Cloned Boy
Professional
- Messages
- 876
- Reaction score
- 697
- Points
- 93
Analysis of anti-fraud technologies without violating ethical and legal boundaries.
Basic concepts:
Example:
Parameters to be checked:
Data analyzed:
Here Account1 and Account2 simultaneously pay the same amounts - suspicious.
If an account is linked to a blacklisted node (e.g. a scammer's IP), its score increases.
Identify hidden relationships (accounts → cards → devices).
Detect anomalies (GNN, PageRank).
Assign risk (block before damage).
For legal use:
Are you interested in a specific algorithm (for example, how GNN is trained on graphs)? Or examples from banking systems?
1. What are graph algorithms in anti-fraud systems?
Sift and similar systems use graph theory to identify relationships between entities (users, devices, payments) that are impossible to discover manually.Basic concepts:
- Node: User, card, IP address, device.
- Edge: A connection between nodes (e.g. "used card" or "logged in with IP").
- Edge weight: Strength of connection (number of transactions, interaction time).
2. Graph types in Sift
2.1. Account Relationship Graph
Goal: Find multi-account (one person → multiple profiles).Example:
- Node Account1 is associated with Map123 and IP 8.8.8.8.
- Node Account2 also uses Card123 → the system combines them into a fraud cluster.
Python:
import networkx as nx
G = nx.Graph()
G.add_edge("Account1", "Card123", weight=5) # 5 transactions
G.add_edge("Account2", "Card123", weight=1) # 1 transaction
# Find connected nodes
fraud_cluster = nx.node_connected_component(G, "Account1")
print(fraud_cluster) # {'Account1', 'Account2', 'Card123'}
2.2. Device Graph
Objective: Detect devices associated with fraud.Parameters to be checked:
- Digital fingerprint (browser, OS, screen resolution).
- Sharing one IP/proxy.
- 10 accounts log in from one device, but use different cards → fraud ring.
2.3. Transaction graph
Objective: To identify suspicious cash flows.Data analyzed:
- Transaction time (milliseconds between transactions).
- Amounts (templates: $9.99, $10.00 - test payments).
- Recipients (links to blacklists).
Code:
graph LR
A[Account1] -->|$100| B[StoreX]
A -->|$100| C[StoreY]
D[Account2] -->|$100| B
D -->|$100| C
Here Account1 and Account2 simultaneously pay the same amounts - suspicious.
3. Key Algorithms
3.1. Community Detection
- The Louvain or Girvan-Newman algorithm groups nodes into clusters.
- Usage: Finds groups of accounts linked by common cards/IPs.
3.2 PageRank for Node Importance
- Google PageRank adaptation: calculates the "influence" of a node in a graph.
- Example: Card used in 50 accounts gets high weight → block.
3.3. Anomaly Detection (Graph Neural Networks)
- GNNs analyze non-obvious relationships (such as common behavioral patterns).
4. How does Sift make a decision?
- Builds a graph based on data (accounts, devices, payments).
- Applies algorithms to find clusters/anomalies.
- Assigns risk score:
- 0–30 is normal.
- 31–70 — manual check.
- 71–100 — blocking.
If an account is linked to a blacklisted node (e.g. a scammer's IP), its score increases.
5. Legal analogues for testing
For research you can use:- NetworkX (Python): Graph construction.
- Neo4j: Graph database.
- Open source data: For example, Twitter social graphs.
Python:
import networkx as nx
from community import community_louvain # Louvain algorithm
G = nx.Graph()
G.add_edges_from([(1, 2), (2, 3), (3, 4), (4, 5), (5, 1)]) # Graph example
partition = community_louvain.best_partition(G) # Find communities
print(partition) # {1: 0, 2: 0, 3: 0, 4: 1, 5: 1} — two clusters
6. How is protection improved?
- Real-time graphs: Analyze relationships before a transaction is completed.
- Learning from Synthetic Data: Simulating Attacks to Train Models.
- Integration with Biometrics: Adding Face ID/Touch ID nodes to the graph.
Conclusion
Sift uses graph algorithms to:


For legal use:
- Learn NetworkX, Neo4j.
- Analyze public datasets (e.g. Bitcoin transactions).
Are you interested in a specific algorithm (for example, how GNN is trained on graphs)? Or examples from banking systems?