Graph algorithms in antifraud systems: principles of operation and application

[Cloned Boy]

An educational breakdown to understand fraud protection.

1. What are graph algorithms?​

Graphs are data structures consisting of nodes (objects) and edges (connections between them). In antifraud, they are used to identify complex fraud schemes that cannot be detected by analyzing individual transactions.

Examples of entities in a graph:

• Nodes: Users, Cards, IP Addresses, Devices.
• Ribs: Shared transactions, shared data, logins from one device.

2. How do graphs help detect fraud?​

2.1. Discovering linked accounts​

Problem: Fraudsters create multiple accounts using the same data.
Solution:

• The graph links accounts by:
  • General card numbers (Card 123 → Account A, Account B).
  • Identical devices (iPhone X → Account C, Account D).
• If a link is found between a clean and a fraudulent account, all linked nodes are marked as risky.

Example:

graph LR
A[Account 1] -->|Card 123| B[Store X]
A -->|IP 8.8.8.8| C[Account 2]
C -->|Card 456| D[Store Y]

Here Account 1 and Account 2 are connected via IP → multi-account attack is possible.

2.2. Detecting "cartoons" (Sybil attacks)​

Problem: One person creates dozens of fake profiles.
Solution:

• Analysis of behavioral patterns:
  • Same operating time.
  • Matching digital fingerprints (browser, OS).
• The graph groups suspicious accounts into clusters.

Algorithm: Louvain Community Detection (identifies groups of closely related nodes).

2.3. Finding Cash Flows​

Problem: Fraudsters transfer money through a chain of accounts ("money muling").
Solution:

• The graph builds transaction paths:
  • Account A → Account B → Account C → Cash out.
• Detects anomalies:
  • Fast transfers between new accounts.
  • Ring circuits (A → B → C → A).

Example:

graph LR
A[Map 111] -->|$500| B[Map 222]
B -->|$500| C[Map 333]
C -->|$500| D[Crypto exchange]

3. Key algorithms in antifraud​

3.1. PageRank​

• Purpose: To estimate the "importance" of a node (eg. a map or IP).
• Application:
  • A card used in 50+ accounts gets a high weight → blocking.

3.2. Label Propagation​

• Goal: Label nodes as "fraudulent" or "legitimate" based on links.
• Example: If 90% of a node's neighbors are marked as fraud, it is also considered suspicious.

3.3. Graph Neural Networks (GNN)​

• Objective: To predict new fraudulent schemes based on historical data.
• Pros: Can find hidden connections (e.g. common behavioral patterns).

4. Real application cases​

4.1. Bank Transfers​

• Objective: To detect "mules" (people who transfer money for scammers).
• Solution: The graph searches for chains: Victim → Mule → Crypto exchange.

4.2. Electronic Commerce​

• Task: Find one-day stores associated with fraud.
• Solution: The graph links stores by common cardholders/IP.

5. Limitations of graph methods​

• False positives: Sometimes the connection between nodes is random (eg public Wi-Fi).
• Resource intensity: Large graphs (millions of nodes) require powerful servers.

6. Analysis tools​

• Neo4j: Graph database.
• NetworkX (Python): For experimenting with small graphs.
• Apache Spark GraphFrames: For distributed computing.

Code example (Python):

import networkx as nx

# Create a graph
G = nx.Graph()
G.add_edge("Card 123", "Account A")
G.add_edge("Card 123", "Account B")

# Find connected nodes
print(nx.shortest_path(G, "Account A", "Account B")) # ['Account A', 'Card 123', 'Account B']

Conclusion​

Graph algorithms in antifraud:
Identify complex schemes (multi-accounting, money muling).
Analyze connections that are invisible when checking individual transactions.
Use ML (GNN) to predict new threats.

To study:

• Courses on graph databases (Neo4j).
• Apache Spark GraphFrames documentation.
• Cases from Sift Science and IBM Safer Payments.

Want to understand a specific algorithm (for example, how PageRank is used in banks)? Ask!