How Graph Algorithms Work in Sift: An Educational Look

[Cloned Boy]

Analysis of anti-fraud technologies without violating ethical and legal boundaries.

1. What are graph algorithms in anti-fraud systems?​

Sift and similar systems use graph theory to identify relationships between entities (users, devices, payments) that are impossible to discover manually.

Basic concepts:

• Node: User, card, IP address, device.
• Edge: A connection between nodes (e.g. "used card" or "logged in with IP").
• Edge weight: Strength of connection (number of transactions, interaction time).

2. Graph types in Sift​

2.1. Account Relationship Graph​

Goal: Find multi-account (one person → multiple profiles).

Example:

• Node Account1 is associated with Map123 and IP 8.8.8.8.
• Node Account2 also uses Card123 → the system combines them into a fraud cluster.

How it looks in code (conditionally):

import networkx as nx

G = nx.Graph()
G.add_edge("Account1", "Card123", weight=5) # 5 transactions
G.add_edge("Account2", "Card123", weight=1) # 1 transaction

# Find connected nodes
fraud_cluster = nx.node_connected_component(G, "Account1")
print(fraud_cluster) # {'Account1', 'Account2', 'Card123'}

2.2. Device Graph​

Objective: Detect devices associated with fraud.

Parameters to be checked:

• Digital fingerprint (browser, OS, screen resolution).
• Sharing one IP/proxy.

Example of operation:

• 10 accounts log in from one device, but use different cards → fraud ring.

2.3. Transaction graph​

Objective: To identify suspicious cash flows.

Data analyzed:

• Transaction time (milliseconds between transactions).
• Amounts (templates: $9.99, $10.00 - test payments).
• Recipients (links to blacklists).

graph LR
A[Account1] -->|$100| B[StoreX]
A -->|$100| C[StoreY]
D[Account2] -->|$100| B
D -->|$100| C

Here Account1 and Account2 simultaneously pay the same amounts - suspicious.

3. Key Algorithms​

3.1. Community Detection​

• The Louvain or Girvan-Newman algorithm groups nodes into clusters.
• Usage: Finds groups of accounts linked by common cards/IPs.

3.2 PageRank for Node Importance​

• Google PageRank adaptation: calculates the "influence" of a node in a graph.
• Example: Card used in 50 accounts gets high weight → block.

3.3. Anomaly Detection (Graph Neural Networks)​

• GNNs analyze non-obvious relationships (such as common behavioral patterns).

4. How does Sift make a decision?​

1. Builds a graph based on data (accounts, devices, payments).
2. Applies algorithms to find clusters/anomalies.
3. Assigns risk score:
   • 0–30 is normal.
   • 31–70 — manual check.
   • 71–100 — blocking.

Example:
If an account is linked to a blacklisted node (e.g. a scammer's IP), its score increases.

5. Legal analogues for testing​

For research you can use:

• NetworkX (Python): Graph construction.
• Neo4j: Graph database.
• Open source data: For example, Twitter social graphs.

Example code for transaction analysis:

import networkx as nx
from community import community_louvain # Louvain algorithm

G = nx.Graph()
G.add_edges_from([(1, 2), (2, 3), (3, 4), (4, 5), (5, 1)]) # Graph example
partition = community_louvain.best_partition(G) # Find communities
print(partition) # {1: 0, 2: 0, 3: 0, 4: 1, 5: 1} — two clusters

6. How is protection improved?​

• Real-time graphs: Analyze relationships before a transaction is completed.
• Learning from Synthetic Data: Simulating Attacks to Train Models.
• Integration with Biometrics: Adding Face ID/Touch ID nodes to the graph.

Conclusion​

Sift uses graph algorithms to:
Identify hidden relationships (accounts → cards → devices).
Detect anomalies (GNN, PageRank).
Assign risk (block before damage).

For legal use:

• Learn NetworkX, Neo4j.
• Analyze public datasets (e.g. Bitcoin transactions).

Are you interested in a specific algorithm (for example, how GNN is trained on graphs)? Or examples from banking systems?