Revolutionizing real-time fraud detection with graph-based AI

In the fast-paced world of digital banking, fraudsters are becoming increasingly sophisticated, especially with the rise of AI-augmented fraud schemes. Traditional fraud detection systems, while effective, often struggle to keep up with rapidly evolving fraud patterns. This is where a novel approach using graph-based AI can make a significant difference.

The challenge of real-time fraud detection

Banks face unique challenges in preventing fraud, especially in peer-to-peer payments. They must make decisions within strict service level agreements while processing massive volumes of data, often exceeding 2 terabytes daily. These institutions confront increasingly sophisticated fraud patterns that evolve quickly, all while dealing with an extremely imbalanced problem where fraud represents only 0.01% of all transactions. Additionally, banks need to distinguish between traditional fraud (unauthorized access) and scams (social engineering), with the latter becoming more prevalent as criminals adapt their techniques.

Limitations in traditional ML approaches

Current anomaly detection and supervised classification methods are reaching inherent limitations in today's rapidly evolving fraud landscape. These approaches typically aim to understand what "normal" behavior looks like and then identify deviations from this norm.

Traditional models require extensive training on predominantly legitimate transactions to establish a baseline of normal behavior. With fraud representing such a tiny fraction of all transactions, these models must process and store vast amounts of data—typically 24-36 months of historical data—to identify rare fraudulent cases. This creates significant processing delays when incorporating new fraud patterns and requires storage and computational resources to handle both legitimate and fraudulent transactions.

Furthermore, these models struggle with concept drift. As consumer behaviors evolve over time, such as during holiday shopping seasons or when adopting new payment technologies, the definition of "normal" changes. This requires frequent model retraining to avoid high false positive rates that can frustrate customers and overwhelm fraud review teams. Traditional approaches are particularly vulnerable to sophisticated fraud techniques. When fraudsters deliberately mimic legitimate user behavior to stay within the boundaries of what the model considers "normal," anomaly detection approaches often fail to identify these cases. This weakness becomes increasingly problematic as fraudsters employ AI tools to help them blend in with legitimate traffic.

Finally, in the case of authorized push payment scams where customers are manipulated into making payments themselves, traditional behavioral indicators often fail completely. These transactions come from legitimate users on their usual devices and from their usual locations, following normal interaction patterns despite the fraudulent intent behind them.

A new approach with graph-based pattern recognition

Today’s world of AI allows us to take a fundamentally different approach to fraud detection by focusing exclusively on known fraud patterns.

Unlike traditional machine learning models that try to understand what "normal" behavior looks like and then identify anomalies, a graph-based approach specifically models what "fraudulent" behavior looks like and searches for similarities. This approach identifies fraudulent transactions by comparing them to known fraud structures rather than against all legitimate transactions.

Here's how it works:

1. When transaction data enters the system, it passes through a series of enrichment services that extract relevant features. These features might include device identifiers, location information, transaction timing, user behavior patterns, and other contextual data. Graph databases such as Dgraph can take these enrichment outputs and transforms them into a structured graph representation—effectively creating a unique "signature" for each transaction through a knowledge graph.
2. Each node in this graph represents a feature or entity (such as device ID, location, or amount), while edges represent relationships between these entities. The complete structure captures both individual data points and the complex relationships between them—a critical aspect of fraud detection that simple feature vectors often overlook.
3. These transaction "signatures" are then processed through an embedding model that converts the complex graph structure into a high-dimensional vector. This vector representation preserves the structural information of the graph while enabling efficient similarity comparisons. The system maintains a database of these vector representations for known fraudulent transactions, regularly updated as new fraud patterns are identified.
4. When a new transaction occurs, its graph representation is similarly embedded and compared against the database of known fraud patterns using vector similarity algorithms. Dgraph calculates similarity scores indicating how closely the new transaction resembles previous fraud cases. Transactions with high similarity scores to known fraud patterns are flagged for additional scrutiny or blocking, depending on the confidence level and risk tolerance settings.

What makes this approach particularly powerful is that it does not require storing or processing the vast majority of legitimate transactions. Since the system focuses only on fraud patterns, the database remains relatively small and manageable compared to systems that must model all transaction types.

Building a graph-based agentic system for fraud prevention

The solution is built using several key components:

• At its core is Dgraph, a distributed graph database that efficiently stores and processes the fraud patterns. Its vector similarity search capabilities enable quick comparison of transaction patterns against known fraud signatures, making real-time detection possible even with high transaction volumes.
• Modus, an open source agent framework, that provides task-oriented components and other APIs to simplify agent development. Its production-ready runtime enables efficient horizontal scaling and quick deployment across different environments.
• AI agents that choose which enrichment service to use in what order leads to the best outcome. These agents seamlessly integrate with existing fraud detection systems to meet application performance requirements.
• The Hypermode platform provides hosting and management capabilities for agents and knowledge graphs, making it easy to deploy and manage the embedding models that transform complex transactional data into meaningful vector representations. The seamless integration with Dgraph enables efficient storage and retrieval of these embedded transactions.

Benefits of transforming data to knowledge graphs

This graph-based agentic approach offers advantages over traditional methods. This approach immediately incorporates new fraud patterns into its detection capabilities: as soon as a fraudulent transaction is identified and added to the knowledge graph, all subsequent similar transactions can be detected without any model retraining or processing delays. This leads to significant efficiencies in storage, processing, and maintenance.

1. Substantial storage efficiency. By focusing only on fraud patterns rather than all transactions, the system drastically reduces its storage footprint. A traditional machine learning system might need to store and process billions of legitimate transactions, while our approach only needs to maintain records of known fraud patterns—potentially reducing storage requirements by several orders of magnitude.
2. Adaptability to emerging threats. When fraudsters develop new techniques, traditional models might continue approving fraudulent transactions for weeks until the next retraining cycle. The system’s underlying knowledge graph can adapt immediately as new fraud patterns are identified, closing this vulnerability window significantly. This adaptability is particularly valuable in the current environment where fraud techniques evolve rapidly, often aided by AI tools.
3. Perform retrospective analysis. When a new fraud pattern is identified, the system can quickly scan recent transactions to identify cases that match this pattern, enabling financial institutions to proactively reach out to potentially affected customers, potentially limiting damage and improving customer trust.
4. Time-weighted approach for higher importance to recent fraud patterns. This reflects the reality that fraudsters continuously evolve their techniques, making more recent patterns typically more relevant for current detection needs.

The system can evolve to become even more sophisticated:

• Adaptive response times: The system could dynamically adjust response times based on risk levels, waiting longer for additional data when transactions show suspicious patterns.
• Intelligent service orchestration: Future iterations could intelligently select which enrichment services to call based on initial transaction characteristics.
• Pattern evolution tracking: The system could track how fraud patterns evolve over time, providing insights into fraudster behavior and tactics.

Conclusion

By rethinking how to approach fraud detection—focusing on fraud patterns rather than building models of normal behavior—financial service providers can create more responsive, efficient, and effective fraud detection systems. This graph-based approach represents a promising direction in the ongoing battle against financial fraud, offering both immediate practical benefits and exciting possibilities for future development.

As fraudsters continue to evolve their techniques, particularly with the aid of artificial intelligence, Hypermode enables organizations with an adaptive, pattern-focused approach and provides financial institutions with a powerful new tool in their security arsenal.

Get started with Hypermode today.