How Graph Algorithms Work in Sift: An Educational Look

Cloned Boy

Professional
Messages
876
Reaction score
697
Points
93
Analysis of anti-fraud technologies without violating ethical and legal boundaries.

1. What are graph algorithms in anti-fraud systems?​

Sift and similar systems use graph theory to identify relationships between entities (users, devices, payments) that are impossible to discover manually.

Basic concepts:
  • Node: User, card, IP address, device.
  • Edge: A connection between nodes (e.g. "used card" or "logged in with IP").
  • Edge weight: Strength of connection (number of transactions, interaction time).

2. Graph types in Sift​

2.1. Account Relationship Graph​

Goal: Find multi-account (one person → multiple profiles).

Example:
  • Node Account1 is associated with Map123 and IP 8.8.8.8.
  • Node Account2 also uses Card123 → the system combines them into a fraud cluster.
How it looks in code (conditionally):
Python:
import networkx as nx

G = nx.Graph()
G.add_edge("Account1", "Card123", weight=5) # 5 transactions
G.add_edge("Account2", "Card123", weight=1) # 1 transaction

# Find connected nodes
fraud_cluster = nx.node_connected_component(G, "Account1")
print(fraud_cluster) # {'Account1', 'Account2', 'Card123'}

2.2. Device Graph​

Objective: Detect devices associated with fraud.

Parameters to be checked:
  • Digital fingerprint (browser, OS, screen resolution).
  • Sharing one IP/proxy.
Example of operation:
  • 10 accounts log in from one device, but use different cards → fraud ring.

2.3. Transaction graph​

Objective: To identify suspicious cash flows.

Data analyzed:
  • Transaction time (milliseconds between transactions).
  • Amounts (templates: $9.99, $10.00 - test payments).
  • Recipients (links to blacklists).

Code:
graph LR
A[Account1] -->|$100| B[StoreX]
A -->|$100| C[StoreY]
D[Account2] -->|$100| B
D -->|$100| C

Here Account1 and Account2 simultaneously pay the same amounts - suspicious.

3. Key Algorithms​

3.1. Community Detection​

  • The Louvain or Girvan-Newman algorithm groups nodes into clusters.
  • Usage: Finds groups of accounts linked by common cards/IPs.

3.2 PageRank for Node Importance​

  • Google PageRank adaptation: calculates the "influence" of a node in a graph.
  • Example: Card used in 50 accounts gets high weight → block.

3.3. Anomaly Detection (Graph Neural Networks)​

  • GNNs analyze non-obvious relationships (such as common behavioral patterns).

4. How does Sift make a decision?​

  1. Builds a graph based on data (accounts, devices, payments).
  2. Applies algorithms to find clusters/anomalies.
  3. Assigns risk score:
    • 0–30 is normal.
    • 31–70 — manual check.
    • 71–100 — blocking.
Example:
If an account is linked to a blacklisted node (e.g. a scammer's IP), its score increases.

5. Legal analogues for testing​

For research you can use:
  • NetworkX (Python): Graph construction.
  • Neo4j: Graph database.
  • Open source data: For example, Twitter social graphs.
Example code for transaction analysis:
Python:
import networkx as nx
from community import community_louvain # Louvain algorithm

G = nx.Graph()
G.add_edges_from([(1, 2), (2, 3), (3, 4), (4, 5), (5, 1)]) # Graph example
partition = community_louvain.best_partition(G) # Find communities
print(partition) # {1: 0, 2: 0, 3: 0, 4: 1, 5: 1} — two clusters

6. How is protection improved?​

  • Real-time graphs: Analyze relationships before a transaction is completed.
  • Learning from Synthetic Data: Simulating Attacks to Train Models.
  • Integration with Biometrics: Adding Face ID/Touch ID nodes to the graph.

Conclusion​

Sift uses graph algorithms to:
✅ Identify hidden relationships (accounts → cards → devices).
✅ Detect anomalies (GNN, PageRank).
✅ Assign risk (block before damage).

For legal use:
  • Learn NetworkX, Neo4j.
  • Analyze public datasets (e.g. Bitcoin transactions).

Are you interested in a specific algorithm (for example, how GNN is trained on graphs)? Or examples from banking systems?
 
Top