Fraud and Anomaly Detection

<h2 id="fraud-and-anomaly-detection" class="position-relative d-flex align-items-center group"> Fraud and Anomaly Detection <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="fraud-and-anomaly-detection" aria-haspopup="dialog" aria-label="Share link: Fraud and Anomaly Detection"> Share link </button> </h2><div id="headingShareModal" class="heading-share-modal" role="dialog" aria-modal="true" aria-labelledby="headingShareTitle" hidden> <div class="hsm-dialog" role="document"> <div class="hsm-header"> <h2 id="headingShareTitle" class="h6 mb-0 fw-bold">Share this section</h2> <button type="button" class="hsm-close" aria-label="Close"> </button> </div> <div class="hsm-body"> <label for="headingShareInput" class="form-label small text-muted mb-1 text-uppercase fw-bold" style="font-size: 0.7rem; letter-spacing: 0.5px;">Permalink</label> <div class="input-group mb-4 hsm-url-group"> <input id="headingShareInput" type="text" class="form-control font-monospace" readonly aria-readonly="true" style="font-size: 0.85rem;" /> <button class="btn btn-primary hsm-copy" type="button" aria-label="Copy" title="Copy"> </button> </div> <div class="small fw-bold mb-2 text-muted text-uppercase" style="font-size: 0.7rem; letter-spacing: 0.5px;">Share via</div> <div class="hsm-share-grid"> <a id="share-twitter" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> Twitter </a> <a id="share-linkedin" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> LinkedIn </a> <a id="share-facebook" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> Facebook </a> </div> </div> </div> </div> <style> .heading-share-modal { position: fixed; inset: 0; display: flex; justify-content: center; align-items: center; background: rgba(0, 0, 0, 0.6); z-index: 1050; padding: 1rem; backdrop-filter: blur(4px); -webkit-backdrop-filter: blur(4px); } .heading-share-modal[hidden] { display: none !important; } .hsm-dialog { max-width: 420px; width: 100%; background: var(--bs-body-bg, #fff); color: var(--bs-body-color, #212529); border: 1px solid var(--bs-border-color, rgba(0,0,0,0.1)); border-radius: 1rem; box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25); overflow: hidden; animation: hsm-fade-in 0.2s ease-out; } @keyframes hsm-fade-in { from { opacity: 0; transform: scale(0.95); } to { opacity: 1; transform: scale(1); } } [data-bs-theme="dark"] .hsm-dialog { background: #1e293b; border-color: rgba(255,255,255,0.1); color: #f8f9fa; } .hsm-header { display: flex; justify-content: space-between; align-items: center; padding: 1rem 1.5rem; border-bottom: 1px solid var(--bs-border-color, rgba(0,0,0,0.1)); background: rgba(0,0,0,0.02); } [data-bs-theme="dark"] .hsm-header { background: rgba(255,255,255,0.02); border-color: rgba(255,255,255,0.1); } .hsm-close { background: transparent; border: none; color: inherit; opacity: 0.5; padding: 0.25rem 0.5rem; border-radius: 0.25rem; font-size: 1.2rem; line-height: 1; transition: opacity 0.2s; } .hsm-close:hover { opacity: 1; } .hsm-body { padding: 1.5rem; } .hsm-url-group { display: flex !important; align-items: stretch; } .hsm-url-group .form-control { flex: 1; min-width: 0; margin: 0; background: var(--bs-secondary-bg, #f8f9fa); border-color: var(--bs-border-color, #dee2e6); border-top-right-radius: 0; border-bottom-right-radius: 0; height: 42px; } .hsm-url-group .btn { flex: 0 0 auto; margin: 0; margin-left: -1px; border-top-left-radius: 0; border-bottom-left-radius: 0; height: 42px; display: flex; align-items: center; justify-content: center; padding: 0 1.25rem; z-index: 2; } [data-bs-theme="dark"] .hsm-url-group .form-control { background: #0f172a; border-color: #334155; color: #e2e8f0; } .hsm-share-grid { display: flex; flex-direction: column; gap: 0.5rem; } .hsm-share-grid .btn { display: flex; align-items: center; justify-content: center; font-size: 0.9rem; padding: 0.6rem; border-color: var(--bs-border-color); width: 100%; } [data-bs-theme="dark"] .hsm-share-grid .btn { color: #e2e8f0; border-color: #475569; } [data-bs-theme="dark"] .hsm-share-grid .btn:hover { background: #334155; border-color: #cbd5e1; } </style> <script> (function(){ const modal = document.getElementById('headingShareModal'); if(!modal) return; const input = modal.querySelector('#headingShareInput'); const copyBtn = modal.querySelector('.hsm-copy'); const twitter = modal.querySelector('#share-twitter'); const linkedin = modal.querySelector('#share-linkedin'); const facebook = modal.querySelector('#share-facebook'); const closeBtn = modal.querySelector('.hsm-close'); let lastFocus=null; let trapBound=false; function buildUrl(id){ return window.location.origin + window.location.pathname + '#' + id; } function isOpen(){ return !modal.hasAttribute('hidden'); } function hydrate(id){ const url=buildUrl(id); input.value=url; const enc=encodeURIComponent(url); const text=encodeURIComponent(document.title); if(twitter) twitter.href=`https://twitter.com/intent/tweet?url=${enc}&text=${text}`; if(linkedin) linkedin.href=`https://www.linkedin.com/sharing/share-offsite/?url=${enc}`; if(facebook) facebook.href=`https://www.facebook.com/sharer/sharer.php?u=${enc}`; } function openModal(id){ lastFocus=document.activeElement; hydrate(id); if(!isOpen()){ modal.removeAttribute('hidden'); } requestAnimationFrame(()=>{ input.focus(); }); trapFocus(); } function closeModal(){ if(!isOpen()) return; modal.setAttribute('hidden',''); if(lastFocus && typeof lastFocus.focus==='function') lastFocus.focus(); } function copyCurrent(){ try{ navigator.clipboard.writeText(input.value).then(()=>feedback(true),()=>fallback()); } catch(e){ fallback(); } } function fallback(){ input.select(); try{ document.execCommand('copy'); feedback(true);}catch(e){ feedback(false);} } function feedback(ok){ if(!copyBtn) return; const icon=copyBtn.querySelector('i'); if(!icon) return; const prev=copyBtn.getAttribute('data-prev')||icon.className; if(!copyBtn.getAttribute('data-prev')) copyBtn.setAttribute('data-prev',prev); icon.className= ok ? 'fa-duotone fa-clipboard-check':'fa-duotone fa-circle-exclamation'; setTimeout(()=>{ icon.className=prev; },1800); } function handleShareClick(e){ e.preventDefault(); const btn=e.currentTarget; const id=btn.getAttribute('data-share-target'); if(id) openModal(id); } function bindShareButtons(){ document.querySelectorAll('.h-share').forEach(btn=>{ if(!btn.dataset.hShareBound){ btn.addEventListener('click', handleShareClick); btn.dataset.hShareBound='1'; } }); } bindShareButtons(); if(document.readyState==='loading'){ document.addEventListener('DOMContentLoaded', bindShareButtons); } else { requestAnimationFrame(bindShareButtons); } document.addEventListener('click', function(e){ const shareBtn=e.target.closest && e.target.closest('.h-share'); if(shareBtn && !shareBtn.dataset.hShareBound){ handleShareClick.call(shareBtn, e); } }, true); document.addEventListener('click', e=>{ if(e.target===modal) closeModal(); if(e.target.closest && e.target.closest('.hsm-close')){ e.preventDefault(); closeModal(); } if(copyBtn && (e.target===copyBtn || (e.target.closest && e.target.closest('.hsm-copy')))) { e.preventDefault(); copyCurrent(); } }); document.addEventListener('keydown', e=>{ if(e.key==='Escape' && isOpen()) closeModal(); }); function trapFocus(){ if(trapBound) return; trapBound=true; modal.addEventListener('keydown', f=>{ if(f.key==='Tab' && isOpen()){ const focusable=[...modal.querySelectorAll('a[href],button,input,textarea,select,[tabindex]:not([tabindex="-1"])')].filter(el=>!el.hasAttribute('disabled')); if(!focusable.length) return; const first=focusable[0]; const last=focusable[focusable.length-1]; if(f.shiftKey && document.activeElement===first){ f.preventDefault(); last.focus(); } else if(!f.shiftKey && document.activeElement===last){ f.preventDefault(); first.focus(); } } }); } if(closeBtn) closeBtn.addEventListener('click', e=>{ e.preventDefault(); closeModal(); }); })(); </script>Build a real-time fraud detection system using graph patterns, machine learning embeddings, and change data capture (CDC). <h3 id="problem-statement" class="position-relative d-flex align-items-center group"> Problem Statement <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="problem-statement" aria-haspopup="dialog" aria-label="Share link: Problem Statement"> Share link </button> </h3>Financial fraud is a graph problem: <ul> <li>Transaction rings: Multiple accounts transferring funds in circles</li> <li>Velocity anomalies: Unusual transaction patterns (frequency, amount, location)</li> <li>Network effects: Compromised accounts infecting connected accounts</li> <li>Synthetic identities: Fabricated identities with suspicious relationship patterns</li> </ul> Traditional rule-based systems miss complex patterns. Graph databases excel at detecting these relationships. <h3 id="graph-model" class="position-relative d-flex align-items-center group"> Graph Model <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="graph-model" aria-haspopup="dialog" aria-label="Share link: Graph Model"> Share link </button> </h3> <h4 id="schema" class="position-relative d-flex align-items-center group"> Schema <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="schema" aria-haspopup="dialog" aria-label="Share link: Schema"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Create graph CREATE GRAPH PaymentNetwork; USE PaymentNetwork; -- Nodes (:Account { id: UUID, holder_name: String, email: String, created_at: Timestamp, risk_score: Float, embedding: VectorF32 -- For ML-based similarity }) (:Transaction { id: UUID, amount: Decimal, timestamp: Timestamp, status: String, -- 'pending', 'completed', 'flagged', 'blocked' merchant_category: String, location: LatLon }) (:Device { id: UUID, fingerprint: String, ip_addr: IpAddr, first_seen: Timestamp }) -- Relationships (:Account)-[:SENT {timestamp: Timestamp}]->(:Transaction) (:Transaction)-[:RECEIVED_BY]->(:Account) (:Account)-[:USED_DEVICE {first_used: Timestamp}]->(:Device) (:Account)-[:SHARES_INFO {info_type: String}]->(:Account) -- email, phone, address </code></pre></div> <h4 id="example-data" class="position-relative d-flex align-items-center group"> Example Data <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="example-data" aria-haspopup="dialog" aria-label="Share link: Example Data"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Create accounts CREATE (:Account {id: gen_random_uuid(), holder_name: "Alice Smith", email: "[email protected]", created_at: timestamp(), risk_score: 0.1}), (:Account {id: gen_random_uuid(), holder_name: "Bob Jones", email: "[email protected]", created_at: timestamp(), risk_score: 0.2}), (:Account {id: gen_random_uuid(), holder_name: "Charlie Wilson", email: "[email protected]", created_at: timestamp(), risk_score: 0.8}); -- Create transactions MATCH (alice:Account {holder_name: "Alice Smith"}), (bob:Account {holder_name: "Bob Jones"}) CREATE (tx:Transaction {id: gen_random_uuid(), amount: decimal('1000.00'), timestamp: timestamp(), status: 'completed', merchant_category: 'retail'}) CREATE (alice)-[:SENT {timestamp: timestamp()}]->(tx)-[:RECEIVED_BY]->(bob); -- Shared device (suspicious) MATCH (alice:Account {holder_name: "Alice Smith"}), (charlie:Account {holder_name: "Charlie Wilson"}) CREATE (dev:Device {id: gen_random_uuid(), fingerprint: "abc123", ip_addr: '192.168.1.100'::ipaddr}) CREATE (alice)-[:USED_DEVICE {first_used: timestamp()}]->(dev) CREATE (charlie)-[:USED_DEVICE {first_used: timestamp()}]->(dev); </code></pre></div> <h3 id="detection-patterns" class="position-relative d-flex align-items-center group"> Detection Patterns <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="detection-patterns" aria-haspopup="dialog" aria-label="Share link: Detection Patterns"> Share link </button> </h3> <h4 id="1-transaction-ring-detection" class="position-relative d-flex align-items-center group"> 1. Transaction Ring Detection <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="1-transaction-ring-detection" aria-haspopup="dialog" aria-label="Share link: 1. Transaction Ring Detection"> Share link </button> </h4>Circular money flows indicating wash trading or money laundering: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Find transaction cycles (A -> B -> C -> A) MATCH path = (a:Account)-[:SENT]->(:Transaction)-[:RECEIVED_BY]->(b:Account)-[:SENT]->(:Transaction)-[:RECEIVED_BY]->(c:Account)-[:SENT]->(:Transaction)-[:RECEIVED_BY]->(a) WHERE length(path) = 6 -- 3 transactions RETURN a.holder_name AS account1, b.holder_name AS account2, c.holder_name AS account3, length(path) AS cycle_length; </code></pre></div> <h4 id="2-velocity-anomaly-detection" class="position-relative d-flex align-items-center group"> 2. Velocity Anomaly Detection <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="2-velocity-anomaly-detection" aria-haspopup="dialog" aria-label="Share link: 2. Velocity Anomaly Detection"> Share link </button> </h4>Accounts with unusual transaction frequency or amounts: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- High-velocity accounts (>10 transactions in 1 hour) MATCH (a:Account)-[:SENT]->(tx:Transaction) WHERE tx.timestamp > timestamp() - interval('PT1H') WITH a, COUNT(tx) AS tx_count, SUM(tx.amount) AS total_amount WHERE tx_count > 10 RETURN a.holder_name, tx_count, total_amount ORDER BY tx_count DESC; -- Large transaction anomaly (>3 standard deviations) MATCH (a:Account)-[:SENT]->(tx:Transaction) WITH AVG(tx.amount) AS avg_amount, STDDEV(tx.amount) AS stddev_amount MATCH (a:Account)-[:SENT]->(tx:Transaction) WHERE tx.amount > avg_amount + (3 * stddev_amount) RETURN a.holder_name, tx.amount, avg_amount, stddev_amount; </code></pre></div> <h4 id="3-shared-deviceip-detection" class="position-relative d-flex align-items-center group"> 3. Shared Device/IP Detection <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="3-shared-deviceip-detection" aria-haspopup="dialog" aria-label="Share link: 3. Shared Device/IP Detection"> Share link </button> </h4>Multiple accounts using the same device or IP address: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Find accounts sharing devices MATCH (a1:Account)-[:USED_DEVICE]->(d:Device)<-[:USED_DEVICE]-(a2:Account) WHERE a1.id < a2.id -- Avoid duplicates RETURN d.fingerprint, d.ip_addr, COLLECT(a1.holder_name) AS account1, COLLECT(a2.holder_name) AS account2; </code></pre></div> <h4 id="4-network-centrality-mule-accounts" class="position-relative d-flex align-items-center group"> 4. Network Centrality (Mule Accounts) <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="4-network-centrality-mule-accounts" aria-haspopup="dialog" aria-label="Share link: 4. Network Centrality (Mule Accounts)"> Share link </button> </h4>Accounts acting as hubs (receiving/sending to many accounts): <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Compute betweenness centrality to find mule accounts CALL graph.betweenness('PaymentNetwork', { relationship_type: 'SENT' }) YIELD node, score WITH node, score WHERE score > 10.0 -- High betweenness = hub account MATCH (a:Account) WHERE a.id = node.id RETURN a.holder_name, a.risk_score, score AS betweenness ORDER BY score DESC; </code></pre></div> <h3 id="ml-based-anomaly-detection" class="position-relative d-flex align-items-center group"> ML-Based Anomaly Detection <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="ml-based-anomaly-detection" aria-haspopup="dialog" aria-label="Share link: ML-Based Anomaly Detection"> Share link </button> </h3> <h4 id="generate-embeddings" class="position-relative d-flex align-items-center group"> Generate Embeddings <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="generate-embeddings" aria-haspopup="dialog" aria-label="Share link: Generate Embeddings"> Share link </button> </h4>Use Node2Vec to create account embeddings capturing behavioral patterns: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Generate account embeddings CALL graph.node2vec('PaymentNetwork', { relationship_type: 'SENT', dimensions: 128, walk_length: 80, num_walks: 10, p: 1.0, q: 1.0 }) YIELD node, embedding WITH node, embedding MATCH (a:Account) WHERE a.id = node.id SET a.embedding = embedding; </code></pre></div> <h4 id="detect-anomalies-with-vector-similarity" class="position-relative d-flex align-items-center group"> Detect Anomalies with Vector Similarity <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="detect-anomalies-with-vector-similarity" aria-haspopup="dialog" aria-label="Share link: Detect Anomalies with Vector Similarity"> Share link </button> </h4>Find accounts with unusual behavior (outliers): <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- For each account, find nearest neighbors MATCH (a:Account) MATCH (neighbor:Account) WHERE neighbor.id <> a.id AND vector_distance_cosine(a.embedding, neighbor.embedding) < 0.8 WITH a, COUNT(neighbor) AS neighbor_count WHERE neighbor_count < 3 -- Fewer than 3 similar accounts = anomaly RETURN a.holder_name, a.risk_score, neighbor_count ORDER BY neighbor_count ASC; </code></pre></div> <h3 id="real-time-fraud-detection" class="position-relative d-flex align-items-center group"> Real-Time Fraud Detection <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="real-time-fraud-detection" aria-haspopup="dialog" aria-label="Share link: Real-Time Fraud Detection"> Share link </button> </h3>From <code>REAL_TIME_ANALYTICS.md</code>: <h4 id="cdc-configuration" class="position-relative d-flex align-items-center group"> CDC Configuration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="cdc-configuration" aria-haspopup="dialog" aria-label="Share link: CDC Configuration"> Share link </button> </h4>Capture transaction events and trigger real-time analysis: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"># cdc-config.yaml cdc: enabled: true webhooks: - url: "https://fraud-detection.example.com/webhook" events: - node.created - edge.created filter: "label = 'Transaction' OR type = 'SENT'" retry: max_attempts: 3 backoff: exponential </code></pre></div> <h4 id="webhook-processing" class="position-relative d-flex align-items-center group"> Webhook Processing <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="webhook-processing" aria-haspopup="dialog" aria-label="Share link: Webhook Processing"> Share link </button> </h4>Webhook receives transaction event: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json">{ "event": "node.created", "graph": "PaymentNetwork", "node": { "id": 123456, "labels": ["Transaction"], "properties": { "amount": "5000.00", "timestamp": "2024-01-15T14:30:00Z", "merchant_category": "wire_transfer" } }, "trace_id": "7c9e8d6f-5b4a-3c2d-1e0f-9a8b7c6d5e4f" } </code></pre></div>Fraud detection service: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"># Pseudo-code async def process_transaction(event): tx_id = event['node']['id'] amount = Decimal(event['node']['properties']['amount']) # Query graph for context sender = await get_sender_account(tx_id) receiver = await get_receiver_account(tx_id) # Compute risk score risk_score = 0.0 # Check velocity recent_tx_count = await count_recent_transactions(sender.id, hours=1) if recent_tx_count > 10: risk_score += 0.3 # Check amount anomaly avg_amount = await get_avg_transaction_amount(sender.id) if amount > avg_amount * 3: risk_score += 0.4 # Check for transaction ring in_ring = await is_part_of_ring(sender.id, receiver.id) if in_ring: risk_score += 0.5 # Flag if high risk if risk_score > 0.7: await flag_transaction(tx_id, risk_score) await send_alert(sender, receiver, risk_score) return risk_score </code></pre></div> <h3 id="row-level-security-for-multi-tenant-isolation" class="position-relative d-flex align-items-center group"> Row-Level Security for Multi-Tenant Isolation <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="row-level-security-for-multi-tenant-isolation" aria-haspopup="dialog" aria-label="Share link: Row-Level Security for Multi-Tenant Isolation"> Share link </button> </h3>From <code>ADVANCED_SECURITY_FEATURES_OCTOBER_2025.md</code>: Financial institutions need tenant isolation: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Create RLS policy: users only see their organization's data CREATE POLICY org_isolation ON Account FOR SELECT USING (organization_id = current_user_org_id()); CREATE POLICY org_isolation_tx ON Transaction FOR SELECT USING ( EXISTS ( MATCH (a:Account)-[:SENT|RECEIVED_BY]->(tx:Transaction) WHERE tx.id = this.id AND a.organization_id = current_user_org_id() ) ); </code></pre></div>Benefit: Analysts at Bank A cannot see Bank B’s data, even with direct database access. <h3 id="audit-logging-for-compliance" class="position-relative d-flex align-items-center group"> Audit Logging for Compliance <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="audit-logging-for-compliance" aria-haspopup="dialog" aria-label="Share link: Audit Logging for Compliance"> Share link </button> </h3>From <code>AUDIT_LOGGING.md</code>: Track all fraud investigations for regulatory compliance: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml">security: audit: enabled: true log_path: "/var/log/geode/fraud-audit.jsonl" syslog: enabled: true address: "siem.example.com:514" format: "CEF" </code></pre></div>Audit log entry: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json">{ "timestamp": "2024-01-15T14:30:00.123Z", "event_type": "query_executed", "user": "fraud_analyst_alice", "graph": "PaymentNetwork", "execution_time_ms": 45.2, "rows_returned": 3, "trace_id": "...", "prev_log_hash": "...", "signature": "..." } </code></pre></div> <h3 id="performance-optimization" class="position-relative d-flex align-items-center group"> Performance Optimization <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="performance-optimization" aria-haspopup="dialog" aria-label="Share link: Performance Optimization"> Share link </button> </h3> <h4 id="index-strategy" class="position-relative d-flex align-items-center group"> Index Strategy <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="index-strategy" aria-haspopup="dialog" aria-label="Share link: Index Strategy"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Index frequently queried properties CREATE INDEX account_risk_score_idx ON Account(risk_score) USING btree; CREATE INDEX tx_timestamp_idx ON Transaction(timestamp) USING btree; CREATE INDEX tx_amount_idx ON Transaction(amount) USING btree; -- Vector index for similarity queries CREATE INDEX account_embedding_idx ON Account(embedding) USING vector; -- Spatial index for location-based fraud CREATE INDEX tx_location_idx ON Transaction(location) USING spatial; </code></pre></div> <h4 id="materialized-risk-scores" class="position-relative d-flex align-items-center group"> Materialized Risk Scores <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="materialized-risk-scores" aria-haspopup="dialog" aria-label="Share link: Materialized Risk Scores"> Share link </button> </h4>Pre-compute risk scores for fast lookups: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Batch job (run hourly) MATCH (a:Account) WITH a, -- Compute risk factors COUNT {MATCH (a)-[:SENT]->(:Transaction) WHERE timestamp > timestamp() - interval('P1D')} AS daily_tx_count, AVG {MATCH (a)-[:SENT]->(tx:Transaction) RETURN tx.amount} AS avg_tx_amount SET a.risk_score = CASE WHEN daily_tx_count > 50 THEN 0.8 WHEN avg_tx_amount > 10000 THEN 0.6 ELSE 0.2 END; -- Queries use cached risk_score MATCH (a:Account) WHERE a.risk_score > 0.7 RETURN a.holder_name, a.risk_score ORDER BY a.risk_score DESC; </code></pre></div> <h3 id="complete-workflow" class="position-relative d-flex align-items-center group"> Complete Workflow <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="complete-workflow" aria-haspopup="dialog" aria-label="Share link: Complete Workflow"> Share link </button> </h3><ol> <li>Ingest transactions via application or bulk load</li> <li>CDC triggers webhook to fraud detection service</li> <li>Service queries graph for context (velocity, rings, centrality)</li> <li>ML model scores transaction using embeddings</li> <li>High-risk transactions flagged automatically</li> <li>Analysts investigate using GQL queries</li> <li>Audit logs capture all investigations for compliance</li> </ol> <h3 id="next-steps" class="position-relative d-flex align-items-center group"> Next Steps <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="next-steps" aria-haspopup="dialog" aria-label="Share link: Next Steps"> Share link </button> </h3><ul> <li><a href="/docs/analytics/real-time-analytics/" >Real-Time Analytics</a> - CDC and streaming integration</li> <li><a href="/docs/analytics/graph-algorithms" >Graph Algorithms</a> - Centrality and embeddings</li> <li><a href="/docs/security/overview" >Security Guide</a> - RLS and audit logging</li> <li><a href="/docs/query/indexing-and-optimization" >Indexing and Optimization</a> - Performance tuning</li> </ul>