesting personal information or websites that are infiltrated by malware as Trojan horses, worms or viruses. Every day millions of users are submitting their personal information (such as their names and addresses, debit card numbers, ID numbers) into millions of online forms to make their purchases, validate documents or communicate with governments or with each other. Hackers, with growing scale, are discovering ways to exploit vulnerabilities in all those systems.

One of the ways to detect and actively prevent fraudulent activities is to use graphs.

When analyzing potential fraudulent situation, the bank analyst looks for patterns of suspicious behavior.

For example, two consequent payments to the same external account might be all right. But if the account was previously red-flagged, the pattern might be part of a bigger fraud pattern.

When fraudsters acquire credit card details, they might try to do a few small transactions. Usually, this is done with one or the whole pool of stolen cards. Which is the way to verify which cards work. When confirmed this, the fraud rings use the whole pools of functional cards to steal from banks in big.

So, bank analyst might look for patterns of transactions that would indicate this scenario. They might inspect the payments which, in the following example, were done in difference of few seconds. When analyzing the event, the analyst might find that the transactions were done from different IP addresses, in addition in different parts of the world.

That most certainly was a fraudulent event. If this simplest pattern appears repeatedly in a short period of time it was part of a bigger fraud ring.

This way the bank analysts observe, find and define similar and much more complicated patterns that might represent fraudulent behavior.

The power of graph shows that:

  • If there is a separated pattern of fraud, bank analysts may find the same pattern in the whole pool of transactions.
  • Simple patterns often create one or series of complicated pattern.
  • Bank analysts may use graphs from detection to prevention and protection – the systems may react pro-actively when certain patterns appear.
  • Graphs working in loop with machine learning algorithms may help to find new fraud patterns.

 

 

Attributions:

Article inspired by Neo4j.

Icon made by wanicon from www.flaticon.com

Icon made by monkik from www.flaticon.com

Icon made by Freepik from www.flaticon.com

Icon made by Smashicons from www.flaticon.com

Icon made by Eucalyp from www.flaticon.com

Icon made by phatplus from www.flaticon.com

Icon made by Kiranshastry from www.flaticon.com

Icon made by surang from www.flaticon.com

Icons made by Wichai.wi from www.flaticon.com

Icon made by prettycons from www.flaticon.com

Icon made by Pixel perfect from www.flaticon.com

Icon made by itim2101 from www.flaticon.com

Icon made by bqlqn from www.flaticon.com