Fraud in Detection using neo4j
SAIYAM KOHLI
2669077
Agenda
•
•
•
•
•
• Who are Today’s Fraudsters
How to Fight Fraud Rings with Graphs
Different Types of Credit Card Fraud & Neo4j Demo
How Neo4j Fits in a Typical Architecture
Summary
Q&A
Who Are Today’s Fraudsters?
Organized in groups Synthetic Identities Stolen Identities HijackedDevices
Who Are Today’s Fraudsters?
Types of Fraud
• Credit Card Fraud
• Rogue Merchants
• Fraud Rings
• Insurance Fraud
• eCommerce Fraud
• Fraud we don’t know about yet…
World of Fraud
Constantly Evolving Simple and Complex Few and Many Players
Digitized and Analog “One Step Ahead”
Fraud Detection(From a data-modeling perspective)
Raw Data
Anomalies
Anomalies hidden in “normal behavior”
Patterns
Patterns
1) Detect 2) Respond
Fraud Prevention is About Reacting to Patterns(And doing it fast!)
Relational
Database
Choosing UnderlyingTechnology
Data Modelled as a Graph!
Graph
Database
Examples of Prevalent
Fraud Types
Fraud Rings
Endpoint-CentricAnalysis of users and
their end-points
1.
Navigation CentricAnalysis of
navigation behavior
and suspect
patterns
Account-CentricAnalysis of anomaly
behavior by channel
2. 3.
PC:s
Mobile Phones
IP-addresses
User ID:s
Comparing Transaction
Identity Vetting
Traditional Fraud Detection Methods
•
•
•
•
•
•
Fraud rings
Fake IP-adresses
Hijacked devices
Synthetic Identities
Stolen Identities
And more…
Weaknesses
Unable to detect
DISCRETEANALYSIS
Endpoint-CentricAnalysis of users and
their end-points
1.
Navigation CentricAnalysis of
navigation behavior
and suspect
patterns
Account-CentricAnalysis of anomaly
behavior by channel
2. 3.
Traditional Fraud Detection Methods
INVESTIGATE
Revolving Debt
Number of Accounts
INVESTIGATE
Normal behavior
Fraud Detection with Discrete Analysis
Revolving Debt
Number of Accounts
Normal behavior
Fraudulent pattern
Fraud Detection with Connected Analysis
CONNECTEDANALYSIS
Endpoint-CentricAnalysis of users and
their end-points
Navigation CentricAnalysis of
navigation behavior
and suspect
patterns
Account-CentricAnalysis of anomaly
behavior by channel
DISCRETEANALYSIS
1.
CrossChannel
Analysis of anomaly
behavior correlated
across channels
Entity Linking
Analysis of relationships
to detect organized
crime and collusion
2. 3. 4. 5.
Augmented Fraud Detection
ACCOUNT
HOLDER 2
Modeling a fraud ring as a graph
ACCOUNT
HOLDER 1
ACCOUNT
HOLDER 3
ACCOUNT
HOLDER 2
ACCOUNT
HOLDER 1
ACCOUNT
HOLDER 3
CREDIT
CARD
BANK
ACCOUNT
BANK
ACCOUNT
BANK
ACCOUNT
PHONE
NUMBER
UNSECURED
LOAN
SSN 2
UNSECURED
LOAN
Modeling a fraud ring as a graph
ACCOUNT
HOLDER 2
ACCOUNT
HOLDER 1
ACCOUNT
HOLDER 3
CREDIT
CARD
BANK
ACCOUNT
BANK
ACCOUNT
BANK
ACCOUNT
ADDRESS
PHONE
NUMBER
PHONE
NUMBER
SSN 2
UNSECURED
LOAN
SSN 2
UNSECURED
LOAN
Modeling a fraud ring as a graph
Credit Card Fraud
Example #1
“Credit Card Testing”
Manual skimming
of an ATM
Sophisticated Data Breaches
Retrieval of Credit Card Information
Rogue Merchant
USE
Terminal ATM-
skimming
Data Breach
Card Holder
Card Issuer
Fraudster
USE MAKES
$2
$5
$10
MAKES $4000
ATTesting
Merchants
ATMAKES Tx
Example #2
“Fraud Origination and
Assessing Loss Magnitude”
TxTx Tx TxTx Tx TxTxTx TxJohn
Tx
$2000
TxTx Tx TxTxTxTx Tx TxComputer
StoreJohn
Tx
$2000
Tx Tx
$25$10$4
TxTx Tx TxTxTxComputer
StoreJohn
Gas Station
Tx
$2000
Tx Tx
$25$10$4
TxTx Tx TxTxTxComputer
StoreJohn
Gas Station
Tx
$2
TxSheila TxTxTx Tx Tx Tx
$3000
TxJewelry
StoreTx
$3
Tx
$2000
Tx Tx
$25$10$4
TxTx Tx TxTxTxComputer
StoreJohn
Gas Station
Tx
$2
TxSheila TxTxTx Tx Tx Tx
$3000
TxJewelry
StoreTx
$3
Robert TxTxTx TxTx TxTxTx Tx Tx
TxTx
$2
Tx
Tx
$2000
Tx Tx
$25$10$4
TxTx Tx TxTxTxComputer
StoreJohn
Gas Station
Sheila
Robert
$3
Karen
TxTxTx Tx Tx Tx
$3000
TxJewelry
StoreTx
$3
TxTxTx TxTx TxTx
TxTx TxTx Tx TxTx
$8 $12
Tx
$1500
Furniture
Store
Tx Tx Tx
How Neo4j fits in
NEO4j
Money
Transferring
Purchases Bank
Services Relational
database
Data Science-teamDevelop Patterns
+ Good for Discrete Analysis
– No Holistic View of Data-Relationships
– Slow query speed for connections
Money
Transferring
Purchases Bank
Services Relational
database
Data Lake
+ Good for MapReduce
+ Good for AnalyticalWorkloads
– No holistic view
– Non-operational workloads
– Weeks-to-months processes
Data Science-teamDevelop Patterns
Merchant Data
CreditScoreData
Other 3rd Party Data
Money
Transferring
Purchases Bank
Services
Neo4j powers
360° view of
transactions in
real-time
Neo4j
Cluster
SENSETransaction
stream
RESPONDAlerts & notification
LOAD RELEVANT DATA
Relational
database
Data Lake
Visualization UI
Fine Tune Patterns
Data Science-teamDevelop Patterns
Merchant Data
CreditScoreData
Other 3rd Party Data
Money
Transferring
Purchases Bank
Services
Neo4j powers
360° view of
transactions in
real-time
Neo4j
Cluster
SENSETransaction
stream
RESPONDAlerts & notification
LOAD RELEVANT DATA
Relational
database
Data Lake
Visualization UI
Fine Tune Patterns
Data Science-teamDevelop Patterns
Merchant Data
CreditScoreData
Other 3rd Party Data
Data-set used
to explore
new insights
THANK
YOU