<!-- CANARY: REQ=REQ-DOCS-001; FEATURE="Docs"; ASPECT=Documentation; STATUS=TESTED; OWNER=docs; UPDATED=2026-01-28 -->
<h2 id="fraud-detection-guide" class="position-relative d-flex align-items-center group">
<span>Fraud Detection Guide</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="fraud-detection-guide"
aria-haspopup="dialog"
aria-label="Share link: Fraud Detection Guide">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h2><div id="headingShareModal" class="heading-share-modal" role="dialog" aria-modal="true" aria-labelledby="headingShareTitle" hidden>
<div class="hsm-dialog" role="document">
<div class="hsm-header">
<h2 id="headingShareTitle" class="h6 mb-0 fw-bold">Share this section</h2>
<button type="button" class="hsm-close" aria-label="Close">
<i class="fa-solid fa-xmark"></i>
</button>
</div>
<div class="hsm-body">
<label for="headingShareInput" class="form-label small text-muted mb-1 text-uppercase fw-bold" style="font-size: 0.7rem; letter-spacing: 0.5px;">Permalink</label>
<div class="input-group mb-4 hsm-url-group">
<input id="headingShareInput" type="text" class="form-control font-monospace" readonly aria-readonly="true" style="font-size: 0.85rem;" />
<button class="btn btn-primary hsm-copy" type="button" aria-label="Copy" title="Copy">
<i class="fa-duotone fa-clipboard" aria-hidden="true"></i>
</button>
</div>
<div class="small fw-bold mb-2 text-muted text-uppercase" style="font-size: 0.7rem; letter-spacing: 0.5px;">Share via</div>
<div class="hsm-share-grid">
<a id="share-twitter" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-twitter me-2"></i>Twitter
</a>
<a id="share-linkedin" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-linkedin me-2"></i>LinkedIn
</a>
<a id="share-facebook" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-facebook me-2"></i>Facebook
</a>
</div>
</div>
</div>
</div>
<style>
.heading-share-modal {
position: fixed;
inset: 0;
display: flex;
justify-content: center;
align-items: center;
background: rgba(0, 0, 0, 0.6);
z-index: 1050;
padding: 1rem;
backdrop-filter: blur(4px);
-webkit-backdrop-filter: blur(4px);
}
.heading-share-modal[hidden] { display: none !important; }
.hsm-dialog {
max-width: 420px;
width: 100%;
background: var(--bs-body-bg, #fff);
color: var(--bs-body-color, #212529);
border: 1px solid var(--bs-border-color, rgba(0,0,0,0.1));
border-radius: 1rem;
box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25);
overflow: hidden;
animation: hsm-fade-in 0.2s ease-out;
}
@keyframes hsm-fade-in {
from { opacity: 0; transform: scale(0.95); }
to { opacity: 1; transform: scale(1); }
}
[data-bs-theme="dark"] .hsm-dialog {
background: #1e293b;
border-color: rgba(255,255,255,0.1);
color: #f8f9fa;
}
.hsm-header {
display: flex;
justify-content: space-between;
align-items: center;
padding: 1rem 1.5rem;
border-bottom: 1px solid var(--bs-border-color, rgba(0,0,0,0.1));
background: rgba(0,0,0,0.02);
}
[data-bs-theme="dark"] .hsm-header {
background: rgba(255,255,255,0.02);
border-color: rgba(255,255,255,0.1);
}
.hsm-close {
background: transparent;
border: none;
color: inherit;
opacity: 0.5;
padding: 0.25rem 0.5rem;
border-radius: 0.25rem;
font-size: 1.2rem;
line-height: 1;
transition: opacity 0.2s;
}
.hsm-close:hover {
opacity: 1;
}
.hsm-body {
padding: 1.5rem;
}
.hsm-url-group {
display: flex !important;
align-items: stretch;
}
.hsm-url-group .form-control {
flex: 1;
min-width: 0;
margin: 0;
background: var(--bs-secondary-bg, #f8f9fa);
border-color: var(--bs-border-color, #dee2e6);
border-top-right-radius: 0;
border-bottom-right-radius: 0;
height: 42px;
}
.hsm-url-group .btn {
flex: 0 0 auto;
margin: 0;
margin-left: -1px;
border-top-left-radius: 0;
border-bottom-left-radius: 0;
height: 42px;
display: flex;
align-items: center;
justify-content: center;
padding: 0 1.25rem;
z-index: 2;
}
[data-bs-theme="dark"] .hsm-url-group .form-control {
background: #0f172a;
border-color: #334155;
color: #e2e8f0;
}
.hsm-share-grid {
display: flex;
flex-direction: column;
gap: 0.5rem;
}
.hsm-share-grid .btn {
display: flex;
align-items: center;
justify-content: center;
font-size: 0.9rem;
padding: 0.6rem;
border-color: var(--bs-border-color);
width: 100%;
}
[data-bs-theme="dark"] .hsm-share-grid .btn {
color: #e2e8f0;
border-color: #475569;
}
[data-bs-theme="dark"] .hsm-share-grid .btn:hover {
background: #334155;
border-color: #cbd5e1;
}
</style>
<script>
(function(){
const modal = document.getElementById('headingShareModal');
if(!modal) return;
const input = modal.querySelector('#headingShareInput');
const copyBtn = modal.querySelector('.hsm-copy');
const twitter = modal.querySelector('#share-twitter');
const linkedin = modal.querySelector('#share-linkedin');
const facebook = modal.querySelector('#share-facebook');
const closeBtn = modal.querySelector('.hsm-close');
let lastFocus=null;
let trapBound=false;
function buildUrl(id){ return window.location.origin + window.location.pathname + '#' + id; }
function isOpen(){ return !modal.hasAttribute('hidden'); }
function hydrate(id){
const url=buildUrl(id);
input.value=url;
const enc=encodeURIComponent(url);
const text=encodeURIComponent(document.title);
if(twitter) twitter.href=`https://twitter.com/intent/tweet?url=${enc}&text=${text}`;
if(linkedin) linkedin.href=`https://www.linkedin.com/sharing/share-offsite/?url=${enc}`;
if(facebook) facebook.href=`https://www.facebook.com/sharer/sharer.php?u=${enc}`;
}
function openModal(id){
lastFocus=document.activeElement;
hydrate(id);
if(!isOpen()){
modal.removeAttribute('hidden');
}
requestAnimationFrame(()=>{ input.focus(); });
trapFocus();
}
function closeModal(){
if(!isOpen()) return;
modal.setAttribute('hidden','');
if(lastFocus && typeof lastFocus.focus==='function') lastFocus.focus();
}
function copyCurrent(){
try{ navigator.clipboard.writeText(input.value).then(()=>feedback(true),()=>fallback()); }
catch(e){ fallback(); }
}
function fallback(){ input.select(); try{ document.execCommand('copy'); feedback(true);}catch(e){ feedback(false);} }
function feedback(ok){ if(!copyBtn) return; const icon=copyBtn.querySelector('i'); if(!icon) return; const prev=copyBtn.getAttribute('data-prev')||icon.className; if(!copyBtn.getAttribute('data-prev')) copyBtn.setAttribute('data-prev',prev); icon.className= ok ? 'fa-duotone fa-clipboard-check':'fa-duotone fa-circle-exclamation'; setTimeout(()=>{ icon.className=prev; },1800); }
function handleShareClick(e){ e.preventDefault(); const btn=e.currentTarget; const id=btn.getAttribute('data-share-target'); if(id) openModal(id); }
function bindShareButtons(){
document.querySelectorAll('.h-share').forEach(btn=>{
if(!btn.dataset.hShareBound){ btn.addEventListener('click', handleShareClick); btn.dataset.hShareBound='1'; }
});
}
bindShareButtons();
if(document.readyState==='loading'){
document.addEventListener('DOMContentLoaded', bindShareButtons);
} else {
requestAnimationFrame(bindShareButtons);
}
document.addEventListener('click', function(e){
const shareBtn=e.target.closest && e.target.closest('.h-share');
if(shareBtn && !shareBtn.dataset.hShareBound){ handleShareClick.call(shareBtn, e); }
}, true);
document.addEventListener('click', e=>{
if(e.target===modal) closeModal();
if(e.target.closest && e.target.closest('.hsm-close')){ e.preventDefault(); closeModal(); }
if(copyBtn && (e.target===copyBtn || (e.target.closest && e.target.closest('.hsm-copy')))) { e.preventDefault(); copyCurrent(); }
});
document.addEventListener('keydown', e=>{ if(e.key==='Escape' && isOpen()) closeModal(); });
function trapFocus(){
if(trapBound) return;
trapBound=true;
modal.addEventListener('keydown', f=>{ if(f.key==='Tab' && isOpen()){ const focusable=[...modal.querySelectorAll('a[href],button,input,textarea,select,[tabindex]:not([tabindex="-1"])')].filter(el=>!el.hasAttribute('disabled')); if(!focusable.length) return; const first=focusable[0]; const last=focusable[focusable.length-1]; if(f.shiftKey && document.activeElement===first){ f.preventDefault(); last.focus(); } else if(!f.shiftKey && document.activeElement===last){ f.preventDefault(); first.focus(); } } });
}
if(closeBtn) closeBtn.addEventListener('click', e=>{ e.preventDefault(); closeModal(); });
})();
</script><p>This guide demonstrates how to use Geode for fraud detection. You’ll learn to model fraud-relevant data, identify suspicious patterns, score risk in real-time, and build investigation workflows.</p>
<h3 id="overview" class="position-relative d-flex align-items-center group">
<span>Overview</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="overview"
aria-haspopup="dialog"
aria-label="Share link: Overview">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><p>Graph databases excel at fraud detection because fraudulent activity often involves hidden relationships and patterns that are difficult to detect in traditional databases:</p>
<ul>
<li><strong>Account networks</strong> - Fraudsters share devices, addresses, or payment methods</li>
<li><strong>Transaction rings</strong> - Money laundering through circular transactions</li>
<li><strong>Identity fraud</strong> - Multiple identities with shared attributes</li>
<li><strong>Collusion patterns</strong> - Coordinated fraudulent behavior</li>
</ul>
<p>Geode’s graph traversal capabilities make it easy to uncover these patterns in real-time.</p>
<h3 id="data-model" class="position-relative d-flex align-items-center group">
<span>Data Model</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="data-model"
aria-haspopup="dialog"
aria-label="Share link: Data Model">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="core-entities" class="position-relative d-flex align-items-center group">
<span>Core Entities</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="core-entities"
aria-haspopup="dialog"
aria-label="Share link: Core Entities">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">User</span><span class="w"> </span><span class="py">accounts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">email</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">phone</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">created_at</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">status</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="s">"active"</span><span class="p">,</span><span class="w"> </span><span class="s">"suspended"</span><span class="p">,</span><span class="w"> </span><span class="s">"flagged"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">risk_score</span><span class="p">:</span><span class="w"> </span><span class="nc">FLOAT</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">last_activity</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">verification_level</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Personal</span><span class="w"> </span><span class="py">identity</span><span class="w"> </span><span class="py">information</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Identity</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ssn_hash</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">Hashed</span><span class="w"> </span><span class="py">SSN</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">name</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">date_of_birth</span><span class="p">:</span><span class="w"> </span><span class="nc">DATE</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">address_hash</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Devices</span><span class="w"> </span><span class="py">used</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">access</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Device</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">fingerprint</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">device_type</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">os</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">browser</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">first_seen</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">last_seen</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">risk_score</span><span class="p">:</span><span class="w"> </span><span class="nc">FLOAT</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">IP</span><span class="w"> </span><span class="py">Addresses</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">IPAddress</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ip</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">asn</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">country</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">city</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">is_proxy</span><span class="p">:</span><span class="w"> </span><span class="nc">BOOLEAN</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">is_vpn</span><span class="p">:</span><span class="w"> </span><span class="nc">BOOLEAN</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">is_tor</span><span class="p">:</span><span class="w"> </span><span class="nc">BOOLEAN</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">risk_score</span><span class="p">:</span><span class="w"> </span><span class="nc">FLOAT</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Payment</span><span class="w"> </span><span class="py">methods</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">PaymentMethod</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">type</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="s">"credit_card"</span><span class="p">,</span><span class="w"> </span><span class="s">"bank_account"</span><span class="p">,</span><span class="w"> </span><span class="s">"crypto"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">last_four</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">bin</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">Bank</span><span class="w"> </span><span class="py">identification</span><span class="w"> </span><span class="py">number</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">issuer</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">country</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">created_at</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">risk_score</span><span class="p">:</span><span class="w"> </span><span class="nc">FLOAT</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Transactions</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Transaction</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">amount</span><span class="p">:</span><span class="w"> </span><span class="nc">FLOAT</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">currency</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">type</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="s">"purchase"</span><span class="p">,</span><span class="w"> </span><span class="s">"transfer"</span><span class="p">,</span><span class="w"> </span><span class="s">"withdrawal"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">status</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="s">"pending"</span><span class="p">,</span><span class="w"> </span><span class="s">"completed"</span><span class="p">,</span><span class="w"> </span><span class="s">"failed"</span><span class="p">,</span><span class="w"> </span><span class="s">"flagged"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">timestamp</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">risk_score</span><span class="p">:</span><span class="w"> </span><span class="nc">FLOAT</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">fraud_flags</span><span class="p">:</span><span class="w"> </span><span class="nc">LIST</span><span class="err"><</span><span class="py">STRING</span><span class="err">></span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Merchants</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Merchant</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">name</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">category</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">risk_category</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">country</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Fraud</span><span class="w"> </span><span class="py">cases</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">FraudCase</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">type</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">status</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="s">"open"</span><span class="p">,</span><span class="w"> </span><span class="s">"investigating"</span><span class="p">,</span><span class="w"> </span><span class="s">"confirmed"</span><span class="p">,</span><span class="w"> </span><span class="s">"closed"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">created_at</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">resolved_at</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">amount_at_risk</span><span class="p">:</span><span class="w"> </span><span class="nc">FLOAT</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">investigator</span><span class="p">:</span><span class="w"> </span><span class="nc">STRING</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="relationship-types" class="position-relative d-flex align-items-center group">
<span>Relationship Types</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="relationship-types"
aria-haspopup="dialog"
aria-label="Share link: Relationship Types">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Account</span><span class="w"> </span><span class="py">relationships</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">HAS_IDENTITY</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Identity</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USES_DEVICE</span><span class="w"> </span><span class="p">{</span><span class="py">first_used</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">,</span><span class="w"> </span><span class="py">last_used</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">,</span><span class="w"> </span><span class="py">count</span><span class="p">:</span><span class="w"> </span><span class="nc">INTEGER</span><span class="p">}]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Device</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">LOGGED_IN_FROM</span><span class="w"> </span><span class="p">{</span><span class="py">timestamp</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">}]</span><span class="err">-></span><span class="p">(:</span><span class="nc">IPAddress</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">HAS_PAYMENT_METHOD</span><span class="w"> </span><span class="p">{</span><span class="py">added_at</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">}]</span><span class="err">-></span><span class="p">(:</span><span class="nc">PaymentMethod</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">REFERRED_BY</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Transaction</span><span class="w"> </span><span class="py">relationships</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="w"> </span><span class="p">{</span><span class="py">timestamp</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">}]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Transaction</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">PAID_TO</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USED</span><span class="w"> </span><span class="p">{</span><span class="py">timestamp</span><span class="p">:</span><span class="w"> </span><span class="nc">TIMESTAMP</span><span class="p">}]</span><span class="err">-></span><span class="p">(:</span><span class="nc">PaymentMethod</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FROM_IP</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">IPAddress</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FROM_DEVICE</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Device</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">AT</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Merchant</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Fraud</span><span class="w"> </span><span class="py">relationships</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FLAGGED_IN</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">FraudCase</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FLAGGED_IN</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">FraudCase</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(:</span><span class="nc">FraudCase</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">RELATED_TO</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">FraudCase</span><span class="p">)</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="schema-setup" class="position-relative d-flex align-items-center group">
<span>Schema Setup</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="schema-setup"
aria-haspopup="dialog"
aria-label="Share link: Schema Setup">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Constraints</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">CONSTRAINT</span><span class="w"> </span><span class="py">account_id_unique</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Account</span><span class="p">(</span><span class="py">id</span><span class="p">)</span><span class="w"> </span><span class="py">ASSERT</span><span class="w"> </span><span class="py">UNIQUE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">CONSTRAINT</span><span class="w"> </span><span class="py">account_email_unique</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Account</span><span class="p">(</span><span class="py">email</span><span class="p">)</span><span class="w"> </span><span class="py">ASSERT</span><span class="w"> </span><span class="py">UNIQUE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">CONSTRAINT</span><span class="w"> </span><span class="py">device_id_unique</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Device</span><span class="p">(</span><span class="py">id</span><span class="p">)</span><span class="w"> </span><span class="py">ASSERT</span><span class="w"> </span><span class="py">UNIQUE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">CONSTRAINT</span><span class="w"> </span><span class="py">device_fingerprint_unique</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Device</span><span class="p">(</span><span class="py">fingerprint</span><span class="p">)</span><span class="w"> </span><span class="py">ASSERT</span><span class="w"> </span><span class="py">UNIQUE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">CONSTRAINT</span><span class="w"> </span><span class="py">transaction_id_unique</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Transaction</span><span class="p">(</span><span class="py">id</span><span class="p">)</span><span class="w"> </span><span class="py">ASSERT</span><span class="w"> </span><span class="py">UNIQUE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">CONSTRAINT</span><span class="w"> </span><span class="py">payment_method_id_unique</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">PaymentMethod</span><span class="p">(</span><span class="py">id</span><span class="p">)</span><span class="w"> </span><span class="py">ASSERT</span><span class="w"> </span><span class="py">UNIQUE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Indexes</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">fraud</span><span class="w"> </span><span class="py">queries</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">account_risk</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Account</span><span class="p">(</span><span class="py">risk_score</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">account_status</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Account</span><span class="p">(</span><span class="py">status</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">device_risk</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Device</span><span class="p">(</span><span class="py">risk_score</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">device_fingerprint</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Device</span><span class="p">(</span><span class="py">fingerprint</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">ip_address</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">IPAddress</span><span class="p">(</span><span class="py">ip</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">transaction_timestamp</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Transaction</span><span class="p">(</span><span class="py">timestamp</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">transaction_risk</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Transaction</span><span class="p">(</span><span class="py">risk_score</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">identity_ssn</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Identity</span><span class="p">(</span><span class="py">ssn_hash</span><span class="p">)</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="fraud-graph-patterns" class="position-relative d-flex align-items-center group">
<span>Fraud Graph Patterns</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="fraud-graph-patterns"
aria-haspopup="dialog"
aria-label="Share link: Fraud Graph Patterns">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="pattern-1-shared-device-network" class="position-relative d-flex align-items-center group">
<span>Pattern 1: Shared Device Network</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="pattern-1-shared-device-network"
aria-haspopup="dialog"
aria-label="Share link: Pattern 1: Shared Device Network">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Multiple accounts using the same device is a strong fraud indicator.</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Find</span><span class="w"> </span><span class="py">accounts</span><span class="w"> </span><span class="py">sharing</span><span class="w"> </span><span class="py">devices</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">device</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="err"><-</span><span class="p">[:</span><span class="nc">USES_DEVICE</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">device</span><span class="p">,</span><span class="w"> </span><span class="py">collect</span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">accounts</span><span class="p">,</span><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">account_count</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">account_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">device</span><span class="err">.</span><span class="py">fingerprint</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">device</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">device</span><span class="err">.</span><span class="py">device_type</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="kd">type</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">account_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">a</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">accounts</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">email</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">accounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">a</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">accounts</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">risk_score</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">risk_scores</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">ORDER</span><span class="w"> </span><span class="py">BY</span><span class="w"> </span><span class="py">account_count</span><span class="w"> </span><span class="py">DESC</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">LIMIT</span><span class="w"> </span><span class="py">20</span><span class="w">
</span></span></span></code></pre></div><div class="docs-tabs mb-4">
<ul class="nav nav-tabs" id="tabs-1774880884642858253" role="tablist"><li class="nav-item" role="presentation">
<button
class="nav-link active"
id="tabs-1774880884642858253-tab-0-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884642858253-tab-0"
type="button"
role="tab"
aria-controls="tabs-1774880884642858253-tab-0"
aria-selected="true"
>
Go
</button>
</li><li class="nav-item" role="presentation">
<button
class="nav-link"
id="tabs-1774880884642858253-tab-1-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884642858253-tab-1"
type="button"
role="tab"
aria-controls="tabs-1774880884642858253-tab-1"
aria-selected="false"
>
Python
</button>
</li><li class="nav-item" role="presentation">
<button
class="nav-link"
id="tabs-1774880884642858253-tab-2-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884642858253-tab-2"
type="button"
role="tab"
aria-controls="tabs-1774880884642858253-tab-2"
aria-selected="false"
>
Rust
</button>
</li><li class="nav-item" role="presentation">
<button
class="nav-link"
id="tabs-1774880884642858253-tab-3-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884642858253-tab-3"
type="button"
role="tab"
aria-controls="tabs-1774880884642858253-tab-3"
aria-selected="false"
>
Node.js
</button>
</li><li class="nav-item" role="presentation">
<button
class="nav-link"
id="tabs-1774880884642858253-tab-4-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884642858253-tab-4"
type="button"
role="tab"
aria-controls="tabs-1774880884642858253-tab-4"
aria-selected="false"
>
Zig
</button>
</li></ul>
<div class="tab-content border border-top-0 rounded-bottom p-3" id="tabs-1774880884642858253-content"><div
class="tab-pane fade show active"
id="tabs-1774880884642858253-tab-0"
role="tabpanel"
aria-labelledby="tabs-1774880884642858253-tab-0-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-go" data-lang="go"><span class="line"><span class="cl"><span class="kn">package</span> <span class="nx">main</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kn">import</span> <span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="s">"context"</span>
</span></span><span class="line"><span class="cl"> <span class="s">"database/sql"</span>
</span></span><span class="line"><span class="cl"> <span class="s">"log"</span>
</span></span><span class="line"><span class="cl"> <span class="nx">_</span> <span class="s">"geodedb.com/geode"</span>
</span></span><span class="line"><span class="cl"><span class="p">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kd">type</span> <span class="nx">SharedDeviceAlert</span> <span class="kd">struct</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">DeviceFingerprint</span> <span class="kt">string</span>
</span></span><span class="line"><span class="cl"> <span class="nx">DeviceType</span> <span class="kt">string</span>
</span></span><span class="line"><span class="cl"> <span class="nx">AccountCount</span> <span class="kt">int</span>
</span></span><span class="line"><span class="cl"> <span class="nx">Accounts</span> <span class="p">[]</span><span class="kt">string</span>
</span></span><span class="line"><span class="cl"> <span class="nx">RiskScores</span> <span class="p">[]</span><span class="kt">float64</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kd">func</span> <span class="nf">FindSharedDevices</span><span class="p">(</span><span class="nx">ctx</span> <span class="nx">context</span><span class="p">.</span><span class="nx">Context</span><span class="p">,</span> <span class="nx">db</span> <span class="o">*</span><span class="nx">sql</span><span class="p">.</span><span class="nx">DB</span><span class="p">,</span> <span class="nx">minAccounts</span> <span class="kt">int</span><span class="p">)</span> <span class="p">([]</span><span class="nx">SharedDeviceAlert</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">rows</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">db</span><span class="p">.</span><span class="nf">QueryContext</span><span class="p">(</span><span class="nx">ctx</span><span class="p">,</span> <span class="s">`
</span></span></span><span class="line"><span class="cl"><span class="s"> MATCH (device:Device)<-[:USES_DEVICE]-(account:Account)
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH device, collect(account) AS accounts, count(account) AS account_count
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE account_count > ?
</span></span></span><span class="line"><span class="cl"><span class="s"> RETURN
</span></span></span><span class="line"><span class="cl"><span class="s"> device.fingerprint AS device_fingerprint,
</span></span></span><span class="line"><span class="cl"><span class="s"> device.device_type AS device_type,
</span></span></span><span class="line"><span class="cl"><span class="s"> account_count,
</span></span></span><span class="line"><span class="cl"><span class="s"> [a IN accounts | a.email] AS account_emails,
</span></span></span><span class="line"><span class="cl"><span class="s"> [a IN accounts | a.risk_score] AS risk_scores
</span></span></span><span class="line"><span class="cl"><span class="s"> ORDER BY account_count DESC
</span></span></span><span class="line"><span class="cl"><span class="s"> LIMIT 100
</span></span></span><span class="line"><span class="cl"><span class="s"> `</span><span class="p">,</span> <span class="nx">minAccounts</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">nil</span><span class="p">,</span> <span class="nx">err</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl"> <span class="k">defer</span> <span class="nx">rows</span><span class="p">.</span><span class="nf">Close</span><span class="p">()</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="kd">var</span> <span class="nx">alerts</span> <span class="p">[]</span><span class="nx">SharedDeviceAlert</span>
</span></span><span class="line"><span class="cl"> <span class="k">for</span> <span class="nx">rows</span><span class="p">.</span><span class="nf">Next</span><span class="p">()</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="kd">var</span> <span class="nx">alert</span> <span class="nx">SharedDeviceAlert</span>
</span></span><span class="line"><span class="cl"> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">rows</span><span class="p">.</span><span class="nf">Scan</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">alert</span><span class="p">.</span><span class="nx">DeviceFingerprint</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">alert</span><span class="p">.</span><span class="nx">DeviceType</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">alert</span><span class="p">.</span><span class="nx">AccountCount</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">alert</span><span class="p">.</span><span class="nx">Accounts</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">alert</span><span class="p">.</span><span class="nx">RiskScores</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">nil</span><span class="p">,</span> <span class="nx">err</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl"> <span class="nx">alerts</span> <span class="p">=</span> <span class="nb">append</span><span class="p">(</span><span class="nx">alerts</span><span class="p">,</span> <span class="nx">alert</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="nx">alerts</span><span class="p">,</span> <span class="kc">nil</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kd">func</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">db</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">sql</span><span class="p">.</span><span class="nf">Open</span><span class="p">(</span><span class="s">"geode"</span><span class="p">,</span> <span class="s">"localhost:3141"</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl"> <span class="k">defer</span> <span class="nx">db</span><span class="p">.</span><span class="nf">Close</span><span class="p">()</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="nx">ctx</span> <span class="o">:=</span> <span class="nx">context</span><span class="p">.</span><span class="nf">Background</span><span class="p">()</span>
</span></span><span class="line"><span class="cl"> <span class="nx">alerts</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nf">FindSharedDevices</span><span class="p">(</span><span class="nx">ctx</span><span class="p">,</span> <span class="nx">db</span><span class="p">,</span> <span class="mi">2</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">log</span><span class="p">.</span><span class="nf">Fatal</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">for</span> <span class="nx">_</span><span class="p">,</span> <span class="nx">alert</span> <span class="o">:=</span> <span class="k">range</span> <span class="nx">alerts</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">log</span><span class="p">.</span><span class="nf">Printf</span><span class="p">(</span><span class="s">"Device %s shared by %d accounts: %v"</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">alert</span><span class="p">.</span><span class="nx">DeviceFingerprint</span><span class="p">,</span> <span class="nx">alert</span><span class="p">.</span><span class="nx">AccountCount</span><span class="p">,</span> <span class="nx">alert</span><span class="p">.</span><span class="nx">Accounts</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span></code></pre></div>
</div><div
class="tab-pane fade"
id="tabs-1774880884642858253-tab-1"
role="tabpanel"
aria-labelledby="tabs-1774880884642858253-tab-1-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"><span class="line"><span class="cl"><span class="kn">import</span> <span class="nn">asyncio</span>
</span></span><span class="line"><span class="cl"><span class="kn">from</span> <span class="nn">dataclasses</span> <span class="kn">import</span> <span class="n">dataclass</span>
</span></span><span class="line"><span class="cl"><span class="kn">from</span> <span class="nn">typing</span> <span class="kn">import</span> <span class="n">List</span>
</span></span><span class="line"><span class="cl"><span class="kn">from</span> <span class="nn">geode_client</span> <span class="kn">import</span> <span class="n">Client</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nd">@dataclass</span>
</span></span><span class="line"><span class="cl"><span class="k">class</span> <span class="nc">SharedDeviceAlert</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="n">device_fingerprint</span><span class="p">:</span> <span class="nb">str</span>
</span></span><span class="line"><span class="cl"> <span class="n">device_type</span><span class="p">:</span> <span class="nb">str</span>
</span></span><span class="line"><span class="cl"> <span class="n">account_count</span><span class="p">:</span> <span class="nb">int</span>
</span></span><span class="line"><span class="cl"> <span class="n">accounts</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span>
</span></span><span class="line"><span class="cl"> <span class="n">risk_scores</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="nb">float</span><span class="p">]</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="k">async</span> <span class="k">def</span> <span class="nf">find_shared_devices</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="n">client</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">min_accounts</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">2</span>
</span></span><span class="line"><span class="cl"><span class="p">)</span> <span class="o">-></span> <span class="n">List</span><span class="p">[</span><span class="n">SharedDeviceAlert</span><span class="p">]:</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"""Find devices shared by multiple accounts."""</span>
</span></span><span class="line"><span class="cl"> <span class="k">async</span> <span class="k">with</span> <span class="n">client</span><span class="o">.</span><span class="n">connection</span><span class="p">()</span> <span class="k">as</span> <span class="n">conn</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="n">result</span><span class="p">,</span> <span class="n">_</span> <span class="o">=</span> <span class="k">await</span> <span class="n">conn</span><span class="o">.</span><span class="n">query</span><span class="p">(</span><span class="s2">"""
</span></span></span><span class="line"><span class="cl"><span class="s2"> MATCH (device:Device)<-[:USES_DEVICE]-(account:Account)
</span></span></span><span class="line"><span class="cl"><span class="s2"> WITH device, collect(account) AS accounts, count(account) AS account_count
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHERE account_count > $min_accounts
</span></span></span><span class="line"><span class="cl"><span class="s2"> RETURN
</span></span></span><span class="line"><span class="cl"><span class="s2"> device.fingerprint AS device_fingerprint,
</span></span></span><span class="line"><span class="cl"><span class="s2"> device.device_type AS device_type,
</span></span></span><span class="line"><span class="cl"><span class="s2"> account_count,
</span></span></span><span class="line"><span class="cl"><span class="s2"> [a IN accounts | a.email] AS account_emails,
</span></span></span><span class="line"><span class="cl"><span class="s2"> [a IN accounts | a.risk_score] AS risk_scores
</span></span></span><span class="line"><span class="cl"><span class="s2"> ORDER BY account_count DESC
</span></span></span><span class="line"><span class="cl"><span class="s2"> LIMIT 100
</span></span></span><span class="line"><span class="cl"><span class="s2"> """</span><span class="p">,</span> <span class="p">{</span><span class="s2">"min_accounts"</span><span class="p">:</span> <span class="n">min_accounts</span><span class="p">})</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="p">[</span>
</span></span><span class="line"><span class="cl"> <span class="n">SharedDeviceAlert</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="n">device_fingerprint</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'device_fingerprint'</span><span class="p">]</span><span class="o">.</span><span class="n">as_string</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">device_type</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'device_type'</span><span class="p">]</span><span class="o">.</span><span class="n">as_string</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">account_count</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'account_count'</span><span class="p">]</span><span class="o">.</span><span class="n">as_int</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">accounts</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'account_emails'</span><span class="p">]</span><span class="o">.</span><span class="n">as_list</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">risk_scores</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'risk_scores'</span><span class="p">]</span><span class="o">.</span><span class="n">as_list</span>
</span></span><span class="line"><span class="cl"> <span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">result</span><span class="o">.</span><span class="n">rows</span>
</span></span><span class="line"><span class="cl"> <span class="p">]</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="k">async</span> <span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
</span></span><span class="line"><span class="cl"> <span class="n">client</span> <span class="o">=</span> <span class="n">Client</span><span class="p">(</span><span class="n">host</span><span class="o">=</span><span class="s2">"localhost"</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">3141</span><span class="p">,</span> <span class="n">skip_verify</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="n">alerts</span> <span class="o">=</span> <span class="k">await</span> <span class="n">find_shared_devices</span><span class="p">(</span><span class="n">client</span><span class="p">,</span> <span class="n">min_accounts</span><span class="o">=</span><span class="mi">2</span><span class="p">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">for</span> <span class="n">alert</span> <span class="ow">in</span> <span class="n">alerts</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s2">"Device </span><span class="si">{</span><span class="n">alert</span><span class="o">.</span><span class="n">device_fingerprint</span><span class="si">}</span><span class="s2"> shared by </span><span class="si">{</span><span class="n">alert</span><span class="o">.</span><span class="n">account_count</span><span class="si">}</span><span class="s2"> accounts:"</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">for</span> <span class="n">account</span> <span class="ow">in</span> <span class="n">alert</span><span class="o">.</span><span class="n">accounts</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s2">" - </span><span class="si">{</span><span class="n">account</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="n">asyncio</span><span class="o">.</span><span class="n">run</span><span class="p">(</span><span class="n">main</span><span class="p">())</span>
</span></span></code></pre></div>
</div><div
class="tab-pane fade"
id="tabs-1774880884642858253-tab-2"
role="tabpanel"
aria-labelledby="tabs-1774880884642858253-tab-2-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-rust" data-lang="rust"><span class="line"><span class="cl"><span class="k">use</span><span class="w"> </span><span class="n">geode_client</span>::<span class="p">{</span><span class="n">Client</span><span class="p">,</span><span class="w"> </span><span class="n">Value</span><span class="p">};</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">use</span><span class="w"> </span><span class="n">std</span>::<span class="n">collections</span>::<span class="n">HashMap</span><span class="p">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="cp">#[derive(Debug)]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">struct</span> <span class="nc">SharedDeviceAlert</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_fingerprint</span>: <span class="nb">String</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_type</span>: <span class="nb">String</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_count</span>: <span class="kt">i64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">accounts</span>: <span class="nb">Vec</span><span class="o"><</span><span class="nb">String</span><span class="o">></span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">risk_scores</span>: <span class="nb">Vec</span><span class="o"><</span><span class="kt">f64</span><span class="o">></span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">async</span><span class="w"> </span><span class="k">fn</span> <span class="nf">find_shared_devices</span><span class="p">(</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">conn</span>: <span class="kp">&</span><span class="nc">mut</span><span class="w"> </span><span class="n">geode_client</span>::<span class="n">Connection</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">min_accounts</span>: <span class="kt">i64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">)</span><span class="w"> </span>-> <span class="nb">Result</span><span class="o"><</span><span class="nb">Vec</span><span class="o"><</span><span class="n">SharedDeviceAlert</span><span class="o">></span><span class="p">,</span><span class="w"> </span><span class="nb">Box</span><span class="o"><</span><span class="k">dyn</span><span class="w"> </span><span class="n">std</span>::<span class="n">error</span>::<span class="n">Error</span><span class="o">>></span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="k">mut</span><span class="w"> </span><span class="n">params</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HashMap</span>::<span class="n">new</span><span class="p">();</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">params</span><span class="p">.</span><span class="n">insert</span><span class="p">(</span><span class="s">"min_accounts"</span><span class="p">.</span><span class="n">to_string</span><span class="p">(),</span><span class="w"> </span><span class="n">Value</span>::<span class="n">int</span><span class="p">(</span><span class="n">min_accounts</span><span class="p">));</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="p">(</span><span class="n">page</span><span class="p">,</span><span class="w"> </span><span class="n">_</span><span class="p">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">conn</span><span class="p">.</span><span class="n">query_with_params</span><span class="p">(</span><span class="sa">r</span><span class="s">#"
</span></span></span><span class="line"><span class="cl"><span class="s"> MATCH (device:Device)<-[:USES_DEVICE]-(account:Account)
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH device, collect(account) AS accounts, count(account) AS account_count
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE account_count > $min_accounts
</span></span></span><span class="line"><span class="cl"><span class="s"> RETURN
</span></span></span><span class="line"><span class="cl"><span class="s"> device.fingerprint AS device_fingerprint,
</span></span></span><span class="line"><span class="cl"><span class="s"> device.device_type AS device_type,
</span></span></span><span class="line"><span class="cl"><span class="s"> account_count,
</span></span></span><span class="line"><span class="cl"><span class="s"> [a IN accounts | a.email] AS account_emails,
</span></span></span><span class="line"><span class="cl"><span class="s"> [a IN accounts | a.risk_score] AS risk_scores
</span></span></span><span class="line"><span class="cl"><span class="s"> ORDER BY account_count DESC
</span></span></span><span class="line"><span class="cl"><span class="s"> LIMIT 100
</span></span></span><span class="line"><span class="cl"><span class="s"> "#</span><span class="p">,</span><span class="w"> </span><span class="o">&</span><span class="n">params</span><span class="p">).</span><span class="k">await</span><span class="o">?</span><span class="p">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="k">mut</span><span class="w"> </span><span class="n">alerts</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">Vec</span>::<span class="n">new</span><span class="p">();</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">row</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="o">&</span><span class="n">page</span><span class="p">.</span><span class="n">rows</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">alerts</span><span class="p">.</span><span class="n">push</span><span class="p">(</span><span class="n">SharedDeviceAlert</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_fingerprint</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"device_fingerprint"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_string</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_type</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"device_type"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_string</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_count</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"account_count"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_int</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">accounts</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"account_emails"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_string_list</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">risk_scores</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"risk_scores"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_float_list</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">});</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nb">Ok</span><span class="p">(</span><span class="n">alerts</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="cp">#[tokio::main]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">async</span><span class="w"> </span><span class="k">fn</span> <span class="nf">main</span><span class="p">()</span><span class="w"> </span>-> <span class="nb">Result</span><span class="o"><</span><span class="p">(),</span><span class="w"> </span><span class="nb">Box</span><span class="o"><</span><span class="k">dyn</span><span class="w"> </span><span class="n">std</span>::<span class="n">error</span>::<span class="n">Error</span><span class="o">>></span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Client</span>::<span class="n">new</span><span class="p">(</span><span class="s">"127.0.0.1"</span><span class="p">,</span><span class="w"> </span><span class="mi">3141</span><span class="p">).</span><span class="n">skip_verify</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="k">mut</span><span class="w"> </span><span class="n">conn</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">connect</span><span class="p">().</span><span class="k">await</span><span class="o">?</span><span class="p">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="n">alerts</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">find_shared_devices</span><span class="p">(</span><span class="o">&</span><span class="k">mut</span><span class="w"> </span><span class="n">conn</span><span class="p">,</span><span class="w"> </span><span class="mi">2</span><span class="p">).</span><span class="k">await</span><span class="o">?</span><span class="p">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">alert</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="n">alerts</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="fm">println!</span><span class="p">(</span><span class="s">"Device </span><span class="si">{}</span><span class="s"> shared by </span><span class="si">{}</span><span class="s"> accounts: </span><span class="si">{:?}</span><span class="s">"</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">alert</span><span class="p">.</span><span class="n">device_fingerprint</span><span class="p">,</span><span class="w"> </span><span class="n">alert</span><span class="p">.</span><span class="n">account_count</span><span class="p">,</span><span class="w"> </span><span class="n">alert</span><span class="p">.</span><span class="n">accounts</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nb">Ok</span><span class="p">(())</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span></code></pre></div>
</div><div
class="tab-pane fade"
id="tabs-1774880884642858253-tab-3"
role="tabpanel"
aria-labelledby="tabs-1774880884642858253-tab-3-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-typescript" data-lang="typescript"><span class="line"><span class="cl"><span class="kr">import</span> <span class="p">{</span> <span class="nx">createClient</span><span class="p">,</span> <span class="nx">Client</span> <span class="p">}</span> <span class="kr">from</span> <span class="s1">'@geodedb/client'</span><span class="p">;</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kr">interface</span> <span class="nx">SharedDeviceAlert</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">deviceFingerprint</span>: <span class="kt">string</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"> <span class="nx">deviceType</span>: <span class="kt">string</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"> <span class="nx">accountCount</span>: <span class="kt">number</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"> <span class="nx">accounts</span>: <span class="kt">string</span><span class="p">[];</span>
</span></span><span class="line"><span class="cl"> <span class="nx">riskScores</span>: <span class="kt">number</span><span class="p">[];</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kr">async</span> <span class="kd">function</span> <span class="nx">findSharedDevices</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="nx">client</span>: <span class="kt">Client</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">minAccounts</span>: <span class="kt">number</span> <span class="o">=</span> <span class="mi">2</span>
</span></span><span class="line"><span class="cl"><span class="p">)</span><span class="o">:</span> <span class="nx">Promise</span><span class="p"><</span><span class="nt">SharedDeviceAlert</span><span class="err">[]</span><span class="p">></span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="kr">const</span> <span class="nx">rows</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nx">queryAll</span><span class="p">(</span><span class="sb">`
</span></span></span><span class="line"><span class="cl"><span class="sb"> MATCH (device:Device)<-[:USES_DEVICE]-(account:Account)
</span></span></span><span class="line"><span class="cl"><span class="sb"> WITH device, collect(account) AS accounts, count(account) AS account_count
</span></span></span><span class="line"><span class="cl"><span class="sb"> WHERE account_count > $min_accounts
</span></span></span><span class="line"><span class="cl"><span class="sb"> RETURN
</span></span></span><span class="line"><span class="cl"><span class="sb"> device.fingerprint AS device_fingerprint,
</span></span></span><span class="line"><span class="cl"><span class="sb"> device.device_type AS device_type,
</span></span></span><span class="line"><span class="cl"><span class="sb"> account_count,
</span></span></span><span class="line"><span class="cl"><span class="sb"> [a IN accounts | a.email] AS account_emails,
</span></span></span><span class="line"><span class="cl"><span class="sb"> [a IN accounts | a.risk_score] AS risk_scores
</span></span></span><span class="line"><span class="cl"><span class="sb"> ORDER BY account_count DESC
</span></span></span><span class="line"><span class="cl"><span class="sb"> LIMIT 100
</span></span></span><span class="line"><span class="cl"><span class="sb"> `</span><span class="p">,</span> <span class="p">{</span> <span class="nx">params</span><span class="o">:</span> <span class="p">{</span> <span class="nx">min_accounts</span>: <span class="kt">minAccounts</span> <span class="p">}</span> <span class="p">});</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="nx">rows</span><span class="p">.</span><span class="nx">map</span><span class="p">(</span><span class="nx">row</span> <span class="o">=></span> <span class="p">({</span>
</span></span><span class="line"><span class="cl"> <span class="nx">deviceFingerprint</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'device_fingerprint'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asString</span> <span class="o">??</span> <span class="s1">''</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">deviceType</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'device_type'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asString</span> <span class="o">??</span> <span class="s1">''</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">accountCount</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'account_count'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asNumber</span> <span class="o">??</span> <span class="mi">0</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">accounts</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'account_emails'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asList</span><span class="o">?</span><span class="p">.</span><span class="nx">map</span><span class="p">(</span><span class="nx">v</span> <span class="o">=></span> <span class="nx">v</span><span class="p">.</span><span class="nx">asString</span> <span class="o">??</span> <span class="s1">''</span><span class="p">)</span> <span class="o">??</span> <span class="p">[],</span>
</span></span><span class="line"><span class="cl"> <span class="nx">riskScores</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'risk_scores'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asList</span><span class="o">?</span><span class="p">.</span><span class="nx">map</span><span class="p">(</span><span class="nx">v</span> <span class="o">=></span> <span class="nx">v</span><span class="p">.</span><span class="nx">asNumber</span> <span class="o">??</span> <span class="mi">0</span><span class="p">)</span> <span class="o">??</span> <span class="p">[],</span>
</span></span><span class="line"><span class="cl"> <span class="p">}));</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kr">async</span> <span class="kd">function</span> <span class="nx">main() {</span>
</span></span><span class="line"><span class="cl"> <span class="kr">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">createClient</span><span class="p">(</span><span class="s1">'quic://localhost:3141'</span><span class="p">);</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="kr">const</span> <span class="nx">alerts</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">findSharedDevices</span><span class="p">(</span><span class="nx">client</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">for</span> <span class="p">(</span><span class="kr">const</span> <span class="nx">alert</span> <span class="k">of</span> <span class="nx">alerts</span><span class="p">)</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="sb">`Device </span><span class="si">${</span><span class="nx">alert</span><span class="p">.</span><span class="nx">deviceFingerprint</span><span class="si">}</span><span class="sb"> shared by </span><span class="si">${</span><span class="nx">alert</span><span class="p">.</span><span class="nx">accountCount</span><span class="si">}</span><span class="sb"> accounts:`</span><span class="p">);</span>
</span></span><span class="line"><span class="cl"> <span class="nx">alert</span><span class="p">.</span><span class="nx">accounts</span><span class="p">.</span><span class="nx">forEach</span><span class="p">(</span><span class="nx">account</span> <span class="o">=></span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="sb">` - </span><span class="si">${</span><span class="nx">account</span><span class="si">}</span><span class="sb">`</span><span class="p">));</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nx">close</span><span class="p">();</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="nx">main</span><span class="p">();</span>
</span></span></code></pre></div>
</div><div
class="tab-pane fade"
id="tabs-1774880884642858253-tab-4"
role="tabpanel"
aria-labelledby="tabs-1774880884642858253-tab-4-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-zig" data-lang="zig"><span class="line"><span class="cl"><span class="kr">const</span><span class="w"> </span><span class="n">std</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">@import</span><span class="p">(</span><span class="s">"std"</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="kr">const</span><span class="w"> </span><span class="n">geode</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">@import</span><span class="p">(</span><span class="s">"geode_client"</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="kr">const</span><span class="w"> </span><span class="n">SharedDeviceAlert</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">struct</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_fingerprint</span><span class="o">:</span><span class="w"> </span><span class="p">[]</span><span class="kr">const</span><span class="w"> </span><span class="kt">u8</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_type</span><span class="o">:</span><span class="w"> </span><span class="p">[]</span><span class="kr">const</span><span class="w"> </span><span class="kt">u8</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_count</span><span class="o">:</span><span class="w"> </span><span class="kt">i64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">accounts</span><span class="o">:</span><span class="w"> </span><span class="n">std</span><span class="p">.</span><span class="n">ArrayList</span><span class="p">([]</span><span class="kr">const</span><span class="w"> </span><span class="kt">u8</span><span class="p">),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">risk_scores</span><span class="o">:</span><span class="w"> </span><span class="n">std</span><span class="p">.</span><span class="n">ArrayList</span><span class="p">(</span><span class="kt">f64</span><span class="p">),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">};</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="kr">pub</span><span class="w"> </span><span class="k">fn</span><span class="w"> </span><span class="n">findSharedDevices</span><span class="p">(</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">client</span><span class="o">:</span><span class="w"> </span><span class="o">*</span><span class="n">geode</span><span class="p">.</span><span class="n">GeodeClient</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">allocator</span><span class="o">:</span><span class="w"> </span><span class="n">std</span><span class="p">.</span><span class="n">mem</span><span class="p">.</span><span class="n">Allocator</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">min_accounts</span><span class="o">:</span><span class="w"> </span><span class="kt">i64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">)</span><span class="w"> </span><span class="o">!</span><span class="n">std</span><span class="p">.</span><span class="n">ArrayList</span><span class="p">(</span><span class="n">SharedDeviceAlert</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kr">var</span><span class="w"> </span><span class="n">params</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">std</span><span class="p">.</span><span class="n">json</span><span class="p">.</span><span class="n">ObjectMap</span><span class="p">.</span><span class="n">init</span><span class="p">(</span><span class="n">allocator</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">defer</span><span class="w"> </span><span class="n">params</span><span class="p">.</span><span class="n">deinit</span><span class="p">();</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">params</span><span class="p">.</span><span class="n">put</span><span class="p">(</span><span class="s">"min_accounts"</span><span class="p">,</span><span class="w"> </span><span class="p">.{</span><span class="w"> </span><span class="p">.</span><span class="n">integer</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">min_accounts</span><span class="w"> </span><span class="p">});</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">sendRunGql</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\MATCH (device:Device)<-[:USES_DEVICE]-(account:Account)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WITH device, collect(account) AS accounts, count(account) AS account_count</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WHERE account_count > $min_accounts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\RETURN</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ device.fingerprint AS device_fingerprint,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ device.device_type AS device_type,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ account_count,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ [a IN accounts | a.email] AS account_emails,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ [a IN accounts | a.risk_score] AS risk_scores</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ORDER BY account_count DESC</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\LIMIT 100</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">,</span><span class="w"> </span><span class="p">.{</span><span class="w"> </span><span class="p">.</span><span class="n">object</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">params</span><span class="w"> </span><span class="p">});</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">_</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">receiveMessage</span><span class="p">(</span><span class="mi">30000</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">sendPull</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="mi">1000</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kr">const</span><span class="w"> </span><span class="n">result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">receiveMessage</span><span class="p">(</span><span class="mi">30000</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">defer</span><span class="w"> </span><span class="n">allocator</span><span class="p">.</span><span class="n">free</span><span class="p">(</span><span class="n">result</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kr">var</span><span class="w"> </span><span class="n">alerts</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">std</span><span class="p">.</span><span class="n">ArrayList</span><span class="p">(</span><span class="n">SharedDeviceAlert</span><span class="p">).</span><span class="n">init</span><span class="p">(</span><span class="n">allocator</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">// Parse result and populate alerts
</span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">alerts</span><span class="p">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="kr">pub</span><span class="w"> </span><span class="k">fn</span><span class="w"> </span><span class="n">main</span><span class="p">()</span><span class="w"> </span><span class="o">!</span><span class="kt">void</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kr">var</span><span class="w"> </span><span class="n">gpa</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">std</span><span class="p">.</span><span class="n">heap</span><span class="p">.</span><span class="n">GeneralPurposeAllocator</span><span class="p">(.{}){};</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">defer</span><span class="w"> </span><span class="n">_</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">gpa</span><span class="p">.</span><span class="n">deinit</span><span class="p">();</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kr">const</span><span class="w"> </span><span class="n">allocator</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">gpa</span><span class="p">.</span><span class="n">allocator</span><span class="p">();</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kr">var</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">geode</span><span class="p">.</span><span class="n">GeodeClient</span><span class="p">.</span><span class="n">init</span><span class="p">(</span><span class="n">allocator</span><span class="p">,</span><span class="w"> </span><span class="s">"localhost"</span><span class="p">,</span><span class="w"> </span><span class="mi">3141</span><span class="p">,</span><span class="w"> </span><span class="kc">true</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">defer</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">deinit</span><span class="p">();</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">connect</span><span class="p">();</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">sendHello</span><span class="p">(</span><span class="s">"fraud-detection"</span><span class="p">,</span><span class="w"> </span><span class="s">"1.0.0"</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">_</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">receiveMessage</span><span class="p">(</span><span class="mi">30000</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kr">const</span><span class="w"> </span><span class="n">alerts</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">findSharedDevices</span><span class="p">(</span><span class="o">&</span><span class="n">client</span><span class="p">,</span><span class="w"> </span><span class="n">allocator</span><span class="p">,</span><span class="w"> </span><span class="mi">2</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">defer</span><span class="w"> </span><span class="n">alerts</span><span class="p">.</span><span class="n">deinit</span><span class="p">();</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="p">(</span><span class="n">alerts</span><span class="p">.</span><span class="n">items</span><span class="p">)</span><span class="w"> </span><span class="o">|</span><span class="n">alert</span><span class="o">|</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">std</span><span class="p">.</span><span class="n">debug</span><span class="p">.</span><span class="n">print</span><span class="p">(</span><span class="s">"Device {s} shared by {d} accounts</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span><span class="w"> </span><span class="p">.{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">alert</span><span class="p">.</span><span class="n">device_fingerprint</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">alert</span><span class="p">.</span><span class="n">account_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">});</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span></code></pre></div>
</div></div>
</div>
<h4 id="pattern-2-transaction-rings" class="position-relative d-flex align-items-center group">
<span>Pattern 2: Transaction Rings</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="pattern-2-transaction-rings"
aria-haspopup="dialog"
aria-label="Share link: Pattern 2: Transaction Rings">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Circular transaction patterns often indicate money laundering.</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Find</span><span class="w"> </span><span class="py">circular</span><span class="w"> </span><span class="py">transaction</span><span class="w"> </span><span class="py">patterns</span><span class="w"> </span><span class="p">(</span><span class="py">money</span><span class="w"> </span><span class="py">laundering</span><span class="w"> </span><span class="py">rings</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="py">ring</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="p">(</span><span class="py">start</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">PAID_TO</span><span class="p">]</span><span class="err">-></span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">(</span><span class="py">a2</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">PAID_TO</span><span class="p">]</span><span class="err">-></span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">(</span><span class="py">a3</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">PAID_TO</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">start</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">start</span><span class="w"> </span><span class="err"><></span><span class="w"> </span><span class="py">a2</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">start</span><span class="w"> </span><span class="err"><></span><span class="w"> </span><span class="py">a3</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">a2</span><span class="w"> </span><span class="err"><></span><span class="w"> </span><span class="py">a3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">n</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">nodes</span><span class="p">(</span><span class="py">ring</span><span class="p">)</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">n</span><span class="p">:</span><span class="nc">Account</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">n</span><span class="err">.</span><span class="py">email</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">ring_accounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">n</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">nodes</span><span class="p">(</span><span class="py">ring</span><span class="p">)</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">n</span><span class="p">:</span><span class="nc">Transaction</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">n</span><span class="err">.</span><span class="py">amount</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">amounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">n</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">nodes</span><span class="p">(</span><span class="py">ring</span><span class="p">)</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">n</span><span class="p">:</span><span class="nc">Transaction</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">n</span><span class="err">.</span><span class="py">timestamp</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">timestamps</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">LIMIT</span><span class="w"> </span><span class="py">20</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="pattern-3-velocity-patterns" class="position-relative d-flex align-items-center group">
<span>Pattern 3: Velocity Patterns</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="pattern-3-velocity-patterns"
aria-haspopup="dialog"
aria-label="Share link: Pattern 3: Velocity Patterns">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Unusual activity spikes indicate potential fraud.</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Find</span><span class="w"> </span><span class="py">accounts</span><span class="w"> </span><span class="py">with</span><span class="w"> </span><span class="py">unusual</span><span class="w"> </span><span class="py">transaction</span><span class="w"> </span><span class="py">velocity</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">tx</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">PT1H</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="py">tx</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">tx_count</span><span class="p">,</span><span class="w"> </span><span class="py">sum</span><span class="p">(</span><span class="py">tx</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_amount</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">tx_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">10</span><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">total_amount</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">10000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Compare</span><span class="w"> </span><span class="py">to</span><span class="w"> </span><span class="py">historical</span><span class="w"> </span><span class="py">average</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">historical</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">historical</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">P30D</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">historical</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">PT1H</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">tx_count</span><span class="p">,</span><span class="w"> </span><span class="py">total_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="py">historical</span><span class="p">)</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="py">720</span><span class="mf">.0</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">avg_hourly_count</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">720</span><span class="w"> </span><span class="py">hours</span><span class="w"> </span><span class="py">in</span><span class="w"> </span><span class="py">30</span><span class="w"> </span><span class="py">days</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">sum</span><span class="p">(</span><span class="py">historical</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="py">720</span><span class="mf">.0</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">avg_hourly_amount</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">tx_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">avg_hourly_count</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">total_amount</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">avg_hourly_amount</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">email</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">tx_count</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">recent_transactions</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">total_amount</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">recent_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">avg_hourly_count</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">typical_hourly_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">avg_hourly_amount</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">typical_hourly_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">tx_count</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="py">avg_hourly_count</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">velocity_multiplier</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">ORDER</span><span class="w"> </span><span class="py">BY</span><span class="w"> </span><span class="py">velocity_multiplier</span><span class="w"> </span><span class="py">DESC</span><span class="w">
</span></span></span></code></pre></div><div class="docs-tabs mb-4">
<ul class="nav nav-tabs" id="tabs-1774880884692387346" role="tablist"><li class="nav-item" role="presentation">
<button
class="nav-link active"
id="tabs-1774880884692387346-tab-0-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884692387346-tab-0"
type="button"
role="tab"
aria-controls="tabs-1774880884692387346-tab-0"
aria-selected="true"
>
Go
</button>
</li><li class="nav-item" role="presentation">
<button
class="nav-link"
id="tabs-1774880884692387346-tab-1-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884692387346-tab-1"
type="button"
role="tab"
aria-controls="tabs-1774880884692387346-tab-1"
aria-selected="false"
>
Python
</button>
</li><li class="nav-item" role="presentation">
<button
class="nav-link"
id="tabs-1774880884692387346-tab-2-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884692387346-tab-2"
type="button"
role="tab"
aria-controls="tabs-1774880884692387346-tab-2"
aria-selected="false"
>
Rust
</button>
</li><li class="nav-item" role="presentation">
<button
class="nav-link"
id="tabs-1774880884692387346-tab-3-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884692387346-tab-3"
type="button"
role="tab"
aria-controls="tabs-1774880884692387346-tab-3"
aria-selected="false"
>
Node.js
</button>
</li><li class="nav-item" role="presentation">
<button
class="nav-link"
id="tabs-1774880884692387346-tab-4-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884692387346-tab-4"
type="button"
role="tab"
aria-controls="tabs-1774880884692387346-tab-4"
aria-selected="false"
>
Zig
</button>
</li></ul>
<div class="tab-content border border-top-0 rounded-bottom p-3" id="tabs-1774880884692387346-content"><div
class="tab-pane fade show active"
id="tabs-1774880884692387346-tab-0"
role="tabpanel"
aria-labelledby="tabs-1774880884692387346-tab-0-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-go" data-lang="go"><span class="line"><span class="cl"><span class="kd">type</span> <span class="nx">VelocityAlert</span> <span class="kd">struct</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">AccountEmail</span> <span class="kt">string</span>
</span></span><span class="line"><span class="cl"> <span class="nx">RecentTxCount</span> <span class="kt">int</span>
</span></span><span class="line"><span class="cl"> <span class="nx">RecentAmount</span> <span class="kt">float64</span>
</span></span><span class="line"><span class="cl"> <span class="nx">TypicalHourlyCount</span> <span class="kt">float64</span>
</span></span><span class="line"><span class="cl"> <span class="nx">TypicalHourlyAmount</span> <span class="kt">float64</span>
</span></span><span class="line"><span class="cl"> <span class="nx">VelocityMultiplier</span> <span class="kt">float64</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kd">func</span> <span class="nf">FindVelocityAnomalies</span><span class="p">(</span><span class="nx">ctx</span> <span class="nx">context</span><span class="p">.</span><span class="nx">Context</span><span class="p">,</span> <span class="nx">db</span> <span class="o">*</span><span class="nx">sql</span><span class="p">.</span><span class="nx">DB</span><span class="p">)</span> <span class="p">([]</span><span class="nx">VelocityAlert</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">rows</span><span class="p">,</span> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">db</span><span class="p">.</span><span class="nf">QueryContext</span><span class="p">(</span><span class="nx">ctx</span><span class="p">,</span> <span class="s">`
</span></span></span><span class="line"><span class="cl"><span class="s"> MATCH (account:Account)-[:INITIATED]->(tx:Transaction)
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE tx.timestamp > timestamp() - duration('PT1H')
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account, count(tx) AS tx_count, sum(tx.amount) AS total_amount
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE tx_count > 10 OR total_amount > 10000
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> OPTIONAL MATCH (account)-[:INITIATED]->(historical:Transaction)
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE historical.timestamp > timestamp() - duration('P30D')
</span></span></span><span class="line"><span class="cl"><span class="s"> AND historical.timestamp < timestamp() - duration('PT1H')
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account, tx_count, total_amount,
</span></span></span><span class="line"><span class="cl"><span class="s"> count(historical) / 720.0 AS avg_hourly_count,
</span></span></span><span class="line"><span class="cl"><span class="s"> sum(historical.amount) / 720.0 AS avg_hourly_amount
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE tx_count > avg_hourly_count * 5
</span></span></span><span class="line"><span class="cl"><span class="s"> OR total_amount > avg_hourly_amount * 5
</span></span></span><span class="line"><span class="cl"><span class="s"> RETURN
</span></span></span><span class="line"><span class="cl"><span class="s"> account.email AS email,
</span></span></span><span class="line"><span class="cl"><span class="s"> tx_count AS recent_transactions,
</span></span></span><span class="line"><span class="cl"><span class="s"> total_amount AS recent_amount,
</span></span></span><span class="line"><span class="cl"><span class="s"> avg_hourly_count AS typical_count,
</span></span></span><span class="line"><span class="cl"><span class="s"> avg_hourly_amount AS typical_amount,
</span></span></span><span class="line"><span class="cl"><span class="s"> CASE WHEN avg_hourly_count > 0
</span></span></span><span class="line"><span class="cl"><span class="s"> THEN tx_count / avg_hourly_count
</span></span></span><span class="line"><span class="cl"><span class="s"> ELSE 999 END AS velocity_multiplier
</span></span></span><span class="line"><span class="cl"><span class="s"> ORDER BY velocity_multiplier DESC
</span></span></span><span class="line"><span class="cl"><span class="s"> LIMIT 50
</span></span></span><span class="line"><span class="cl"><span class="s"> `</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">nil</span><span class="p">,</span> <span class="nx">err</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl"> <span class="k">defer</span> <span class="nx">rows</span><span class="p">.</span><span class="nf">Close</span><span class="p">()</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="kd">var</span> <span class="nx">alerts</span> <span class="p">[]</span><span class="nx">VelocityAlert</span>
</span></span><span class="line"><span class="cl"> <span class="k">for</span> <span class="nx">rows</span><span class="p">.</span><span class="nf">Next</span><span class="p">()</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="kd">var</span> <span class="nx">alert</span> <span class="nx">VelocityAlert</span>
</span></span><span class="line"><span class="cl"> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">rows</span><span class="p">.</span><span class="nf">Scan</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">alert</span><span class="p">.</span><span class="nx">AccountEmail</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">alert</span><span class="p">.</span><span class="nx">RecentTxCount</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">alert</span><span class="p">.</span><span class="nx">RecentAmount</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">alert</span><span class="p">.</span><span class="nx">TypicalHourlyCount</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">alert</span><span class="p">.</span><span class="nx">TypicalHourlyAmount</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">alert</span><span class="p">.</span><span class="nx">VelocityMultiplier</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">nil</span><span class="p">,</span> <span class="nx">err</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl"> <span class="nx">alerts</span> <span class="p">=</span> <span class="nb">append</span><span class="p">(</span><span class="nx">alerts</span><span class="p">,</span> <span class="nx">alert</span><span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="nx">alerts</span><span class="p">,</span> <span class="kc">nil</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span></code></pre></div>
</div><div
class="tab-pane fade"
id="tabs-1774880884692387346-tab-1"
role="tabpanel"
aria-labelledby="tabs-1774880884692387346-tab-1-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"><span class="line"><span class="cl"><span class="nd">@dataclass</span>
</span></span><span class="line"><span class="cl"><span class="k">class</span> <span class="nc">VelocityAlert</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="n">account_email</span><span class="p">:</span> <span class="nb">str</span>
</span></span><span class="line"><span class="cl"> <span class="n">recent_tx_count</span><span class="p">:</span> <span class="nb">int</span>
</span></span><span class="line"><span class="cl"> <span class="n">recent_amount</span><span class="p">:</span> <span class="nb">float</span>
</span></span><span class="line"><span class="cl"> <span class="n">typical_hourly_count</span><span class="p">:</span> <span class="nb">float</span>
</span></span><span class="line"><span class="cl"> <span class="n">typical_hourly_amount</span><span class="p">:</span> <span class="nb">float</span>
</span></span><span class="line"><span class="cl"> <span class="n">velocity_multiplier</span><span class="p">:</span> <span class="nb">float</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="k">async</span> <span class="k">def</span> <span class="nf">find_velocity_anomalies</span><span class="p">(</span><span class="n">client</span><span class="p">)</span> <span class="o">-></span> <span class="n">List</span><span class="p">[</span><span class="n">VelocityAlert</span><span class="p">]:</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"""Find accounts with unusual transaction velocity."""</span>
</span></span><span class="line"><span class="cl"> <span class="k">async</span> <span class="k">with</span> <span class="n">client</span><span class="o">.</span><span class="n">connection</span><span class="p">()</span> <span class="k">as</span> <span class="n">conn</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="n">result</span><span class="p">,</span> <span class="n">_</span> <span class="o">=</span> <span class="k">await</span> <span class="n">conn</span><span class="o">.</span><span class="n">query</span><span class="p">(</span><span class="s2">"""
</span></span></span><span class="line"><span class="cl"><span class="s2"> MATCH (account:Account)-[:INITIATED]->(tx:Transaction)
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHERE tx.timestamp > timestamp() - duration('PT1H')
</span></span></span><span class="line"><span class="cl"><span class="s2"> WITH account, count(tx) AS tx_count, sum(tx.amount) AS total_amount
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHERE tx_count > 10 OR total_amount > 10000
</span></span></span><span class="line"><span class="cl"><span class="s2">
</span></span></span><span class="line"><span class="cl"><span class="s2"> OPTIONAL MATCH (account)-[:INITIATED]->(historical:Transaction)
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHERE historical.timestamp > timestamp() - duration('P30D')
</span></span></span><span class="line"><span class="cl"><span class="s2"> AND historical.timestamp < timestamp() - duration('PT1H')
</span></span></span><span class="line"><span class="cl"><span class="s2"> WITH account, tx_count, total_amount,
</span></span></span><span class="line"><span class="cl"><span class="s2"> count(historical) / 720.0 AS avg_hourly_count,
</span></span></span><span class="line"><span class="cl"><span class="s2"> sum(historical.amount) / 720.0 AS avg_hourly_amount
</span></span></span><span class="line"><span class="cl"><span class="s2">
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHERE tx_count > avg_hourly_count * 5
</span></span></span><span class="line"><span class="cl"><span class="s2"> OR total_amount > avg_hourly_amount * 5
</span></span></span><span class="line"><span class="cl"><span class="s2"> RETURN
</span></span></span><span class="line"><span class="cl"><span class="s2"> account.email AS email,
</span></span></span><span class="line"><span class="cl"><span class="s2"> tx_count AS recent_transactions,
</span></span></span><span class="line"><span class="cl"><span class="s2"> total_amount AS recent_amount,
</span></span></span><span class="line"><span class="cl"><span class="s2"> avg_hourly_count AS typical_count,
</span></span></span><span class="line"><span class="cl"><span class="s2"> avg_hourly_amount AS typical_amount,
</span></span></span><span class="line"><span class="cl"><span class="s2"> CASE WHEN avg_hourly_count > 0
</span></span></span><span class="line"><span class="cl"><span class="s2"> THEN tx_count / avg_hourly_count
</span></span></span><span class="line"><span class="cl"><span class="s2"> ELSE 999 END AS velocity_multiplier
</span></span></span><span class="line"><span class="cl"><span class="s2"> ORDER BY velocity_multiplier DESC
</span></span></span><span class="line"><span class="cl"><span class="s2"> LIMIT 50
</span></span></span><span class="line"><span class="cl"><span class="s2"> """</span><span class="p">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="p">[</span>
</span></span><span class="line"><span class="cl"> <span class="n">VelocityAlert</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="n">account_email</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'email'</span><span class="p">]</span><span class="o">.</span><span class="n">as_string</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">recent_tx_count</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'recent_transactions'</span><span class="p">]</span><span class="o">.</span><span class="n">as_int</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">recent_amount</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'recent_amount'</span><span class="p">]</span><span class="o">.</span><span class="n">as_float</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">typical_hourly_count</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'typical_count'</span><span class="p">]</span><span class="o">.</span><span class="n">as_float</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">typical_hourly_amount</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'typical_amount'</span><span class="p">]</span><span class="o">.</span><span class="n">as_float</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">velocity_multiplier</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'velocity_multiplier'</span><span class="p">]</span><span class="o">.</span><span class="n">as_float</span>
</span></span><span class="line"><span class="cl"> <span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">result</span><span class="o">.</span><span class="n">rows</span>
</span></span><span class="line"><span class="cl"> <span class="p">]</span>
</span></span></code></pre></div>
</div><div
class="tab-pane fade"
id="tabs-1774880884692387346-tab-2"
role="tabpanel"
aria-labelledby="tabs-1774880884692387346-tab-2-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-rust" data-lang="rust"><span class="line"><span class="cl"><span class="cp">#[derive(Debug)]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">struct</span> <span class="nc">VelocityAlert</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_email</span>: <span class="nb">String</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">recent_tx_count</span>: <span class="kt">i64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">recent_amount</span>: <span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">typical_hourly_count</span>: <span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">typical_hourly_amount</span>: <span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">velocity_multiplier</span>: <span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">async</span><span class="w"> </span><span class="k">fn</span> <span class="nf">find_velocity_anomalies</span><span class="p">(</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">conn</span>: <span class="kp">&</span><span class="nc">mut</span><span class="w"> </span><span class="n">geode_client</span>::<span class="n">Connection</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">)</span><span class="w"> </span>-> <span class="nb">Result</span><span class="o"><</span><span class="nb">Vec</span><span class="o"><</span><span class="n">VelocityAlert</span><span class="o">></span><span class="p">,</span><span class="w"> </span><span class="nb">Box</span><span class="o"><</span><span class="k">dyn</span><span class="w"> </span><span class="n">std</span>::<span class="n">error</span>::<span class="n">Error</span><span class="o">>></span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="p">(</span><span class="n">page</span><span class="p">,</span><span class="w"> </span><span class="n">_</span><span class="p">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">conn</span><span class="p">.</span><span class="n">query</span><span class="p">(</span><span class="sa">r</span><span class="s">#"
</span></span></span><span class="line"><span class="cl"><span class="s"> MATCH (account:Account)-[:INITIATED]->(tx:Transaction)
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE tx.timestamp > timestamp() - duration('PT1H')
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account, count(tx) AS tx_count, sum(tx.amount) AS total_amount
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE tx_count > 10 OR total_amount > 10000
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> OPTIONAL MATCH (account)-[:INITIATED]->(historical:Transaction)
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE historical.timestamp > timestamp() - duration('P30D')
</span></span></span><span class="line"><span class="cl"><span class="s"> AND historical.timestamp < timestamp() - duration('PT1H')
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account, tx_count, total_amount,
</span></span></span><span class="line"><span class="cl"><span class="s"> count(historical) / 720.0 AS avg_hourly_count,
</span></span></span><span class="line"><span class="cl"><span class="s"> sum(historical.amount) / 720.0 AS avg_hourly_amount
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE tx_count > avg_hourly_count * 5
</span></span></span><span class="line"><span class="cl"><span class="s"> OR total_amount > avg_hourly_amount * 5
</span></span></span><span class="line"><span class="cl"><span class="s"> RETURN
</span></span></span><span class="line"><span class="cl"><span class="s"> account.email AS email,
</span></span></span><span class="line"><span class="cl"><span class="s"> tx_count AS recent_transactions,
</span></span></span><span class="line"><span class="cl"><span class="s"> total_amount AS recent_amount,
</span></span></span><span class="line"><span class="cl"><span class="s"> avg_hourly_count AS typical_count,
</span></span></span><span class="line"><span class="cl"><span class="s"> avg_hourly_amount AS typical_amount,
</span></span></span><span class="line"><span class="cl"><span class="s"> CASE WHEN avg_hourly_count > 0
</span></span></span><span class="line"><span class="cl"><span class="s"> THEN tx_count / avg_hourly_count
</span></span></span><span class="line"><span class="cl"><span class="s"> ELSE 999 END AS velocity_multiplier
</span></span></span><span class="line"><span class="cl"><span class="s"> ORDER BY velocity_multiplier DESC
</span></span></span><span class="line"><span class="cl"><span class="s"> LIMIT 50
</span></span></span><span class="line"><span class="cl"><span class="s"> "#</span><span class="p">).</span><span class="k">await</span><span class="o">?</span><span class="p">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="k">mut</span><span class="w"> </span><span class="n">alerts</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">Vec</span>::<span class="n">new</span><span class="p">();</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">row</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="o">&</span><span class="n">page</span><span class="p">.</span><span class="n">rows</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">alerts</span><span class="p">.</span><span class="n">push</span><span class="p">(</span><span class="n">VelocityAlert</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_email</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"email"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_string</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">recent_tx_count</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"recent_transactions"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_int</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">recent_amount</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"recent_amount"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_float</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">typical_hourly_count</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"typical_count"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_float</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">typical_hourly_amount</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"typical_amount"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_float</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">velocity_multiplier</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"velocity_multiplier"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_float</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">});</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nb">Ok</span><span class="p">(</span><span class="n">alerts</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span></code></pre></div>
</div><div
class="tab-pane fade"
id="tabs-1774880884692387346-tab-3"
role="tabpanel"
aria-labelledby="tabs-1774880884692387346-tab-3-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-typescript" data-lang="typescript"><span class="line"><span class="cl"><span class="kr">interface</span> <span class="nx">VelocityAlert</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">accountEmail</span>: <span class="kt">string</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"> <span class="nx">recentTxCount</span>: <span class="kt">number</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"> <span class="nx">recentAmount</span>: <span class="kt">number</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"> <span class="nx">typicalHourlyCount</span>: <span class="kt">number</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"> <span class="nx">typicalHourlyAmount</span>: <span class="kt">number</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"> <span class="nx">velocityMultiplier</span>: <span class="kt">number</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kr">async</span> <span class="kd">function</span> <span class="nx">findVelocityAnomalies</span><span class="p">(</span><span class="nx">client</span>: <span class="kt">Client</span><span class="p">)</span><span class="o">:</span> <span class="nx">Promise</span><span class="p"><</span><span class="nt">VelocityAlert</span><span class="err">[]</span><span class="p">></span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="kr">const</span> <span class="nx">rows</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nx">queryAll</span><span class="p">(</span><span class="sb">`
</span></span></span><span class="line"><span class="cl"><span class="sb"> MATCH (account:Account)-[:INITIATED]->(tx:Transaction)
</span></span></span><span class="line"><span class="cl"><span class="sb"> WHERE tx.timestamp > timestamp() - duration('PT1H')
</span></span></span><span class="line"><span class="cl"><span class="sb"> WITH account, count(tx) AS tx_count, sum(tx.amount) AS total_amount
</span></span></span><span class="line"><span class="cl"><span class="sb"> WHERE tx_count > 10 OR total_amount > 10000
</span></span></span><span class="line"><span class="cl"><span class="sb">
</span></span></span><span class="line"><span class="cl"><span class="sb"> OPTIONAL MATCH (account)-[:INITIATED]->(historical:Transaction)
</span></span></span><span class="line"><span class="cl"><span class="sb"> WHERE historical.timestamp > timestamp() - duration('P30D')
</span></span></span><span class="line"><span class="cl"><span class="sb"> AND historical.timestamp < timestamp() - duration('PT1H')
</span></span></span><span class="line"><span class="cl"><span class="sb"> WITH account, tx_count, total_amount,
</span></span></span><span class="line"><span class="cl"><span class="sb"> count(historical) / 720.0 AS avg_hourly_count,
</span></span></span><span class="line"><span class="cl"><span class="sb"> sum(historical.amount) / 720.0 AS avg_hourly_amount
</span></span></span><span class="line"><span class="cl"><span class="sb">
</span></span></span><span class="line"><span class="cl"><span class="sb"> WHERE tx_count > avg_hourly_count * 5
</span></span></span><span class="line"><span class="cl"><span class="sb"> OR total_amount > avg_hourly_amount * 5
</span></span></span><span class="line"><span class="cl"><span class="sb"> RETURN
</span></span></span><span class="line"><span class="cl"><span class="sb"> account.email AS email,
</span></span></span><span class="line"><span class="cl"><span class="sb"> tx_count AS recent_transactions,
</span></span></span><span class="line"><span class="cl"><span class="sb"> total_amount AS recent_amount,
</span></span></span><span class="line"><span class="cl"><span class="sb"> avg_hourly_count AS typical_count,
</span></span></span><span class="line"><span class="cl"><span class="sb"> avg_hourly_amount AS typical_amount,
</span></span></span><span class="line"><span class="cl"><span class="sb"> CASE WHEN avg_hourly_count > 0
</span></span></span><span class="line"><span class="cl"><span class="sb"> THEN tx_count / avg_hourly_count
</span></span></span><span class="line"><span class="cl"><span class="sb"> ELSE 999 END AS velocity_multiplier
</span></span></span><span class="line"><span class="cl"><span class="sb"> ORDER BY velocity_multiplier DESC
</span></span></span><span class="line"><span class="cl"><span class="sb"> LIMIT 50
</span></span></span><span class="line"><span class="cl"><span class="sb"> `</span><span class="p">);</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="nx">rows</span><span class="p">.</span><span class="nx">map</span><span class="p">(</span><span class="nx">row</span> <span class="o">=></span> <span class="p">({</span>
</span></span><span class="line"><span class="cl"> <span class="nx">accountEmail</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'email'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asString</span> <span class="o">??</span> <span class="s1">''</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">recentTxCount</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'recent_transactions'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asNumber</span> <span class="o">??</span> <span class="mi">0</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">recentAmount</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'recent_amount'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asNumber</span> <span class="o">??</span> <span class="mi">0</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">typicalHourlyCount</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'typical_count'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asNumber</span> <span class="o">??</span> <span class="mi">0</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">typicalHourlyAmount</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'typical_amount'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asNumber</span> <span class="o">??</span> <span class="mi">0</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">velocityMultiplier</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'velocity_multiplier'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asNumber</span> <span class="o">??</span> <span class="mi">0</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="p">}));</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span></code></pre></div>
</div><div
class="tab-pane fade"
id="tabs-1774880884692387346-tab-4"
role="tabpanel"
aria-labelledby="tabs-1774880884692387346-tab-4-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-zig" data-lang="zig"><span class="line"><span class="cl"><span class="kr">const</span><span class="w"> </span><span class="n">VelocityAlert</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">struct</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_email</span><span class="o">:</span><span class="w"> </span><span class="p">[]</span><span class="kr">const</span><span class="w"> </span><span class="kt">u8</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">recent_tx_count</span><span class="o">:</span><span class="w"> </span><span class="kt">i64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">recent_amount</span><span class="o">:</span><span class="w"> </span><span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">typical_hourly_count</span><span class="o">:</span><span class="w"> </span><span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">typical_hourly_amount</span><span class="o">:</span><span class="w"> </span><span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">velocity_multiplier</span><span class="o">:</span><span class="w"> </span><span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">};</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="kr">pub</span><span class="w"> </span><span class="k">fn</span><span class="w"> </span><span class="n">findVelocityAnomalies</span><span class="p">(</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">client</span><span class="o">:</span><span class="w"> </span><span class="o">*</span><span class="n">geode</span><span class="p">.</span><span class="n">GeodeClient</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">allocator</span><span class="o">:</span><span class="w"> </span><span class="n">std</span><span class="p">.</span><span class="n">mem</span><span class="p">.</span><span class="n">Allocator</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">)</span><span class="w"> </span><span class="o">!</span><span class="n">std</span><span class="p">.</span><span class="n">ArrayList</span><span class="p">(</span><span class="n">VelocityAlert</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">sendRunGql</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\MATCH (account:Account)-[:INITIATED]->(tx:Transaction)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WHERE tx.timestamp > timestamp() - duration('PT1H')</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WITH account, count(tx) AS tx_count, sum(tx.amount) AS total_amount</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WHERE tx_count > 10 OR total_amount > 10000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\OPTIONAL MATCH (account)-[:INITIATED]->(historical:Transaction)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WHERE historical.timestamp > timestamp() - duration('P30D')</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ AND historical.timestamp < timestamp() - duration('PT1H')</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WITH account, tx_count, total_amount,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ count(historical) / 720.0 AS avg_hourly_count,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ sum(historical.amount) / 720.0 AS avg_hourly_amount</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WHERE tx_count > avg_hourly_count * 5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ OR total_amount > avg_hourly_amount * 5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\RETURN</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ account.email AS email,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ tx_count AS recent_transactions,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ total_amount AS recent_amount,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ avg_hourly_count AS typical_count,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ avg_hourly_amount AS typical_amount,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ CASE WHEN avg_hourly_count > 0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ THEN tx_count / avg_hourly_count</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ ELSE 999 END AS velocity_multiplier</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ORDER BY velocity_multiplier DESC</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\LIMIT 50</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">,</span><span class="w"> </span><span class="kc">null</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">_</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">receiveMessage</span><span class="p">(</span><span class="mi">30000</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">sendPull</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="mi">1000</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kr">const</span><span class="w"> </span><span class="n">result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">receiveMessage</span><span class="p">(</span><span class="mi">30000</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">defer</span><span class="w"> </span><span class="n">allocator</span><span class="p">.</span><span class="n">free</span><span class="p">(</span><span class="n">result</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kr">var</span><span class="w"> </span><span class="n">alerts</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">std</span><span class="p">.</span><span class="n">ArrayList</span><span class="p">(</span><span class="n">VelocityAlert</span><span class="p">).</span><span class="n">init</span><span class="p">(</span><span class="n">allocator</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">alerts</span><span class="p">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span></code></pre></div>
</div></div>
</div>
<h4 id="pattern-4-identity-fraud" class="position-relative d-flex align-items-center group">
<span>Pattern 4: Identity Fraud</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="pattern-4-identity-fraud"
aria-haspopup="dialog"
aria-label="Share link: Pattern 4: Identity Fraud">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Multiple accounts sharing identity attributes.</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Find</span><span class="w"> </span><span class="py">accounts</span><span class="w"> </span><span class="py">sharing</span><span class="w"> </span><span class="py">identity</span><span class="w"> </span><span class="py">information</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a1</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">HAS_IDENTITY</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">i1</span><span class="p">:</span><span class="nc">Identity</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a2</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">HAS_IDENTITY</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">i2</span><span class="p">:</span><span class="nc">Identity</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">a1</span><span class="w"> </span><span class="err"><></span><span class="w"> </span><span class="py">a2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="p">(</span><span class="py">i1</span><span class="err">.</span><span class="py">ssn_hash</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">i2</span><span class="err">.</span><span class="py">ssn_hash</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">i1</span><span class="err">.</span><span class="py">address_hash</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">i2</span><span class="err">.</span><span class="py">address_hash</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="p">(</span><span class="py">i1</span><span class="err">.</span><span class="py">name</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">i2</span><span class="err">.</span><span class="py">name</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">i1</span><span class="err">.</span><span class="py">date_of_birth</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">i2</span><span class="err">.</span><span class="py">date_of_birth</span><span class="p">))</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">a1</span><span class="err">.</span><span class="py">email</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">account1</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">a2</span><span class="err">.</span><span class="py">email</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">account2</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">i1</span><span class="err">.</span><span class="py">name</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">name1</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">i2</span><span class="err">.</span><span class="py">name</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">name2</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">CASE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">i1</span><span class="err">.</span><span class="py">ssn_hash</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">i2</span><span class="err">.</span><span class="py">ssn_hash</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="err">'</span><span class="py">SSN</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">i1</span><span class="err">.</span><span class="py">address_hash</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">i2</span><span class="err">.</span><span class="py">address_hash</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="err">'</span><span class="py">Address</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="err">'</span><span class="py">Name</span><span class="err">+</span><span class="py">DOB</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">END</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">match_type</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="pattern-5-cross-border-suspicious-activity" class="position-relative d-flex align-items-center group">
<span>Pattern 5: Cross-Border Suspicious Activity</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="pattern-5-cross-border-suspicious-activity"
aria-haspopup="dialog"
aria-label="Share link: Pattern 5: Cross-Border Suspicious Activity">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Find</span><span class="w"> </span><span class="py">suspicious</span><span class="w"> </span><span class="py">cross</span><span class="err">-</span><span class="py">border</span><span class="w"> </span><span class="py">transactions</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">sender</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">tx</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">PAID_TO</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">receiver</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">tx</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FROM_IP</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">ip</span><span class="p">:</span><span class="nc">IPAddress</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">tx</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">pm</span><span class="p">:</span><span class="nc">PaymentMethod</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">ip</span><span class="err">.</span><span class="py">country</span><span class="w"> </span><span class="err"><></span><span class="w"> </span><span class="py">pm</span><span class="err">.</span><span class="py">country</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="p">(</span><span class="py">ip</span><span class="err">.</span><span class="py">is_vpn</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">true</span><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">ip</span><span class="err">.</span><span class="py">is_tor</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">true</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">sender</span><span class="p">,</span><span class="w"> </span><span class="py">receiver</span><span class="p">,</span><span class="w"> </span><span class="py">tx</span><span class="p">,</span><span class="w"> </span><span class="py">ip</span><span class="p">,</span><span class="w"> </span><span class="py">pm</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">CASE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">ip</span><span class="err">.</span><span class="py">is_tor</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">true</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">50</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">ip</span><span class="err">.</span><span class="py">is_vpn</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">true</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">30</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">ip</span><span class="err">.</span><span class="py">country</span><span class="w"> </span><span class="err"><></span><span class="w"> </span><span class="py">pm</span><span class="err">.</span><span class="py">country</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">20</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="py">0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">END</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">risk_points</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">risk_points</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">sender</span><span class="err">.</span><span class="py">email</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">sender</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">receiver</span><span class="err">.</span><span class="py">email</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">receiver</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">amount</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ip</span><span class="err">.</span><span class="py">country</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">ip_country</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">pm</span><span class="err">.</span><span class="py">country</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">payment_country</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ip</span><span class="err">.</span><span class="py">is_vpn</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">is_vpn</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ip</span><span class="err">.</span><span class="py">is_tor</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">is_tor</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">risk_points</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">ORDER</span><span class="w"> </span><span class="py">BY</span><span class="w"> </span><span class="py">risk_points</span><span class="w"> </span><span class="py">DESC</span><span class="p">,</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">amount</span><span class="w"> </span><span class="py">DESC</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="real-time-fraud-scoring" class="position-relative d-flex align-items-center group">
<span>Real-Time Fraud Scoring</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="real-time-fraud-scoring"
aria-haspopup="dialog"
aria-label="Share link: Real-Time Fraud Scoring">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="transaction-risk-score" class="position-relative d-flex align-items-center group">
<span>Transaction Risk Score</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="transaction-risk-score"
aria-haspopup="dialog"
aria-label="Share link: Transaction Risk Score">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Calculate</span><span class="w"> </span><span class="py">real</span><span class="err">-</span><span class="py">time</span><span class="w"> </span><span class="py">risk</span><span class="w"> </span><span class="py">score</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">a</span><span class="w"> </span><span class="py">transaction</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nv">$account_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="nc">Factor</span><span class="w"> </span><span class="py">1</span><span class="p">:</span><span class="w"> </span><span class="nc">Account</span><span class="w"> </span><span class="py">risk</span><span class="w"> </span><span class="p">(</span><span class="py">0</span><span class="err">-</span><span class="py">25</span><span class="w"> </span><span class="py">points</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">risk_score</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">25</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">account_risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Factor</span><span class="w"> </span><span class="py">2</span><span class="p">:</span><span class="w"> </span><span class="nc">Device</span><span class="w"> </span><span class="py">risk</span><span class="w"> </span><span class="p">(</span><span class="py">0</span><span class="err">-</span><span class="py">25</span><span class="w"> </span><span class="py">points</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USES_DEVICE</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">device</span><span class="p">:</span><span class="nc">Device</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nv">$device_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nc">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">account_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COALESCE</span><span class="p">(</span><span class="py">device</span><span class="err">.</span><span class="py">risk_score</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">25</span><span class="p">,</span><span class="w"> </span><span class="py">25</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">device_risk</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">Unknown</span><span class="w"> </span><span class="py">device</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">max</span><span class="w"> </span><span class="py">risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Factor</span><span class="w"> </span><span class="py">3</span><span class="p">:</span><span class="w"> </span><span class="nc">IP</span><span class="w"> </span><span class="py">risk</span><span class="w"> </span><span class="p">(</span><span class="py">0</span><span class="err">-</span><span class="py">25</span><span class="w"> </span><span class="py">points</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">ip</span><span class="p">:</span><span class="nc">IPAddress</span><span class="w"> </span><span class="p">{</span><span class="py">ip</span><span class="p">:</span><span class="w"> </span><span class="nv">$ip_address</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nc">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">account_risk</span><span class="p">,</span><span class="w"> </span><span class="py">device_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">CASE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">ip</span><span class="w"> </span><span class="py">IS</span><span class="w"> </span><span class="py">NULL</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">15</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">Unknown</span><span class="w"> </span><span class="py">IP</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">ip</span><span class="err">.</span><span class="py">is_tor</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">true</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">25</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">ip</span><span class="err">.</span><span class="py">is_vpn</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">true</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">20</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">ip</span><span class="err">.</span><span class="py">is_proxy</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">true</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">15</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="py">ip</span><span class="err">.</span><span class="py">risk_score</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">25</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">END</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">ip_risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Factor</span><span class="w"> </span><span class="py">4</span><span class="p">:</span><span class="w"> </span><span class="nc">Transaction</span><span class="w"> </span><span class="py">pattern</span><span class="w"> </span><span class="py">risk</span><span class="w"> </span><span class="p">(</span><span class="py">0</span><span class="err">-</span><span class="py">25</span><span class="w"> </span><span class="py">points</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">recent</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">recent</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">PT1H</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">account_risk</span><span class="p">,</span><span class="w"> </span><span class="py">device_risk</span><span class="p">,</span><span class="w"> </span><span class="py">ip_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="py">recent</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">recent_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">sum</span><span class="p">(</span><span class="py">recent</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">recent_total</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account_risk</span><span class="p">,</span><span class="w"> </span><span class="py">device_risk</span><span class="p">,</span><span class="w"> </span><span class="py">ip_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">CASE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">recent_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">20</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">25</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">recent_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">10</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">15</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">recent_total</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">10000</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">20</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">recent_total</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">5000</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="py">0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">END</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">pattern_risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Calculate</span><span class="w"> </span><span class="py">total</span><span class="w"> </span><span class="py">risk</span><span class="w"> </span><span class="py">score</span><span class="w"> </span><span class="p">(</span><span class="py">0</span><span class="err">-</span><span class="py">100</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account_risk</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">device_risk</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">ip_risk</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">pattern_risk</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">device_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ip_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">pattern_risk</span><span class="w">
</span></span></span></code></pre></div><div class="docs-tabs mb-4">
<ul class="nav nav-tabs" id="tabs-1774880884724124293" role="tablist"><li class="nav-item" role="presentation">
<button
class="nav-link active"
id="tabs-1774880884724124293-tab-0-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884724124293-tab-0"
type="button"
role="tab"
aria-controls="tabs-1774880884724124293-tab-0"
aria-selected="true"
>
Go
</button>
</li><li class="nav-item" role="presentation">
<button
class="nav-link"
id="tabs-1774880884724124293-tab-1-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884724124293-tab-1"
type="button"
role="tab"
aria-controls="tabs-1774880884724124293-tab-1"
aria-selected="false"
>
Python
</button>
</li><li class="nav-item" role="presentation">
<button
class="nav-link"
id="tabs-1774880884724124293-tab-2-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884724124293-tab-2"
type="button"
role="tab"
aria-controls="tabs-1774880884724124293-tab-2"
aria-selected="false"
>
Rust
</button>
</li><li class="nav-item" role="presentation">
<button
class="nav-link"
id="tabs-1774880884724124293-tab-3-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884724124293-tab-3"
type="button"
role="tab"
aria-controls="tabs-1774880884724124293-tab-3"
aria-selected="false"
>
Node.js
</button>
</li><li class="nav-item" role="presentation">
<button
class="nav-link"
id="tabs-1774880884724124293-tab-4-tab"
data-bs-toggle="tab"
data-bs-target="#tabs-1774880884724124293-tab-4"
type="button"
role="tab"
aria-controls="tabs-1774880884724124293-tab-4"
aria-selected="false"
>
Zig
</button>
</li></ul>
<div class="tab-content border border-top-0 rounded-bottom p-3" id="tabs-1774880884724124293-content"><div
class="tab-pane fade show active"
id="tabs-1774880884724124293-tab-0"
role="tabpanel"
aria-labelledby="tabs-1774880884724124293-tab-0-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-go" data-lang="go"><span class="line"><span class="cl"><span class="kd">type</span> <span class="nx">RiskScore</span> <span class="kd">struct</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">TotalRisk</span> <span class="kt">float64</span>
</span></span><span class="line"><span class="cl"> <span class="nx">AccountRisk</span> <span class="kt">float64</span>
</span></span><span class="line"><span class="cl"> <span class="nx">DeviceRisk</span> <span class="kt">float64</span>
</span></span><span class="line"><span class="cl"> <span class="nx">IPRisk</span> <span class="kt">float64</span>
</span></span><span class="line"><span class="cl"> <span class="nx">PatternRisk</span> <span class="kt">float64</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kd">func</span> <span class="nf">CalculateTransactionRisk</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="nx">ctx</span> <span class="nx">context</span><span class="p">.</span><span class="nx">Context</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">db</span> <span class="o">*</span><span class="nx">sql</span><span class="p">.</span><span class="nx">DB</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">accountID</span><span class="p">,</span> <span class="nx">deviceID</span><span class="p">,</span> <span class="nx">ipAddress</span> <span class="kt">string</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">amount</span> <span class="kt">float64</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="nx">RiskScore</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">row</span> <span class="o">:=</span> <span class="nx">db</span><span class="p">.</span><span class="nf">QueryRowContext</span><span class="p">(</span><span class="nx">ctx</span><span class="p">,</span> <span class="s">`
</span></span></span><span class="line"><span class="cl"><span class="s"> MATCH (account:Account {id: ?})
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account,
</span></span></span><span class="line"><span class="cl"><span class="s"> account.risk_score * 25 AS account_risk
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> OPTIONAL MATCH (account)-[:USES_DEVICE]->(device:Device {id: ?})
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account, account_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> COALESCE(device.risk_score * 25, 25) AS device_risk
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> OPTIONAL MATCH (ip:IPAddress {ip: ?})
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account, account_risk, device_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> CASE
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN ip IS NULL THEN 15
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN ip.is_tor = true THEN 25
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN ip.is_vpn = true THEN 20
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN ip.is_proxy = true THEN 15
</span></span></span><span class="line"><span class="cl"><span class="s"> ELSE ip.risk_score * 25
</span></span></span><span class="line"><span class="cl"><span class="s"> END AS ip_risk
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> OPTIONAL MATCH (account)-[:INITIATED]->(recent:Transaction)
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE recent.timestamp > timestamp() - duration('PT1H')
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account, account_risk, device_risk, ip_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> count(recent) AS recent_count,
</span></span></span><span class="line"><span class="cl"><span class="s"> sum(recent.amount) AS recent_total
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account_risk, device_risk, ip_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> CASE
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN recent_count > 20 THEN 25
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN recent_count > 10 THEN 15
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN recent_total > 10000 THEN 20
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN recent_total > 5000 THEN 10
</span></span></span><span class="line"><span class="cl"><span class="s"> ELSE 0
</span></span></span><span class="line"><span class="cl"><span class="s"> END AS pattern_risk
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> RETURN
</span></span></span><span class="line"><span class="cl"><span class="s"> account_risk + device_risk + ip_risk + pattern_risk AS total_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> account_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> device_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> ip_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> pattern_risk
</span></span></span><span class="line"><span class="cl"><span class="s"> `</span><span class="p">,</span> <span class="nx">accountID</span><span class="p">,</span> <span class="nx">deviceID</span><span class="p">,</span> <span class="nx">ipAddress</span><span class="p">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="kd">var</span> <span class="nx">score</span> <span class="nx">RiskScore</span>
</span></span><span class="line"><span class="cl"> <span class="nx">err</span> <span class="o">:=</span> <span class="nx">row</span><span class="p">.</span><span class="nf">Scan</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">score</span><span class="p">.</span><span class="nx">TotalRisk</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">score</span><span class="p">.</span><span class="nx">AccountRisk</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">score</span><span class="p">.</span><span class="nx">DeviceRisk</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">score</span><span class="p">.</span><span class="nx">IPRisk</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="o">&</span><span class="nx">score</span><span class="p">.</span><span class="nx">PatternRisk</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="p">)</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="nx">err</span> <span class="o">!=</span> <span class="kc">nil</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">nil</span><span class="p">,</span> <span class="nx">err</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="o">&</span><span class="nx">score</span><span class="p">,</span> <span class="kc">nil</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1">// Decision based on risk score
</span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="kd">func</span> <span class="nf">ShouldBlockTransaction</span><span class="p">(</span><span class="nx">score</span> <span class="o">*</span><span class="nx">RiskScore</span><span class="p">,</span> <span class="nx">amount</span> <span class="kt">float64</span><span class="p">)</span> <span class="p">(</span><span class="kt">bool</span><span class="p">,</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="nx">score</span><span class="p">.</span><span class="nx">TotalRisk</span> <span class="o">>=</span> <span class="mi">80</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">true</span><span class="p">,</span> <span class="s">"High risk score"</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="nx">score</span><span class="p">.</span><span class="nx">TotalRisk</span> <span class="o">>=</span> <span class="mi">50</span> <span class="o">&&</span> <span class="nx">amount</span> <span class="o">>=</span> <span class="mi">1000</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">true</span><span class="p">,</span> <span class="s">"Elevated risk with high amount"</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">false</span><span class="p">,</span> <span class="s">""</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span></code></pre></div>
</div><div
class="tab-pane fade"
id="tabs-1774880884724124293-tab-1"
role="tabpanel"
aria-labelledby="tabs-1774880884724124293-tab-1-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"><span class="line"><span class="cl"><span class="nd">@dataclass</span>
</span></span><span class="line"><span class="cl"><span class="k">class</span> <span class="nc">RiskScore</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="n">total_risk</span><span class="p">:</span> <span class="nb">float</span>
</span></span><span class="line"><span class="cl"> <span class="n">account_risk</span><span class="p">:</span> <span class="nb">float</span>
</span></span><span class="line"><span class="cl"> <span class="n">device_risk</span><span class="p">:</span> <span class="nb">float</span>
</span></span><span class="line"><span class="cl"> <span class="n">ip_risk</span><span class="p">:</span> <span class="nb">float</span>
</span></span><span class="line"><span class="cl"> <span class="n">pattern_risk</span><span class="p">:</span> <span class="nb">float</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="k">async</span> <span class="k">def</span> <span class="nf">calculate_transaction_risk</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="n">client</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">account_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">device_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">ip_address</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">amount</span><span class="p">:</span> <span class="nb">float</span>
</span></span><span class="line"><span class="cl"><span class="p">)</span> <span class="o">-></span> <span class="n">RiskScore</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"""Calculate real-time risk score for a transaction."""</span>
</span></span><span class="line"><span class="cl"> <span class="k">async</span> <span class="k">with</span> <span class="n">client</span><span class="o">.</span><span class="n">connection</span><span class="p">()</span> <span class="k">as</span> <span class="n">conn</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="n">result</span><span class="p">,</span> <span class="n">_</span> <span class="o">=</span> <span class="k">await</span> <span class="n">conn</span><span class="o">.</span><span class="n">query</span><span class="p">(</span><span class="s2">"""
</span></span></span><span class="line"><span class="cl"><span class="s2"> MATCH (account:Account {id: $account_id})
</span></span></span><span class="line"><span class="cl"><span class="s2">
</span></span></span><span class="line"><span class="cl"><span class="s2"> WITH account,
</span></span></span><span class="line"><span class="cl"><span class="s2"> account.risk_score * 25 AS account_risk
</span></span></span><span class="line"><span class="cl"><span class="s2">
</span></span></span><span class="line"><span class="cl"><span class="s2"> OPTIONAL MATCH (account)-[:USES_DEVICE]->(device:Device {id: $device_id})
</span></span></span><span class="line"><span class="cl"><span class="s2"> WITH account, account_risk,
</span></span></span><span class="line"><span class="cl"><span class="s2"> COALESCE(device.risk_score * 25, 25) AS device_risk
</span></span></span><span class="line"><span class="cl"><span class="s2">
</span></span></span><span class="line"><span class="cl"><span class="s2"> OPTIONAL MATCH (ip:IPAddress {ip: $ip_address})
</span></span></span><span class="line"><span class="cl"><span class="s2"> WITH account, account_risk, device_risk,
</span></span></span><span class="line"><span class="cl"><span class="s2"> CASE
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHEN ip IS NULL THEN 15
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHEN ip.is_tor = true THEN 25
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHEN ip.is_vpn = true THEN 20
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHEN ip.is_proxy = true THEN 15
</span></span></span><span class="line"><span class="cl"><span class="s2"> ELSE ip.risk_score * 25
</span></span></span><span class="line"><span class="cl"><span class="s2"> END AS ip_risk
</span></span></span><span class="line"><span class="cl"><span class="s2">
</span></span></span><span class="line"><span class="cl"><span class="s2"> OPTIONAL MATCH (account)-[:INITIATED]->(recent:Transaction)
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHERE recent.timestamp > timestamp() - duration('PT1H')
</span></span></span><span class="line"><span class="cl"><span class="s2"> WITH account, account_risk, device_risk, ip_risk,
</span></span></span><span class="line"><span class="cl"><span class="s2"> count(recent) AS recent_count,
</span></span></span><span class="line"><span class="cl"><span class="s2"> sum(recent.amount) AS recent_total
</span></span></span><span class="line"><span class="cl"><span class="s2"> WITH account_risk, device_risk, ip_risk,
</span></span></span><span class="line"><span class="cl"><span class="s2"> CASE
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHEN recent_count > 20 THEN 25
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHEN recent_count > 10 THEN 15
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHEN recent_total > 10000 THEN 20
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHEN recent_total > 5000 THEN 10
</span></span></span><span class="line"><span class="cl"><span class="s2"> ELSE 0
</span></span></span><span class="line"><span class="cl"><span class="s2"> END AS pattern_risk
</span></span></span><span class="line"><span class="cl"><span class="s2">
</span></span></span><span class="line"><span class="cl"><span class="s2"> RETURN
</span></span></span><span class="line"><span class="cl"><span class="s2"> account_risk + device_risk + ip_risk + pattern_risk AS total_risk,
</span></span></span><span class="line"><span class="cl"><span class="s2"> account_risk,
</span></span></span><span class="line"><span class="cl"><span class="s2"> device_risk,
</span></span></span><span class="line"><span class="cl"><span class="s2"> ip_risk,
</span></span></span><span class="line"><span class="cl"><span class="s2"> pattern_risk
</span></span></span><span class="line"><span class="cl"><span class="s2"> """</span><span class="p">,</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"account_id"</span><span class="p">:</span> <span class="n">account_id</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"device_id"</span><span class="p">:</span> <span class="n">device_id</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"ip_address"</span><span class="p">:</span> <span class="n">ip_address</span>
</span></span><span class="line"><span class="cl"> <span class="p">})</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="ow">not</span> <span class="n">result</span><span class="o">.</span><span class="n">rows</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">RiskScore</span><span class="p">(</span><span class="mi">100</span><span class="p">,</span> <span class="mi">25</span><span class="p">,</span> <span class="mi">25</span><span class="p">,</span> <span class="mi">25</span><span class="p">,</span> <span class="mi">25</span><span class="p">)</span> <span class="c1"># Max risk for unknown account</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="n">row</span> <span class="o">=</span> <span class="n">result</span><span class="o">.</span><span class="n">rows</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">RiskScore</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="n">total_risk</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'total_risk'</span><span class="p">]</span><span class="o">.</span><span class="n">as_float</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">account_risk</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'account_risk'</span><span class="p">]</span><span class="o">.</span><span class="n">as_float</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">device_risk</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'device_risk'</span><span class="p">]</span><span class="o">.</span><span class="n">as_float</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">ip_risk</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'ip_risk'</span><span class="p">]</span><span class="o">.</span><span class="n">as_float</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">pattern_risk</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="s1">'pattern_risk'</span><span class="p">]</span><span class="o">.</span><span class="n">as_float</span>
</span></span><span class="line"><span class="cl"> <span class="p">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="k">def</span> <span class="nf">should_block_transaction</span><span class="p">(</span><span class="n">score</span><span class="p">:</span> <span class="n">RiskScore</span><span class="p">,</span> <span class="n">amount</span><span class="p">:</span> <span class="nb">float</span><span class="p">)</span> <span class="o">-></span> <span class="nb">tuple</span><span class="p">[</span><span class="nb">bool</span><span class="p">,</span> <span class="nb">str</span><span class="p">]:</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"""Determine if transaction should be blocked based on risk."""</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="n">score</span><span class="o">.</span><span class="n">total_risk</span> <span class="o">>=</span> <span class="mi">80</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">True</span><span class="p">,</span> <span class="s2">"High risk score"</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="n">score</span><span class="o">.</span><span class="n">total_risk</span> <span class="o">>=</span> <span class="mi">50</span> <span class="ow">and</span> <span class="n">amount</span> <span class="o">>=</span> <span class="mi">1000</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">True</span><span class="p">,</span> <span class="s2">"Elevated risk with high amount"</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="n">score</span><span class="o">.</span><span class="n">total_risk</span> <span class="o">>=</span> <span class="mi">60</span> <span class="ow">and</span> <span class="n">score</span><span class="o">.</span><span class="n">device_risk</span> <span class="o">>=</span> <span class="mi">20</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">True</span><span class="p">,</span> <span class="s2">"Risky device"</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="kc">False</span><span class="p">,</span> <span class="s2">""</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="k">async</span> <span class="k">def</span> <span class="nf">process_transaction</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="n">client</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">account_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">device_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">ip_address</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="n">amount</span><span class="p">:</span> <span class="nb">float</span>
</span></span><span class="line"><span class="cl"><span class="p">)</span> <span class="o">-></span> <span class="nb">dict</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"""Process transaction with fraud scoring."""</span>
</span></span><span class="line"><span class="cl"> <span class="n">score</span> <span class="o">=</span> <span class="k">await</span> <span class="n">calculate_transaction_risk</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="n">client</span><span class="p">,</span> <span class="n">account_id</span><span class="p">,</span> <span class="n">device_id</span><span class="p">,</span> <span class="n">ip_address</span><span class="p">,</span> <span class="n">amount</span>
</span></span><span class="line"><span class="cl"> <span class="p">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="n">should_block</span><span class="p">,</span> <span class="n">reason</span> <span class="o">=</span> <span class="n">should_block_transaction</span><span class="p">(</span><span class="n">score</span><span class="p">,</span> <span class="n">amount</span><span class="p">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"approved"</span><span class="p">:</span> <span class="ow">not</span> <span class="n">should_block</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"risk_score"</span><span class="p">:</span> <span class="n">score</span><span class="o">.</span><span class="n">total_risk</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"reason"</span><span class="p">:</span> <span class="n">reason</span> <span class="k">if</span> <span class="n">should_block</span> <span class="k">else</span> <span class="kc">None</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"breakdown"</span><span class="p">:</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"account"</span><span class="p">:</span> <span class="n">score</span><span class="o">.</span><span class="n">account_risk</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"device"</span><span class="p">:</span> <span class="n">score</span><span class="o">.</span><span class="n">device_risk</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"ip"</span><span class="p">:</span> <span class="n">score</span><span class="o">.</span><span class="n">ip_risk</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="s2">"pattern"</span><span class="p">:</span> <span class="n">score</span><span class="o">.</span><span class="n">pattern_risk</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span></code></pre></div>
</div><div
class="tab-pane fade"
id="tabs-1774880884724124293-tab-2"
role="tabpanel"
aria-labelledby="tabs-1774880884724124293-tab-2-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-rust" data-lang="rust"><span class="line"><span class="cl"><span class="cp">#[derive(Debug)]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">struct</span> <span class="nc">RiskScore</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">total_risk</span>: <span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_risk</span>: <span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_risk</span>: <span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">ip_risk</span>: <span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">pattern_risk</span>: <span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">async</span><span class="w"> </span><span class="k">fn</span> <span class="nf">calculate_transaction_risk</span><span class="p">(</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">conn</span>: <span class="kp">&</span><span class="nc">mut</span><span class="w"> </span><span class="n">geode_client</span>::<span class="n">Connection</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_id</span>: <span class="kp">&</span><span class="kt">str</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_id</span>: <span class="kp">&</span><span class="kt">str</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">ip_address</span>: <span class="kp">&</span><span class="kt">str</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">)</span><span class="w"> </span>-> <span class="nb">Result</span><span class="o"><</span><span class="n">RiskScore</span><span class="p">,</span><span class="w"> </span><span class="nb">Box</span><span class="o"><</span><span class="k">dyn</span><span class="w"> </span><span class="n">std</span>::<span class="n">error</span>::<span class="n">Error</span><span class="o">>></span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="k">mut</span><span class="w"> </span><span class="n">params</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">HashMap</span>::<span class="n">new</span><span class="p">();</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">params</span><span class="p">.</span><span class="n">insert</span><span class="p">(</span><span class="s">"account_id"</span><span class="p">.</span><span class="n">to_string</span><span class="p">(),</span><span class="w"> </span><span class="n">Value</span>::<span class="n">string</span><span class="p">(</span><span class="n">account_id</span><span class="p">));</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">params</span><span class="p">.</span><span class="n">insert</span><span class="p">(</span><span class="s">"device_id"</span><span class="p">.</span><span class="n">to_string</span><span class="p">(),</span><span class="w"> </span><span class="n">Value</span>::<span class="n">string</span><span class="p">(</span><span class="n">device_id</span><span class="p">));</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">params</span><span class="p">.</span><span class="n">insert</span><span class="p">(</span><span class="s">"ip_address"</span><span class="p">.</span><span class="n">to_string</span><span class="p">(),</span><span class="w"> </span><span class="n">Value</span>::<span class="n">string</span><span class="p">(</span><span class="n">ip_address</span><span class="p">));</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="p">(</span><span class="n">page</span><span class="p">,</span><span class="w"> </span><span class="n">_</span><span class="p">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">conn</span><span class="p">.</span><span class="n">query_with_params</span><span class="p">(</span><span class="sa">r</span><span class="s">#"
</span></span></span><span class="line"><span class="cl"><span class="s"> MATCH (account:Account {id: $account_id})
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account, account.risk_score * 25 AS account_risk
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> OPTIONAL MATCH (account)-[:USES_DEVICE]->(device:Device {id: $device_id})
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account, account_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> COALESCE(device.risk_score * 25, 25) AS device_risk
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> OPTIONAL MATCH (ip:IPAddress {ip: $ip_address})
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account, account_risk, device_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> CASE
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN ip IS NULL THEN 15
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN ip.is_tor = true THEN 25
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN ip.is_vpn = true THEN 20
</span></span></span><span class="line"><span class="cl"><span class="s"> ELSE ip.risk_score * 25
</span></span></span><span class="line"><span class="cl"><span class="s"> END AS ip_risk
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> OPTIONAL MATCH (account)-[:INITIATED]->(recent:Transaction)
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE recent.timestamp > timestamp() - duration('PT1H')
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account_risk, device_risk, ip_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> count(recent) AS recent_count,
</span></span></span><span class="line"><span class="cl"><span class="s"> sum(recent.amount) AS recent_total
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH account_risk, device_risk, ip_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> CASE
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN recent_count > 20 THEN 25
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN recent_count > 10 THEN 15
</span></span></span><span class="line"><span class="cl"><span class="s"> WHEN recent_total > 10000 THEN 20
</span></span></span><span class="line"><span class="cl"><span class="s"> ELSE 0
</span></span></span><span class="line"><span class="cl"><span class="s"> END AS pattern_risk
</span></span></span><span class="line"><span class="cl"><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> RETURN
</span></span></span><span class="line"><span class="cl"><span class="s"> account_risk + device_risk + ip_risk + pattern_risk AS total_risk,
</span></span></span><span class="line"><span class="cl"><span class="s"> account_risk, device_risk, ip_risk, pattern_risk
</span></span></span><span class="line"><span class="cl"><span class="s"> "#</span><span class="p">,</span><span class="w"> </span><span class="o">&</span><span class="n">params</span><span class="p">).</span><span class="k">await</span><span class="o">?</span><span class="p">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="nb">Some</span><span class="p">(</span><span class="n">row</span><span class="p">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">page</span><span class="p">.</span><span class="n">rows</span><span class="p">.</span><span class="n">first</span><span class="p">()</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nb">Ok</span><span class="p">(</span><span class="n">RiskScore</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">total_risk</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"total_risk"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_float</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_risk</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"account_risk"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_float</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_risk</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"device_risk"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_float</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">ip_risk</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"ip_risk"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_float</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">pattern_risk</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"pattern_risk"</span><span class="p">).</span><span class="n">unwrap</span><span class="p">().</span><span class="n">as_float</span><span class="p">()</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nb">Ok</span><span class="p">(</span><span class="n">RiskScore</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">total_risk</span>: <span class="mf">100.0</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_risk</span>: <span class="mf">25.0</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_risk</span>: <span class="mf">25.0</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">ip_risk</span>: <span class="mf">25.0</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">pattern_risk</span>: <span class="mf">25.0</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span></code></pre></div>
</div><div
class="tab-pane fade"
id="tabs-1774880884724124293-tab-3"
role="tabpanel"
aria-labelledby="tabs-1774880884724124293-tab-3-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-typescript" data-lang="typescript"><span class="line"><span class="cl"><span class="kr">interface</span> <span class="nx">RiskScore</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">totalRisk</span>: <span class="kt">number</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"> <span class="nx">accountRisk</span>: <span class="kt">number</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"> <span class="nx">deviceRisk</span>: <span class="kt">number</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"> <span class="nx">ipRisk</span>: <span class="kt">number</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"> <span class="nx">patternRisk</span>: <span class="kt">number</span><span class="p">;</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="kr">async</span> <span class="kd">function</span> <span class="nx">calculateTransactionRisk</span><span class="p">(</span>
</span></span><span class="line"><span class="cl"> <span class="nx">client</span>: <span class="kt">Client</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">accountId</span>: <span class="kt">string</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">deviceId</span>: <span class="kt">string</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">ipAddress</span>: <span class="kt">string</span>
</span></span><span class="line"><span class="cl"><span class="p">)</span><span class="o">:</span> <span class="nx">Promise</span><span class="p"><</span><span class="nt">RiskScore</span><span class="p">></span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="kr">const</span> <span class="nx">rows</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nx">queryAll</span><span class="p">(</span><span class="sb">`
</span></span></span><span class="line"><span class="cl"><span class="sb"> MATCH (account:Account {id: $account_id})
</span></span></span><span class="line"><span class="cl"><span class="sb"> WITH account, account.risk_score * 25 AS account_risk
</span></span></span><span class="line"><span class="cl"><span class="sb">
</span></span></span><span class="line"><span class="cl"><span class="sb"> OPTIONAL MATCH (account)-[:USES_DEVICE]->(device:Device {id: $device_id})
</span></span></span><span class="line"><span class="cl"><span class="sb"> WITH account, account_risk,
</span></span></span><span class="line"><span class="cl"><span class="sb"> COALESCE(device.risk_score * 25, 25) AS device_risk
</span></span></span><span class="line"><span class="cl"><span class="sb">
</span></span></span><span class="line"><span class="cl"><span class="sb"> OPTIONAL MATCH (ip:IPAddress {ip: $ip_address})
</span></span></span><span class="line"><span class="cl"><span class="sb"> WITH account, account_risk, device_risk,
</span></span></span><span class="line"><span class="cl"><span class="sb"> CASE
</span></span></span><span class="line"><span class="cl"><span class="sb"> WHEN ip IS NULL THEN 15
</span></span></span><span class="line"><span class="cl"><span class="sb"> WHEN ip.is_tor = true THEN 25
</span></span></span><span class="line"><span class="cl"><span class="sb"> WHEN ip.is_vpn = true THEN 20
</span></span></span><span class="line"><span class="cl"><span class="sb"> ELSE ip.risk_score * 25
</span></span></span><span class="line"><span class="cl"><span class="sb"> END AS ip_risk
</span></span></span><span class="line"><span class="cl"><span class="sb">
</span></span></span><span class="line"><span class="cl"><span class="sb"> OPTIONAL MATCH (account)-[:INITIATED]->(recent:Transaction)
</span></span></span><span class="line"><span class="cl"><span class="sb"> WHERE recent.timestamp > timestamp() - duration('PT1H')
</span></span></span><span class="line"><span class="cl"><span class="sb"> WITH account_risk, device_risk, ip_risk,
</span></span></span><span class="line"><span class="cl"><span class="sb"> count(recent) AS recent_count
</span></span></span><span class="line"><span class="cl"><span class="sb"> WITH account_risk, device_risk, ip_risk,
</span></span></span><span class="line"><span class="cl"><span class="sb"> CASE WHEN recent_count > 20 THEN 25 ELSE 0 END AS pattern_risk
</span></span></span><span class="line"><span class="cl"><span class="sb">
</span></span></span><span class="line"><span class="cl"><span class="sb"> RETURN
</span></span></span><span class="line"><span class="cl"><span class="sb"> account_risk + device_risk + ip_risk + pattern_risk AS total_risk,
</span></span></span><span class="line"><span class="cl"><span class="sb"> account_risk, device_risk, ip_risk, pattern_risk
</span></span></span><span class="line"><span class="cl"><span class="sb"> `</span><span class="p">,</span> <span class="p">{</span> <span class="nx">params</span><span class="o">:</span> <span class="p">{</span> <span class="nx">account_id</span>: <span class="kt">accountId</span><span class="p">,</span> <span class="nx">device_id</span>: <span class="kt">deviceId</span><span class="p">,</span> <span class="nx">ip_address</span>: <span class="kt">ipAddress</span> <span class="p">}</span> <span class="p">});</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="p">(</span><span class="nx">rows</span><span class="p">.</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="p">{</span> <span class="nx">totalRisk</span>: <span class="kt">100</span><span class="p">,</span> <span class="nx">accountRisk</span>: <span class="kt">25</span><span class="p">,</span> <span class="nx">deviceRisk</span>: <span class="kt">25</span><span class="p">,</span> <span class="nx">ipRisk</span>: <span class="kt">25</span><span class="p">,</span> <span class="nx">patternRisk</span>: <span class="kt">25</span> <span class="p">};</span>
</span></span><span class="line"><span class="cl"> <span class="p">}</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="kr">const</span> <span class="nx">row</span> <span class="o">=</span> <span class="nx">rows</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="nx">totalRisk</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'total_risk'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asNumber</span> <span class="o">??</span> <span class="mi">100</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">accountRisk</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'account_risk'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asNumber</span> <span class="o">??</span> <span class="mi">25</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">deviceRisk</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'device_risk'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asNumber</span> <span class="o">??</span> <span class="mi">25</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">ipRisk</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'ip_risk'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asNumber</span> <span class="o">??</span> <span class="mi">25</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="nx">patternRisk</span>: <span class="kt">row.get</span><span class="p">(</span><span class="s1">'pattern_risk'</span><span class="p">)</span><span class="o">?</span><span class="p">.</span><span class="nx">asNumber</span> <span class="o">??</span> <span class="mi">25</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
</span></span><span class="line"><span class="cl"><span class="p">}</span>
</span></span></code></pre></div>
</div><div
class="tab-pane fade"
id="tabs-1774880884724124293-tab-4"
role="tabpanel"
aria-labelledby="tabs-1774880884724124293-tab-4-tab"
>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-zig" data-lang="zig"><span class="line"><span class="cl"><span class="kr">const</span><span class="w"> </span><span class="n">RiskScore</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">struct</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">total_risk</span><span class="o">:</span><span class="w"> </span><span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_risk</span><span class="o">:</span><span class="w"> </span><span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_risk</span><span class="o">:</span><span class="w"> </span><span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">ip_risk</span><span class="o">:</span><span class="w"> </span><span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">pattern_risk</span><span class="o">:</span><span class="w"> </span><span class="kt">f64</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">};</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="kr">pub</span><span class="w"> </span><span class="k">fn</span><span class="w"> </span><span class="n">calculateTransactionRisk</span><span class="p">(</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">client</span><span class="o">:</span><span class="w"> </span><span class="o">*</span><span class="n">geode</span><span class="p">.</span><span class="n">GeodeClient</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">allocator</span><span class="o">:</span><span class="w"> </span><span class="n">std</span><span class="p">.</span><span class="n">mem</span><span class="p">.</span><span class="n">Allocator</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_id</span><span class="o">:</span><span class="w"> </span><span class="p">[]</span><span class="kr">const</span><span class="w"> </span><span class="kt">u8</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_id</span><span class="o">:</span><span class="w"> </span><span class="p">[]</span><span class="kr">const</span><span class="w"> </span><span class="kt">u8</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">ip_address</span><span class="o">:</span><span class="w"> </span><span class="p">[]</span><span class="kr">const</span><span class="w"> </span><span class="kt">u8</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">)</span><span class="w"> </span><span class="o">!</span><span class="n">RiskScore</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kr">var</span><span class="w"> </span><span class="n">params</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">std</span><span class="p">.</span><span class="n">json</span><span class="p">.</span><span class="n">ObjectMap</span><span class="p">.</span><span class="n">init</span><span class="p">(</span><span class="n">allocator</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">defer</span><span class="w"> </span><span class="n">params</span><span class="p">.</span><span class="n">deinit</span><span class="p">();</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">params</span><span class="p">.</span><span class="n">put</span><span class="p">(</span><span class="s">"account_id"</span><span class="p">,</span><span class="w"> </span><span class="p">.{</span><span class="w"> </span><span class="p">.</span><span class="n">string</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">account_id</span><span class="w"> </span><span class="p">});</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">params</span><span class="p">.</span><span class="n">put</span><span class="p">(</span><span class="s">"device_id"</span><span class="p">,</span><span class="w"> </span><span class="p">.{</span><span class="w"> </span><span class="p">.</span><span class="n">string</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">device_id</span><span class="w"> </span><span class="p">});</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">params</span><span class="p">.</span><span class="n">put</span><span class="p">(</span><span class="s">"ip_address"</span><span class="p">,</span><span class="w"> </span><span class="p">.{</span><span class="w"> </span><span class="p">.</span><span class="n">string</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ip_address</span><span class="w"> </span><span class="p">});</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">sendRunGql</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\MATCH (account:Account {id: $account_id})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WITH account, account.risk_score * 25 AS account_risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\OPTIONAL MATCH (account)-[:USES_DEVICE]->(device:Device {id: $device_id})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WITH account, account_risk,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ COALESCE(device.risk_score * 25, 25) AS device_risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\OPTIONAL MATCH (ip:IPAddress {ip: $ip_address})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WITH account, account_risk, device_risk,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ CASE WHEN ip IS NULL THEN 15</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ WHEN ip.is_tor = true THEN 25</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ ELSE ip.risk_score * 25 END AS ip_risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\OPTIONAL MATCH (account)-[:INITIATED]->(recent:Transaction)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WHERE recent.timestamp > timestamp() - duration('PT1H')</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WITH account_risk, device_risk, ip_risk, count(recent) AS recent_count</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\WITH account_risk, device_risk, ip_risk,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ CASE WHEN recent_count > 20 THEN 25 ELSE 0 END AS pattern_risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\RETURN account_risk + device_risk + ip_risk + pattern_risk AS total_risk,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="sh">\\ account_risk, device_risk, ip_risk, pattern_risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">,</span><span class="w"> </span><span class="p">.{</span><span class="w"> </span><span class="p">.</span><span class="n">object</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">params</span><span class="w"> </span><span class="p">});</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">_</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">receiveMessage</span><span class="p">(</span><span class="mi">30000</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">sendPull</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kr">const</span><span class="w"> </span><span class="n">result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">receiveMessage</span><span class="p">(</span><span class="mi">30000</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">defer</span><span class="w"> </span><span class="n">allocator</span><span class="p">.</span><span class="n">free</span><span class="p">(</span><span class="n">result</span><span class="p">);</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">// Parse and return risk score
</span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">RiskScore</span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">.</span><span class="n">total_risk</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">.</span><span class="n">account_risk</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">.</span><span class="n">device_risk</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">.</span><span class="n">ip_risk</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">.</span><span class="n">pattern_risk</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span></code></pre></div>
</div></div>
</div>
<h3 id="investigation-workflows" class="position-relative d-flex align-items-center group">
<span>Investigation Workflows</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="investigation-workflows"
aria-haspopup="dialog"
aria-label="Share link: Investigation Workflows">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="create-fraud-case" class="position-relative d-flex align-items-center group">
<span>Create Fraud Case</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="create-fraud-case"
aria-haspopup="dialog"
aria-label="Share link: Create Fraud Case">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Create</span><span class="w"> </span><span class="py">a</span><span class="w"> </span><span class="py">new</span><span class="w"> </span><span class="py">fraud</span><span class="w"> </span><span class="py">case</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">case</span><span class="p">:</span><span class="nc">FraudCase</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nv">$case_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">type</span><span class="p">:</span><span class="w"> </span><span class="nv">$fraud_type</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">status</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">open</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">created_at</span><span class="p">:</span><span class="w"> </span><span class="nc">timestamp</span><span class="p">(),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">amount_at_risk</span><span class="p">:</span><span class="w"> </span><span class="nv">$amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">investigator</span><span class="p">:</span><span class="w"> </span><span class="nv">$investigator</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="nc">Link</span><span class="w"> </span><span class="py">flagged</span><span class="w"> </span><span class="py">accounts</span><span class="w"> </span><span class="py">and</span><span class="w"> </span><span class="py">transactions</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">case</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">UNWIND</span><span class="w"> </span><span class="nv">$account_ids</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">account_id</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">account_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FLAGGED_IN</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">case</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">case</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">UNWIND</span><span class="w"> </span><span class="nv">$transaction_ids</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">tx_id</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">tx</span><span class="p">:</span><span class="nc">Transaction</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">tx_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">tx</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FLAGGED_IN</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">case</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">case</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="investigate-account-network" class="position-relative d-flex align-items-center group">
<span>Investigate Account Network</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="investigate-account-network"
aria-haspopup="dialog"
aria-label="Share link: Investigate Account Network">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Get</span><span class="w"> </span><span class="py">full</span><span class="w"> </span><span class="py">network</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">investigation</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nv">$account_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="nc">Get</span><span class="w"> </span><span class="py">connected</span><span class="w"> </span><span class="py">accounts</span><span class="w"> </span><span class="py">via</span><span class="w"> </span><span class="py">shared</span><span class="w"> </span><span class="py">attributes</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USES_DEVICE</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Device</span><span class="p">)</span><span class="err"><-</span><span class="p">[:</span><span class="nc">USES_DEVICE</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">device_linked</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">HAS_PAYMENT_METHOD</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">PaymentMethod</span><span class="p">)</span><span class="err"><-</span><span class="p">[:</span><span class="nc">HAS_PAYMENT_METHOD</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">payment_linked</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">HAS_IDENTITY</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Identity</span><span class="p">)</span><span class="err"><-</span><span class="p">[:</span><span class="nc">HAS_IDENTITY</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">identity_linked</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">LOGGED_IN_FROM</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">IPAddress</span><span class="p">)</span><span class="err"><-</span><span class="p">[:</span><span class="nc">LOGGED_IN_FROM</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">ip_linked</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">collect</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">device_linked</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">device_linked_accounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">collect</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">payment_linked</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">payment_linked_accounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">collect</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">identity_linked</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">identity_linked_accounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">collect</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">ip_linked</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">ip_linked_accounts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Get</span><span class="w"> </span><span class="py">transactions</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">sent</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">PAID_TO</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">recipient</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">sender</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">received</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">PAID_TO</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account</span><span class="p">:</span><span class="w"> </span><span class="nc">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">device_linked</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="nc">a</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">device_linked_accounts</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w"> </span><span class="py">email</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">email</span><span class="p">,</span><span class="w"> </span><span class="py">risk</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">risk_score</span><span class="p">}],</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">payment_linked</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="nc">a</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">payment_linked_accounts</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w"> </span><span class="py">email</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">email</span><span class="p">,</span><span class="w"> </span><span class="py">risk</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">risk_score</span><span class="p">}],</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">identity_linked</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="nc">a</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">identity_linked_accounts</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w"> </span><span class="py">email</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">email</span><span class="p">,</span><span class="w"> </span><span class="py">risk</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">risk_score</span><span class="p">}],</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ip_linked</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="nc">a</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">ip_linked_accounts</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w"> </span><span class="py">email</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">email</span><span class="p">,</span><span class="w"> </span><span class="py">risk</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">risk_score</span><span class="p">}],</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">sent_to</span><span class="p">:</span><span class="w"> </span><span class="nc">collect</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="p">{</span><span class="py">recipient</span><span class="p">:</span><span class="w"> </span><span class="nc">recipient</span><span class="err">.</span><span class="py">email</span><span class="p">,</span><span class="w"> </span><span class="py">amount</span><span class="p">:</span><span class="w"> </span><span class="nc">sent</span><span class="err">.</span><span class="py">amount</span><span class="p">,</span><span class="w"> </span><span class="py">timestamp</span><span class="p">:</span><span class="w"> </span><span class="nc">sent</span><span class="err">.</span><span class="py">timestamp</span><span class="p">}),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">received_from</span><span class="p">:</span><span class="w"> </span><span class="nc">collect</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="p">{</span><span class="py">sender</span><span class="p">:</span><span class="w"> </span><span class="nc">sender</span><span class="err">.</span><span class="py">email</span><span class="p">,</span><span class="w"> </span><span class="py">amount</span><span class="p">:</span><span class="w"> </span><span class="nc">received</span><span class="err">.</span><span class="py">amount</span><span class="p">,</span><span class="w"> </span><span class="py">timestamp</span><span class="p">:</span><span class="w"> </span><span class="nc">received</span><span class="err">.</span><span class="py">timestamp</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">investigation_data</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="timeline-analysis" class="position-relative d-flex align-items-center group">
<span>Timeline Analysis</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="timeline-analysis"
aria-haspopup="dialog"
aria-label="Share link: Timeline Analysis">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Build</span><span class="w"> </span><span class="py">activity</span><span class="w"> </span><span class="py">timeline</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">investigation</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nv">$account_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="nc">Get</span><span class="w"> </span><span class="py">all</span><span class="w"> </span><span class="py">activities</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">tx_rel</span><span class="p">:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">tx</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">login_rel</span><span class="p">:</span><span class="nc">LOGGED_IN_FROM</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">ip</span><span class="p">:</span><span class="nc">IPAddress</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">device_rel</span><span class="p">:</span><span class="nc">USES_DEVICE</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">device</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">collect</span><span class="p">({</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">type</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">transaction</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">timestamp</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">timestamp</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">details</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="nc">amount</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">amount</span><span class="p">,</span><span class="w"> </span><span class="py">status</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">status</span><span class="p">,</span><span class="w"> </span><span class="py">risk</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">risk_score</span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">tx_events</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="kc">UNION</span><span class="w"> </span><span class="py">ALL</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nv">$account_id</span><span class="p">})</span><span class="err">-</span><span class="p">[</span><span class="nc">r</span><span class="p">:</span><span class="nc">LOGGED_IN_FROM</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">ip</span><span class="p">:</span><span class="nc">IPAddress</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">type</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">login</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">timestamp</span><span class="p">:</span><span class="w"> </span><span class="nc">r</span><span class="err">.</span><span class="py">timestamp</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">details</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="nc">ip</span><span class="p">:</span><span class="w"> </span><span class="nc">ip</span><span class="err">.</span><span class="py">ip</span><span class="p">,</span><span class="w"> </span><span class="py">country</span><span class="p">:</span><span class="w"> </span><span class="nc">ip</span><span class="err">.</span><span class="py">country</span><span class="p">,</span><span class="w"> </span><span class="py">is_vpn</span><span class="p">:</span><span class="w"> </span><span class="nc">ip</span><span class="err">.</span><span class="py">is_vpn</span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">ORDER</span><span class="w"> </span><span class="py">BY</span><span class="w"> </span><span class="py">timestamp</span><span class="w"> </span><span class="py">DESC</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">LIMIT</span><span class="w"> </span><span class="py">100</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="alert-generation" class="position-relative d-flex align-items-center group">
<span>Alert Generation</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="alert-generation"
aria-haspopup="dialog"
aria-label="Share link: Alert Generation">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="real-time-alert-rules" class="position-relative d-flex align-items-center group">
<span>Real-Time Alert Rules</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="real-time-alert-rules"
aria-haspopup="dialog"
aria-label="Share link: Real-Time Alert Rules">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Rule</span><span class="w"> </span><span class="py">1</span><span class="p">:</span><span class="w"> </span><span class="nc">High</span><span class="err">-</span><span class="py">risk</span><span class="w"> </span><span class="py">transaction</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">tx</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">PT5M</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">risk_score</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">80</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">status</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">pending</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">alert</span><span class="p">:</span><span class="nc">Alert</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">randomUUID</span><span class="p">(),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">type</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">high_risk_transaction</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">severity</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">critical</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account_id</span><span class="p">:</span><span class="w"> </span><span class="nc">account</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">transaction_id</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">risk_score</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">risk_score</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">amount</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">created_at</span><span class="p">:</span><span class="w"> </span><span class="nc">timestamp</span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">alert</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Rule</span><span class="w"> </span><span class="py">2</span><span class="p">:</span><span class="w"> </span><span class="nc">New</span><span class="w"> </span><span class="py">device</span><span class="w"> </span><span class="py">with</span><span class="w"> </span><span class="py">high</span><span class="err">-</span><span class="py">value</span><span class="w"> </span><span class="py">transaction</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USES_DEVICE</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">device</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">device</span><span class="err">.</span><span class="py">first_seen</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">PT24H</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">tx</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">PT1H</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">amount</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">5000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">alert</span><span class="p">:</span><span class="nc">Alert</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">randomUUID</span><span class="p">(),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">type</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">new_device_high_value</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">severity</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">high</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account_id</span><span class="p">:</span><span class="w"> </span><span class="nc">account</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">device_id</span><span class="p">:</span><span class="w"> </span><span class="nc">device</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">transaction_id</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">amount</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">created_at</span><span class="p">:</span><span class="w"> </span><span class="nc">timestamp</span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">alert</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Rule</span><span class="w"> </span><span class="py">3</span><span class="p">:</span><span class="w"> </span><span class="nc">Velocity</span><span class="w"> </span><span class="py">spike</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">INITIATED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">tx</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">PT1H</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="py">tx</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">tx_count</span><span class="p">,</span><span class="w"> </span><span class="py">sum</span><span class="p">(</span><span class="py">tx</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_amount</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">tx_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">20</span><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">total_amount</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">50000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">alert</span><span class="p">:</span><span class="nc">Alert</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">randomUUID</span><span class="p">(),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">type</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">velocity_spike</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">severity</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">high</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account_id</span><span class="p">:</span><span class="w"> </span><span class="nc">account</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">transaction_count</span><span class="p">:</span><span class="w"> </span><span class="nc">tx_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">total_amount</span><span class="p">:</span><span class="w"> </span><span class="nc">total_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">created_at</span><span class="p">:</span><span class="w"> </span><span class="nc">timestamp</span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">alert</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="compliance-considerations" class="position-relative d-flex align-items-center group">
<span>Compliance Considerations</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="compliance-considerations"
aria-haspopup="dialog"
aria-label="Share link: Compliance Considerations">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="audit-trail" class="position-relative d-flex align-items-center group">
<span>Audit Trail</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="audit-trail"
aria-haspopup="dialog"
aria-label="Share link: Audit Trail">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Log</span><span class="w"> </span><span class="py">all</span><span class="w"> </span><span class="py">fraud</span><span class="err">-</span><span class="py">related</span><span class="w"> </span><span class="py">actions</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">audit</span><span class="p">:</span><span class="nc">AuditLog</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nv">$audit_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">action</span><span class="p">:</span><span class="w"> </span><span class="nv">$action</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="s">"flag_account"</span><span class="p">,</span><span class="w"> </span><span class="s">"block_transaction"</span><span class="p">,</span><span class="w"> </span><span class="nc">etc</span><span class="err">.</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">actor</span><span class="p">:</span><span class="w"> </span><span class="nv">$actor</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="nc">Who</span><span class="w"> </span><span class="py">performed</span><span class="w"> </span><span class="py">the</span><span class="w"> </span><span class="py">action</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">target_type</span><span class="p">:</span><span class="w"> </span><span class="nv">$target_type</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="s">"account"</span><span class="p">,</span><span class="w"> </span><span class="s">"transaction"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">target_id</span><span class="p">:</span><span class="w"> </span><span class="nv">$target_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">reason</span><span class="p">:</span><span class="w"> </span><span class="nv">$reason</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">timestamp</span><span class="p">:</span><span class="w"> </span><span class="nc">timestamp</span><span class="p">(),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">metadata</span><span class="p">:</span><span class="w"> </span><span class="nv">$metadata</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="nc">Link</span><span class="w"> </span><span class="py">to</span><span class="w"> </span><span class="py">relevant</span><span class="w"> </span><span class="py">entities</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">audit</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">target</span><span class="p">)</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">target</span><span class="err">.</span><span class="py">id</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nv">$target_id</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">audit</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">ACTED_ON</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">target</span><span class="p">)</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="regulatory-reporting" class="position-relative d-flex align-items-center group">
<span>Regulatory Reporting</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="regulatory-reporting"
aria-haspopup="dialog"
aria-label="Share link: Regulatory Reporting">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Generate</span><span class="w"> </span><span class="py">SAR</span><span class="w"> </span><span class="p">(</span><span class="py">Suspicious</span><span class="w"> </span><span class="py">Activity</span><span class="w"> </span><span class="py">Report</span><span class="p">)</span><span class="w"> </span><span class="py">data</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">case</span><span class="p">:</span><span class="nc">FraudCase</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nv">$case_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nc">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FLAGGED_IN</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">case</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">HAS_IDENTITY</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">identity</span><span class="p">:</span><span class="nc">Identity</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">tx</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FLAGGED_IN</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">case</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">case</span><span class="p">,</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">identity</span><span class="p">,</span><span class="w"> </span><span class="py">collect</span><span class="p">(</span><span class="py">tx</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">transactions</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">case_id</span><span class="p">:</span><span class="w"> </span><span class="nc">case</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">case_type</span><span class="p">:</span><span class="w"> </span><span class="nc">case</span><span class="err">.</span><span class="kd">type</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">created_at</span><span class="p">:</span><span class="w"> </span><span class="nc">case</span><span class="err">.</span><span class="py">created_at</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">accounts</span><span class="p">:</span><span class="w"> </span><span class="nc">collect</span><span class="p">({</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">account</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">email</span><span class="p">:</span><span class="w"> </span><span class="nc">account</span><span class="err">.</span><span class="py">email</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">name</span><span class="p">:</span><span class="w"> </span><span class="nc">identity</span><span class="err">.</span><span class="py">name</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">risk_score</span><span class="p">:</span><span class="w"> </span><span class="nc">account</span><span class="err">.</span><span class="py">risk_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">transactions</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="nc">t</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">transactions</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nc">t</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">amount</span><span class="p">:</span><span class="w"> </span><span class="nc">t</span><span class="err">.</span><span class="py">amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">currency</span><span class="p">:</span><span class="w"> </span><span class="nc">t</span><span class="err">.</span><span class="py">currency</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">timestamp</span><span class="p">:</span><span class="w"> </span><span class="nc">t</span><span class="err">.</span><span class="py">timestamp</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">risk_score</span><span class="p">:</span><span class="w"> </span><span class="nc">t</span><span class="err">.</span><span class="py">risk_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}],</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">total_amount_at_risk</span><span class="p">:</span><span class="w"> </span><span class="nc">sum</span><span class="p">([</span><span class="py">t</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">transactions</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">amount</span><span class="p">])</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">sar_data</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="data-retention" class="position-relative d-flex align-items-center group">
<span>Data Retention</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="data-retention"
aria-haspopup="dialog"
aria-label="Share link: Data Retention">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Archive</span><span class="w"> </span><span class="py">old</span><span class="w"> </span><span class="py">fraud</span><span class="w"> </span><span class="py">data</span><span class="w"> </span><span class="p">(</span><span class="py">compliance</span><span class="w"> </span><span class="py">with</span><span class="w"> </span><span class="py">retention</span><span class="w"> </span><span class="py">policies</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">case</span><span class="p">:</span><span class="nc">FraudCase</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">case</span><span class="err">.</span><span class="py">status</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">closed</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">case</span><span class="err">.</span><span class="py">resolved_at</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">P7Y</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Archive</span><span class="w"> </span><span class="py">before</span><span class="w"> </span><span class="py">deletion</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">archive</span><span class="p">:</span><span class="nc">ArchivedCase</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">original_id</span><span class="p">:</span><span class="w"> </span><span class="nc">case</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">type</span><span class="p">:</span><span class="w"> </span><span class="nc">case</span><span class="err">.</span><span class="nc">type</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">amount_at_risk</span><span class="p">:</span><span class="w"> </span><span class="nc">case</span><span class="err">.</span><span class="py">amount_at_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">created_at</span><span class="p">:</span><span class="w"> </span><span class="nc">case</span><span class="err">.</span><span class="py">created_at</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">resolved_at</span><span class="p">:</span><span class="w"> </span><span class="nc">case</span><span class="err">.</span><span class="py">resolved_at</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">archived_at</span><span class="p">:</span><span class="w"> </span><span class="nc">timestamp</span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Delete</span><span class="w"> </span><span class="py">original</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">DETACH</span><span class="w"> </span><span class="py">DELETE</span><span class="w"> </span><span class="py">case</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="performance-optimization" class="position-relative d-flex align-items-center group">
<span>Performance Optimization</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="performance-optimization"
aria-haspopup="dialog"
aria-label="Share link: Performance Optimization">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="indexing-for-fraud-queries" class="position-relative d-flex align-items-center group">
<span>Indexing for Fraud Queries</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="indexing-for-fraud-queries"
aria-haspopup="dialog"
aria-label="Share link: Indexing for Fraud Queries">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Essential</span><span class="w"> </span><span class="py">indexes</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">account_status</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Account</span><span class="p">(</span><span class="py">status</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">account_risk</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Account</span><span class="p">(</span><span class="py">risk_score</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">device_fingerprint</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Device</span><span class="p">(</span><span class="py">fingerprint</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">ip_address</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">IPAddress</span><span class="p">(</span><span class="py">ip</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">transaction_timestamp</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Transaction</span><span class="p">(</span><span class="py">timestamp</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">transaction_status</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Transaction</span><span class="p">(</span><span class="py">status</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Composite</span><span class="w"> </span><span class="py">indexes</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">common</span><span class="w"> </span><span class="py">queries</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">transaction_timestamp_risk</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Transaction</span><span class="p">(</span><span class="py">timestamp</span><span class="p">,</span><span class="w"> </span><span class="py">risk_score</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">account_status_risk</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">:</span><span class="nc">Account</span><span class="p">(</span><span class="py">status</span><span class="p">,</span><span class="w"> </span><span class="py">risk_score</span><span class="p">)</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="batch-processing" class="position-relative d-flex align-items-center group">
<span>Batch Processing</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="batch-processing"
aria-haspopup="dialog"
aria-label="Share link: Batch Processing">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Batch</span><span class="w"> </span><span class="py">update</span><span class="w"> </span><span class="py">risk</span><span class="w"> </span><span class="py">scores</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CALL</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">last_risk_update</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">PT1H</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">last_risk_update</span><span class="w"> </span><span class="py">IS</span><span class="w"> </span><span class="py">NULL</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">Calculate</span><span class="w"> </span><span class="py">new</span><span class="w"> </span><span class="py">risk</span><span class="w"> </span><span class="py">score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FLAGGED_IN</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">FraudCase</span><span class="w"> </span><span class="p">{</span><span class="py">status</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">confirmed</span><span class="err">'</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="err">*</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">fraud_cases</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USES_DEVICE</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">device</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">device</span><span class="err">.</span><span class="py">risk_score</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="mf">.5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">fraud_cases</span><span class="p">,</span><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="py">device</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">risky_devices</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SET</span><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">risk_score</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">CASE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">fraud_cases</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">1</span><span class="mf">.0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">risky_devices</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">2</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">0</span><span class="mf">.8</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">risky_devices</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">0</span><span class="mf">.5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">risk_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">END</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">last_risk_update</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">RETURN</span><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">updated</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="monitoring-dashboard" class="position-relative d-flex align-items-center group">
<span>Monitoring Dashboard</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="monitoring-dashboard"
aria-haspopup="dialog"
aria-label="Share link: Monitoring Dashboard">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="key-metrics" class="position-relative d-flex align-items-center group">
<span>Key Metrics</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="key-metrics"
aria-haspopup="dialog"
aria-label="Share link: Key Metrics">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">//</span><span class="w"> </span><span class="py">Fraud</span><span class="w"> </span><span class="py">detection</span><span class="w"> </span><span class="py">metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">tx</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">P1D</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="py">tx</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_transactions</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="py">CASE</span><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">status</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">flagged</span><span class="err">'</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">1</span><span class="w"> </span><span class="py">END</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">flagged_transactions</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">sum</span><span class="p">(</span><span class="py">tx</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_volume</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">sum</span><span class="p">(</span><span class="py">CASE</span><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">status</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">flagged</span><span class="err">'</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">amount</span><span class="w"> </span><span class="py">END</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">flagged_volume</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">case</span><span class="p">:</span><span class="nc">FraudCase</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">case</span><span class="err">.</span><span class="py">created_at</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">P1D</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">total_transactions</span><span class="p">,</span><span class="w"> </span><span class="py">flagged_transactions</span><span class="p">,</span><span class="w"> </span><span class="py">total_volume</span><span class="p">,</span><span class="w"> </span><span class="py">flagged_volume</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="py">case</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">new_cases</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">sum</span><span class="p">(</span><span class="py">case</span><span class="err">.</span><span class="py">amount_at_risk</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">amount_at_risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">alert</span><span class="p">:</span><span class="nc">Alert</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">alert</span><span class="err">.</span><span class="py">created_at</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">P1D</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">total_transactions</span><span class="p">,</span><span class="w"> </span><span class="py">flagged_transactions</span><span class="p">,</span><span class="w"> </span><span class="py">total_volume</span><span class="p">,</span><span class="w"> </span><span class="py">flagged_volume</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">new_cases</span><span class="p">,</span><span class="w"> </span><span class="py">amount_at_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="py">alert</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_alerts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">count</span><span class="p">(</span><span class="py">CASE</span><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">alert</span><span class="err">.</span><span class="py">severity</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">critical</span><span class="err">'</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">1</span><span class="w"> </span><span class="py">END</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">critical_alerts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">total_transactions</span><span class="p">:</span><span class="w"> </span><span class="nc">total_transactions</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">flagged_transactions</span><span class="p">:</span><span class="w"> </span><span class="nc">flagged_transactions</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">flag_rate</span><span class="p">:</span><span class="w"> </span><span class="nc">toFloat</span><span class="p">(</span><span class="py">flagged_transactions</span><span class="p">)</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="py">total_transactions</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">total_volume</span><span class="p">:</span><span class="w"> </span><span class="nc">total_volume</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">flagged_volume</span><span class="p">:</span><span class="w"> </span><span class="nc">flagged_volume</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">new_cases</span><span class="p">:</span><span class="w"> </span><span class="nc">new_cases</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">amount_at_risk</span><span class="p">:</span><span class="w"> </span><span class="nc">amount_at_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">total_alerts</span><span class="p">:</span><span class="w"> </span><span class="nc">total_alerts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">critical_alerts</span><span class="p">:</span><span class="w"> </span><span class="nc">critical_alerts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">daily_metrics</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="next-steps" class="position-relative d-flex align-items-center group">
<span>Next Steps</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="next-steps"
aria-haspopup="dialog"
aria-label="Share link: Next Steps">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><ul>
<li><a
href="/guides/knowledge-graph/"
>Knowledge Graph Guide</a>
- Entity resolution for fraud</li>
<li><a
href="/guides/social-network/"
>Social Network Guide</a>
- Network analysis techniques</li>
<li><a
href="/guides/query-performance/"
>Query Performance Guide</a>
- Optimize fraud queries</li>
<li><a
href="/docs/security/"
>Security Guide</a>
- Secure your fraud data</li>
</ul>
<h3 id="resources" class="position-relative d-flex align-items-center group">
<span>Resources</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="resources"
aria-haspopup="dialog"
aria-label="Share link: Resources">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><ul>
<li><a
href="/docs/gql-reference/"
>GQL Reference</a>
</li>
<li><a
href="/guides/graph-modeling/"
>Graph Modeling Guide</a>
</li>
<li><a
href="https://www.fatf-gafi.org/recommendations.html"
aria-label="FATF Recommendations – opens in new window"
target="_blank" rel="noopener noreferrer"
>FATF Recommendations
<span aria-hidden="true" class="external-icon">↗</span>
</a>
</li>
<li><a
href="https://gitlab.com/devnw/codepros/geode/examples"
aria-label="Example Applications – opens in new window"
target="_blank" rel="noopener noreferrer"
>Example Applications
<span aria-hidden="true" class="external-icon">↗</span>
</a>
</li>
</ul>
<hr>
<p><strong>Questions?</strong> Join our <a
href="https://forum.geodedb.com"
aria-label="community forum – opens in new window"
target="_blank" rel="noopener noreferrer"
>community forum
<span aria-hidden="true" class="external-icon">↗</span>
</a>
to discuss fraud detection strategies.</p>
Fraud Detection Guide
Detect fraudulent patterns and anomalies using Geode's graph analysis capabilities
23 min read