<!-- CANARY: REQ=REQ-DOCS-001; FEATURE="Docs"; ASPECT=Documentation; STATUS=TESTED; OWNER=docs; UPDATED=2026-01-15 -->
<h2 id="fraud-detection-with-geode" class="position-relative d-flex align-items-center group">
<span>Fraud Detection with Geode</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="fraud-detection-with-geode"
aria-haspopup="dialog"
aria-label="Share link: Fraud Detection with Geode">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h2><div id="headingShareModal" class="heading-share-modal" role="dialog" aria-modal="true" aria-labelledby="headingShareTitle" hidden>
<div class="hsm-dialog" role="document">
<div class="hsm-header">
<h2 id="headingShareTitle" class="h6 mb-0 fw-bold">Share this section</h2>
<button type="button" class="hsm-close" aria-label="Close">
<i class="fa-solid fa-xmark"></i>
</button>
</div>
<div class="hsm-body">
<label for="headingShareInput" class="form-label small text-muted mb-1 text-uppercase fw-bold" style="font-size: 0.7rem; letter-spacing: 0.5px;">Permalink</label>
<div class="input-group mb-4 hsm-url-group">
<input id="headingShareInput" type="text" class="form-control font-monospace" readonly aria-readonly="true" style="font-size: 0.85rem;" />
<button class="btn btn-primary hsm-copy" type="button" aria-label="Copy" title="Copy">
<i class="fa-duotone fa-clipboard" aria-hidden="true"></i>
</button>
</div>
<div class="small fw-bold mb-2 text-muted text-uppercase" style="font-size: 0.7rem; letter-spacing: 0.5px;">Share via</div>
<div class="hsm-share-grid">
<a id="share-twitter" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-twitter me-2"></i>Twitter
</a>
<a id="share-linkedin" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-linkedin me-2"></i>LinkedIn
</a>
<a id="share-facebook" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-facebook me-2"></i>Facebook
</a>
</div>
</div>
</div>
</div>
<style>
.heading-share-modal {
position: fixed;
inset: 0;
display: flex;
justify-content: center;
align-items: center;
background: rgba(0, 0, 0, 0.6);
z-index: 1050;
padding: 1rem;
backdrop-filter: blur(4px);
-webkit-backdrop-filter: blur(4px);
}
.heading-share-modal[hidden] { display: none !important; }
.hsm-dialog {
max-width: 420px;
width: 100%;
background: var(--bs-body-bg, #fff);
color: var(--bs-body-color, #212529);
border: 1px solid var(--bs-border-color, rgba(0,0,0,0.1));
border-radius: 1rem;
box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25);
overflow: hidden;
animation: hsm-fade-in 0.2s ease-out;
}
@keyframes hsm-fade-in {
from { opacity: 0; transform: scale(0.95); }
to { opacity: 1; transform: scale(1); }
}
[data-bs-theme="dark"] .hsm-dialog {
background: #1e293b;
border-color: rgba(255,255,255,0.1);
color: #f8f9fa;
}
.hsm-header {
display: flex;
justify-content: space-between;
align-items: center;
padding: 1rem 1.5rem;
border-bottom: 1px solid var(--bs-border-color, rgba(0,0,0,0.1));
background: rgba(0,0,0,0.02);
}
[data-bs-theme="dark"] .hsm-header {
background: rgba(255,255,255,0.02);
border-color: rgba(255,255,255,0.1);
}
.hsm-close {
background: transparent;
border: none;
color: inherit;
opacity: 0.5;
padding: 0.25rem 0.5rem;
border-radius: 0.25rem;
font-size: 1.2rem;
line-height: 1;
transition: opacity 0.2s;
}
.hsm-close:hover {
opacity: 1;
}
.hsm-body {
padding: 1.5rem;
}
.hsm-url-group {
display: flex !important;
align-items: stretch;
}
.hsm-url-group .form-control {
flex: 1;
min-width: 0;
margin: 0;
background: var(--bs-secondary-bg, #f8f9fa);
border-color: var(--bs-border-color, #dee2e6);
border-top-right-radius: 0;
border-bottom-right-radius: 0;
height: 42px;
}
.hsm-url-group .btn {
flex: 0 0 auto;
margin: 0;
margin-left: -1px;
border-top-left-radius: 0;
border-bottom-left-radius: 0;
height: 42px;
display: flex;
align-items: center;
justify-content: center;
padding: 0 1.25rem;
z-index: 2;
}
[data-bs-theme="dark"] .hsm-url-group .form-control {
background: #0f172a;
border-color: #334155;
color: #e2e8f0;
}
.hsm-share-grid {
display: flex;
flex-direction: column;
gap: 0.5rem;
}
.hsm-share-grid .btn {
display: flex;
align-items: center;
justify-content: center;
font-size: 0.9rem;
padding: 0.6rem;
border-color: var(--bs-border-color);
width: 100%;
}
[data-bs-theme="dark"] .hsm-share-grid .btn {
color: #e2e8f0;
border-color: #475569;
}
[data-bs-theme="dark"] .hsm-share-grid .btn:hover {
background: #334155;
border-color: #cbd5e1;
}
</style>
<script>
(function(){
const modal = document.getElementById('headingShareModal');
if(!modal) return;
const input = modal.querySelector('#headingShareInput');
const copyBtn = modal.querySelector('.hsm-copy');
const twitter = modal.querySelector('#share-twitter');
const linkedin = modal.querySelector('#share-linkedin');
const facebook = modal.querySelector('#share-facebook');
const closeBtn = modal.querySelector('.hsm-close');
let lastFocus=null;
let trapBound=false;
function buildUrl(id){ return window.location.origin + window.location.pathname + '#' + id; }
function isOpen(){ return !modal.hasAttribute('hidden'); }
function hydrate(id){
const url=buildUrl(id);
input.value=url;
const enc=encodeURIComponent(url);
const text=encodeURIComponent(document.title);
if(twitter) twitter.href=`https://twitter.com/intent/tweet?url=${enc}&text=${text}`;
if(linkedin) linkedin.href=`https://www.linkedin.com/sharing/share-offsite/?url=${enc}`;
if(facebook) facebook.href=`https://www.facebook.com/sharer/sharer.php?u=${enc}`;
}
function openModal(id){
lastFocus=document.activeElement;
hydrate(id);
if(!isOpen()){
modal.removeAttribute('hidden');
}
requestAnimationFrame(()=>{ input.focus(); });
trapFocus();
}
function closeModal(){
if(!isOpen()) return;
modal.setAttribute('hidden','');
if(lastFocus && typeof lastFocus.focus==='function') lastFocus.focus();
}
function copyCurrent(){
try{ navigator.clipboard.writeText(input.value).then(()=>feedback(true),()=>fallback()); }
catch(e){ fallback(); }
}
function fallback(){ input.select(); try{ document.execCommand('copy'); feedback(true);}catch(e){ feedback(false);} }
function feedback(ok){ if(!copyBtn) return; const icon=copyBtn.querySelector('i'); if(!icon) return; const prev=copyBtn.getAttribute('data-prev')||icon.className; if(!copyBtn.getAttribute('data-prev')) copyBtn.setAttribute('data-prev',prev); icon.className= ok ? 'fa-duotone fa-clipboard-check':'fa-duotone fa-circle-exclamation'; setTimeout(()=>{ icon.className=prev; },1800); }
function handleShareClick(e){ e.preventDefault(); const btn=e.currentTarget; const id=btn.getAttribute('data-share-target'); if(id) openModal(id); }
function bindShareButtons(){
document.querySelectorAll('.h-share').forEach(btn=>{
if(!btn.dataset.hShareBound){ btn.addEventListener('click', handleShareClick); btn.dataset.hShareBound='1'; }
});
}
bindShareButtons();
if(document.readyState==='loading'){
document.addEventListener('DOMContentLoaded', bindShareButtons);
} else {
requestAnimationFrame(bindShareButtons);
}
document.addEventListener('click', function(e){
const shareBtn=e.target.closest && e.target.closest('.h-share');
if(shareBtn && !shareBtn.dataset.hShareBound){ handleShareClick.call(shareBtn, e); }
}, true);
document.addEventListener('click', e=>{
if(e.target===modal) closeModal();
if(e.target.closest && e.target.closest('.hsm-close')){ e.preventDefault(); closeModal(); }
if(copyBtn && (e.target===copyBtn || (e.target.closest && e.target.closest('.hsm-copy')))) { e.preventDefault(); copyCurrent(); }
});
document.addEventListener('keydown', e=>{ if(e.key==='Escape' && isOpen()) closeModal(); });
function trapFocus(){
if(trapBound) return;
trapBound=true;
modal.addEventListener('keydown', f=>{ if(f.key==='Tab' && isOpen()){ const focusable=[...modal.querySelectorAll('a[href],button,input,textarea,select,[tabindex]:not([tabindex="-1"])')].filter(el=>!el.hasAttribute('disabled')); if(!focusable.length) return; const first=focusable[0]; const last=focusable[focusable.length-1]; if(f.shiftKey && document.activeElement===first){ f.preventDefault(); last.focus(); } else if(!f.shiftKey && document.activeElement===last){ f.preventDefault(); first.focus(); } } });
}
if(closeBtn) closeBtn.addEventListener('click', e=>{ e.preventDefault(); closeModal(); });
})();
</script><p>Fraud detection leverages graph relationships to uncover hidden connections between accounts, devices, transactions, and identities that traditional systems miss. Geode’s native graph processing excels at identifying fraud rings, money laundering networks, identity theft patterns, and coordinated attacks in real-time.</p>
<h3 id="why-graphs-for-fraud-detection" class="position-relative d-flex align-items-center group">
<span>Why Graphs for Fraud Detection</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="why-graphs-for-fraud-detection"
aria-haspopup="dialog"
aria-label="Share link: Why Graphs for Fraud Detection">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><p>Fraudsters operate through networks of relationships that are invisible in relational databases but obvious in graphs. A single suspicious account becomes a fraud ring when you discover it shares devices, IP addresses, payment methods, and phone numbers with dozens of other accounts.</p>
<h4 id="core-concepts" class="position-relative d-flex align-items-center group">
<span>Core Concepts</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="core-concepts"
aria-haspopup="dialog"
aria-label="Share link: Core Concepts">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>First-Party Fraud</strong>: Individuals committing fraud directly (identity theft, application fraud, synthetic identities).</p>
<p><strong>Third-Party Fraud</strong>: Organized fraud rings coordinating attacks across multiple accounts and identities.</p>
<p><strong>Fraud Rings</strong>: Networks of connected fraudulent accounts identified through shared attributes and behavioral patterns.</p>
<p><strong>Velocity Checks</strong>: Detecting anomalous rates of activity (rapid account creation, transaction bursts, geographic impossibility).</p>
<h3 id="detecting-fraud-rings" class="position-relative d-flex align-items-center group">
<span>Detecting Fraud Rings</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="detecting-fraud-rings"
aria-haspopup="dialog"
aria-label="Share link: Detecting Fraud Rings">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><p>Fraud rings are groups of accounts controlled by the same entity or organization, often sharing common attributes.</p>
<h4 id="shared-device-detection" class="position-relative d-flex align-items-center group">
<span>Shared Device Detection</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="shared-device-detection"
aria-haspopup="dialog"
aria-label="Share link: Shared Device Detection">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Find</span><span class="w"> </span><span class="py">accounts</span><span class="w"> </span><span class="py">sharing</span><span class="w"> </span><span class="py">devices</span><span class="w"> </span><span class="p">(</span><span class="py">potential</span><span class="w"> </span><span class="py">fraud</span><span class="w"> </span><span class="py">ring</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">device</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="err"><-</span><span class="p">[:</span><span class="nc">USES</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">account1</span><span class="p">:</span><span class="nc">Account</span><span class="p">),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">(</span><span class="py">device</span><span class="p">)</span><span class="err"><-</span><span class="p">[:</span><span class="nc">USES</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">account2</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">account1</span><span class="w"> </span><span class="err"><></span><span class="w"> </span><span class="py">account2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">account1</span><span class="err">.</span><span class="py">created_date</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_DATE</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">30</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">account2</span><span class="err">.</span><span class="py">created_date</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_DATE</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">30</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">device</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COLLECT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">account1</span><span class="p">)</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">COLLECT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">account2</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">accounts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">SIZE</span><span class="p">(</span><span class="py">accounts</span><span class="p">)</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">device</span><span class="err">.</span><span class="py">fingerprint</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">device_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SIZE</span><span class="p">(</span><span class="py">accounts</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">account_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">a</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">accounts</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">email</span><span class="p">][</span><span class="err">.</span><span class="mf">.10</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">sample_accounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">MAX</span><span class="p">([</span><span class="py">a</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">accounts</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">created_date</span><span class="p">])</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">most_recent_account</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">ORDER</span><span class="w"> </span><span class="py">BY</span><span class="w"> </span><span class="py">account_count</span><span class="w"> </span><span class="py">DESC</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="multi-hop-fraud-network" class="position-relative d-flex align-items-center group">
<span>Multi-Hop Fraud Network</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="multi-hop-fraud-network"
aria-haspopup="dialog"
aria-label="Share link: Multi-Hop Fraud Network">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Expand</span><span class="w"> </span><span class="py">fraud</span><span class="w"> </span><span class="py">network</span><span class="w"> </span><span class="py">through</span><span class="w"> </span><span class="py">multiple</span><span class="w"> </span><span class="py">relationship</span><span class="w"> </span><span class="kd">type</span><span class="nc">s</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">seed</span><span class="p">:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">flagged</span><span class="p">:</span><span class="w"> </span><span class="nc">true</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="py">path</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="p">(</span><span class="py">seed</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USES</span><span class="p">|</span><span class="py">SHARES_IP</span><span class="p">|</span><span class="py">SAME_PHONE</span><span class="p">|</span><span class="py">PAYMENT_METHOD</span><span class="err">*</span><span class="py">1</span><span class="err">.</span><span class="mf">.3</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">connected</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">ALL</span><span class="p">(</span><span class="py">rel</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">RELATIONSHIPS</span><span class="p">(</span><span class="py">path</span><span class="p">)</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">TYPE</span><span class="p">(</span><span class="py">rel</span><span class="p">)</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="p">[</span><span class="err">'</span><span class="py">USES</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'</span><span class="py">SHARES_IP</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'</span><span class="py">SAME_PHONE</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'</span><span class="py">PAYMENT_METHOD</span><span class="err">'</span><span class="p">])</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">connected</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">seed</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">flagged_connections</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COLLECT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">TYPE</span><span class="p">(</span><span class="py">RELATIONSHIPS</span><span class="p">(</span><span class="py">path</span><span class="p">)[</span><span class="py">0</span><span class="p">]))</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">connection_types</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">flagged_connections</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">connected</span><span class="err">.</span><span class="py">id</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">suspicious_account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">connected</span><span class="err">.</span><span class="py">email</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">email</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">flagged_connections</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">risk_score</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">connection_types</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">shared_attributes</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">ORDER</span><span class="w"> </span><span class="py">BY</span><span class="w"> </span><span class="py">risk_score</span><span class="w"> </span><span class="py">DESC</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="synthetic-identity-detection" class="position-relative d-flex align-items-center group">
<span>Synthetic Identity Detection</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="synthetic-identity-detection"
aria-haspopup="dialog"
aria-label="Share link: Synthetic Identity Detection">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Detect</span><span class="w"> </span><span class="py">synthetic</span><span class="w"> </span><span class="py">identities</span><span class="w"> </span><span class="p">(</span><span class="py">fabricated</span><span class="w"> </span><span class="py">personas</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">created_date</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_DATE</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">90</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USES</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">device</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">device_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FROM_IP</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">ip</span><span class="p">:</span><span class="nc">IPAddress</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">ip_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">HAS_PHONE</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Phone</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">phone_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">PAYMENT_METHOD</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">CreditCard</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">card_count</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">device_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">ip_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">20</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">phone_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">card_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">SHARES_ATTRIBUTE</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">other</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">other</span><span class="err">.</span><span class="py">created_date</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_DATE</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">90</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">other</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">linked_accounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">device_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ip_count</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">linked_accounts</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">15</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">email</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">linked_accounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">device_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ip_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">(</span><span class="py">linked_accounts</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">10</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">device_count</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">5</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">ip_count</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">2</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">synthetic_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">ORDER</span><span class="w"> </span><span class="py">BY</span><span class="w"> </span><span class="py">synthetic_score</span><span class="w"> </span><span class="py">DESC</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="transaction-pattern-analysis" class="position-relative d-flex align-items-center group">
<span>Transaction Pattern Analysis</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="transaction-pattern-analysis"
aria-haspopup="dialog"
aria-label="Share link: Transaction Pattern Analysis">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="rapid-fire-transactions" class="position-relative d-flex align-items-center group">
<span>Rapid Fire Transactions</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="rapid-fire-transactions"
aria-haspopup="dialog"
aria-label="Share link: Rapid Fire Transactions">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Detect</span><span class="w"> </span><span class="py">suspiciously</span><span class="w"> </span><span class="py">rapid</span><span class="w"> </span><span class="py">transaction</span><span class="w"> </span><span class="py">sequences</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">t</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">merchant</span><span class="p">:</span><span class="nc">Merchant</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">1</span><span class="err">'</span><span class="w"> </span><span class="py">HOUR</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">t</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">transaction_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SUM</span><span class="p">(</span><span class="py">t</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COLLECT</span><span class="p">(</span><span class="py">t</span><span class="err">.</span><span class="py">timestamp</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">timestamps</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">transaction_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">20</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">transaction_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">total_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">timestamps</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">i</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">RANGE</span><span class="p">(</span><span class="py">1</span><span class="p">,</span><span class="w"> </span><span class="py">SIZE</span><span class="p">(</span><span class="py">timestamps</span><span class="p">)</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">1</span><span class="p">)</span><span class="w"> </span><span class="p">|</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">DURATION</span><span class="err">.</span><span class="py">BETWEEN</span><span class="p">(</span><span class="py">timestamps</span><span class="p">[</span><span class="py">i</span><span class="err">-</span><span class="py">1</span><span class="p">],</span><span class="w"> </span><span class="py">timestamps</span><span class="p">[</span><span class="py">i</span><span class="p">])</span><span class="err">.</span><span class="py">seconds</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">intervals</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">ANY</span><span class="p">(</span><span class="py">interval</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">intervals</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">interval</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">5</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">transaction_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">total_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">MIN</span><span class="p">(</span><span class="py">intervals</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">min_seconds_between</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">'</span><span class="py">RAPID_FIRE</span><span class="err">'</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">fraud_type</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="geographic-impossibility" class="position-relative d-flex align-items-center group">
<span>Geographic Impossibility</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="geographic-impossibility"
aria-haspopup="dialog"
aria-label="Share link: Geographic Impossibility">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Detect</span><span class="w"> </span><span class="py">transactions</span><span class="w"> </span><span class="py">from</span><span class="w"> </span><span class="py">impossible</span><span class="w"> </span><span class="py">geographic</span><span class="w"> </span><span class="py">locations</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">t1</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">m1</span><span class="p">:</span><span class="nc">Merchant</span><span class="p">),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">t2</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">m2</span><span class="p">:</span><span class="nc">Merchant</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">t2</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">t1</span><span class="err">.</span><span class="py">timestamp</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">t2</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">t1</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">2</span><span class="err">'</span><span class="w"> </span><span class="py">HOUR</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">m1</span><span class="err">.</span><span class="py">location</span><span class="w"> </span><span class="err"><></span><span class="w"> </span><span class="py">m2</span><span class="err">.</span><span class="py">location</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">t1</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">t2</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">m1</span><span class="err">.</span><span class="py">location</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">loc1</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">m2</span><span class="err">.</span><span class="py">location</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">loc2</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">DURATION</span><span class="err">.</span><span class="py">BETWEEN</span><span class="p">(</span><span class="py">t1</span><span class="err">.</span><span class="py">timestamp</span><span class="p">,</span><span class="w"> </span><span class="py">t2</span><span class="err">.</span><span class="py">timestamp</span><span class="p">)</span><span class="err">.</span><span class="py">minutes</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">time_diff</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">DISTANCE</span><span class="p">(</span><span class="py">m1</span><span class="err">.</span><span class="py">coordinates</span><span class="p">,</span><span class="w"> </span><span class="py">m2</span><span class="err">.</span><span class="py">coordinates</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">distance_km</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">distance_km</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">500</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">distance_km</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="py">time_diff</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">200</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="py">Speed</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">200</span><span class="w"> </span><span class="py">km</span><span class="err">/</span><span class="py">h</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">t1</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">first_transaction</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">t2</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">second_transaction</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">loc1</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">loc2</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">distance_km</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">distance_km</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="py">time_diff</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">implied_speed</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">'</span><span class="py">GEOGRAPHIC_IMPOSSIBILITY</span><span class="err">'</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">fraud_indicator</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="money-laundering-patterns" class="position-relative d-flex align-items-center group">
<span>Money Laundering Patterns</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="money-laundering-patterns"
aria-haspopup="dialog"
aria-label="Share link: Money Laundering Patterns">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Detect</span><span class="w"> </span><span class="py">layering</span><span class="w"> </span><span class="py">patterns</span><span class="w"> </span><span class="p">(</span><span class="py">rapid</span><span class="w"> </span><span class="py">movement</span><span class="w"> </span><span class="py">through</span><span class="w"> </span><span class="py">accounts</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="py">path</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="p">(</span><span class="py">origin</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">TRANSFER</span><span class="err">*</span><span class="py">3</span><span class="err">.</span><span class="mf">.6</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">destination</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">origin</span><span class="w"> </span><span class="err"><></span><span class="w"> </span><span class="py">destination</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">ALL</span><span class="p">(</span><span class="py">rel</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">RELATIONSHIPS</span><span class="p">(</span><span class="py">path</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">rel</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">24</span><span class="err">'</span><span class="w"> </span><span class="py">HOUR</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">origin</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">destination</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">path</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">rel</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">RELATIONSHIPS</span><span class="p">(</span><span class="py">path</span><span class="p">)</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">rel</span><span class="err">.</span><span class="py">amount</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">amounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">LENGTH</span><span class="p">(</span><span class="py">path</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">hops</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">ALL</span><span class="p">(</span><span class="py">amount</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">amounts</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">amount</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">1000</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">hops</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">REDUCE</span><span class="p">(</span><span class="py">total</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">0</span><span class="p">,</span><span class="w"> </span><span class="py">amount</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">amounts</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">total</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">10000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">origin</span><span class="err">.</span><span class="py">id</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">source_account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">destination</span><span class="err">.</span><span class="py">id</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">final_account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">hops</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">REDUCE</span><span class="p">(</span><span class="py">total</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">0</span><span class="p">,</span><span class="w"> </span><span class="py">amount</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">amounts</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">total</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_transferred</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">n</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">NODES</span><span class="p">(</span><span class="py">path</span><span class="p">)[</span><span class="py">1</span><span class="err">..-</span><span class="py">1</span><span class="p">]</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">n</span><span class="err">.</span><span class="py">id</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">intermediary_accounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">'</span><span class="py">LAYERING</span><span class="err">'</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">pattern_type</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">ORDER</span><span class="w"> </span><span class="py">BY</span><span class="w"> </span><span class="py">total_transferred</span><span class="w"> </span><span class="py">DESC</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="real-time-fraud-scoring" class="position-relative d-flex align-items-center group">
<span>Real-Time Fraud Scoring</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="real-time-fraud-scoring"
aria-haspopup="dialog"
aria-label="Share link: Real-Time Fraud Scoring">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="composite-risk-score" class="position-relative d-flex align-items-center group">
<span>Composite Risk Score</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="composite-risk-score"
aria-haspopup="dialog"
aria-label="Share link: Composite Risk Score">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Calculate</span><span class="w"> </span><span class="py">real</span><span class="err">-</span><span class="py">time</span><span class="w"> </span><span class="py">fraud</span><span class="w"> </span><span class="py">risk</span><span class="w"> </span><span class="py">score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nv">$account_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="nc">Device</span><span class="w"> </span><span class="py">sharing</span><span class="w"> </span><span class="py">risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USES</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">d</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="err"><-</span><span class="p">[:</span><span class="nc">USES</span><span class="p">]</span><span class="err">-</span><span class="p">(:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">flagged</span><span class="p">:</span><span class="w"> </span><span class="nc">true</span><span class="p">})</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">flagged_device_connections</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">IP</span><span class="w"> </span><span class="py">sharing</span><span class="w"> </span><span class="py">risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">flagged_device_connections</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FROM_IP</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">ip</span><span class="p">:</span><span class="nc">IPAddress</span><span class="p">)</span><span class="err"><-</span><span class="p">[:</span><span class="nc">FROM_IP</span><span class="p">]</span><span class="err">-</span><span class="p">(:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">flagged</span><span class="p">:</span><span class="w"> </span><span class="nc">true</span><span class="p">})</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">flagged_ip_connections</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Velocity</span><span class="w"> </span><span class="py">risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">flagged_device_connections</span><span class="p">,</span><span class="w"> </span><span class="py">flagged_ip_connections</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">t</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-></span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">1</span><span class="err">'</span><span class="w"> </span><span class="py">HOUR</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">recent_transactions</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Account</span><span class="w"> </span><span class="py">age</span><span class="w"> </span><span class="py">risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">flagged_device_connections</span><span class="p">,</span><span class="w"> </span><span class="py">flagged_ip_connections</span><span class="p">,</span><span class="w"> </span><span class="py">recent_transactions</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">DURATION</span><span class="err">.</span><span class="py">BETWEEN</span><span class="p">(</span><span class="py">account</span><span class="err">.</span><span class="py">created_date</span><span class="p">,</span><span class="w"> </span><span class="py">CURRENT_DATE</span><span class="p">)</span><span class="err">.</span><span class="py">days</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">account_age_days</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Network</span><span class="w"> </span><span class="py">size</span><span class="w"> </span><span class="py">risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">flagged_device_connections</span><span class="p">,</span><span class="w"> </span><span class="py">flagged_ip_connections</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">recent_transactions</span><span class="p">,</span><span class="w"> </span><span class="py">account_age_days</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">SHARES_ATTRIBUTE</span><span class="p">]</span><span class="err">-</span><span class="p">()</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">network_size</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">email</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">flagged_device_connections</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">20</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">device_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">flagged_ip_connections</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">15</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">ip_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">CASE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">recent_transactions</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">50</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">50</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">recent_transactions</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">20</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">30</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">recent_transactions</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">10</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">15</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="py">0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">END</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">velocity_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">CASE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">account_age_days</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">7</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">25</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">account_age_days</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">30</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">15</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">account_age_days</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">90</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="py">0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">END</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">new_account_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">CASE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">network_size</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">100</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">30</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">network_size</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">50</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">20</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">network_size</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">20</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="py">0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">END</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">network_risk</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">(</span><span class="py">flagged_device_connections</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">20</span><span class="w"> </span><span class="err">+</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">flagged_ip_connections</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">15</span><span class="w"> </span><span class="err">+</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">velocity_risk</span><span class="w"> </span><span class="err">+</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">new_account_risk</span><span class="w"> </span><span class="err">+</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">network_risk</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_fraud_score</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="behavioral-anomaly-detection" class="position-relative d-flex align-items-center group">
<span>Behavioral Anomaly Detection</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="behavioral-anomaly-detection"
aria-haspopup="dialog"
aria-label="Share link: Behavioral Anomaly Detection">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Detect</span><span class="w"> </span><span class="py">deviations</span><span class="w"> </span><span class="py">from</span><span class="w"> </span><span class="py">normal</span><span class="w"> </span><span class="py">behavior</span><span class="w"> </span><span class="py">patterns</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nv">$account_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="nc">Calculate</span><span class="w"> </span><span class="py">historical</span><span class="w"> </span><span class="py">baseline</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AVG</span><span class="p">([</span><span class="py">t</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="p">[(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">trans</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-></span><span class="p">()</span><span class="w"> </span><span class="py">WHERE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">trans</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">90</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">trans</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">7</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">trans</span><span class="err">.</span><span class="py">amount</span><span class="p">]])</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">avg_historical_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">STDEV</span><span class="p">([</span><span class="py">t</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="p">[(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">trans</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-></span><span class="p">()</span><span class="w"> </span><span class="py">WHERE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">trans</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">90</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">trans</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">7</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">trans</span><span class="err">.</span><span class="py">amount</span><span class="p">]])</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">stddev_historical_amount</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Compare</span><span class="w"> </span><span class="py">recent</span><span class="w"> </span><span class="py">transactions</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">recent</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-></span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">recent</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">1</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">avg_historical_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">stddev_historical_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COLLECT</span><span class="p">(</span><span class="py">recent</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">recent_amounts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">SIZE</span><span class="p">(</span><span class="py">recent_amounts</span><span class="p">)</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">avg_historical_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">stddev_historical_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">recent_amounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">amount</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">recent_amounts</span><span class="w"> </span><span class="py">WHERE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ABS</span><span class="p">(</span><span class="py">amount</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">avg_historical_amount</span><span class="p">)</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">3</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">stddev_historical_amount</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">anomalous_amounts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">SIZE</span><span class="p">(</span><span class="py">anomalous_amounts</span><span class="p">)</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">avg_historical_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">anomalous_amounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SIZE</span><span class="p">(</span><span class="py">anomalous_amounts</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">anomaly_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">'</span><span class="py">BEHAVIORAL_ANOMALY</span><span class="err">'</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">alert_type</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="application-fraud-prevention" class="position-relative d-flex align-items-center group">
<span>Application Fraud Prevention</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="application-fraud-prevention"
aria-haspopup="dialog"
aria-label="Share link: Application Fraud Prevention">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="account-takeover-detection" class="position-relative d-flex align-items-center group">
<span>Account Takeover Detection</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="account-takeover-detection"
aria-haspopup="dialog"
aria-label="Share link: Account Takeover Detection">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Detect</span><span class="w"> </span><span class="py">potential</span><span class="w"> </span><span class="py">account</span><span class="w"> </span><span class="py">takeovers</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">login</span><span class="p">:</span><span class="nc">LOGIN</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">device</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">login</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">7</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COLLECT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">device</span><span class="err">.</span><span class="py">fingerprint</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">recent_devices</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">LOGIN</span><span class="w"> </span><span class="p">{</span><span class="py">successful</span><span class="p">:</span><span class="w"> </span><span class="nc">true</span><span class="p">}]</span><span class="err">-></span><span class="p">()</span><span class="w"> </span><span class="py">WHERE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">login</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">90</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">login</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">7</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">historical_logins</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">LOGIN</span><span class="w"> </span><span class="p">{</span><span class="py">successful</span><span class="p">:</span><span class="w"> </span><span class="nc">true</span><span class="p">}]</span><span class="err">-></span><span class="p">()</span><span class="w"> </span><span class="py">WHERE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">login</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">7</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">recent_logins</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Check</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">new</span><span class="w"> </span><span class="py">devices</span><span class="w"> </span><span class="py">with</span><span class="w"> </span><span class="py">high</span><span class="w"> </span><span class="py">activity</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">recent_devices</span><span class="p">,</span><span class="w"> </span><span class="py">historical_logins</span><span class="p">,</span><span class="w"> </span><span class="py">recent_logins</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">recent_logins</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">historical_logins</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">SIZE</span><span class="p">(</span><span class="py">recent_devices</span><span class="p">)</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">LOGIN</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">new_device</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">NOT</span><span class="w"> </span><span class="py">EXISTS</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">LOGIN</span><span class="p">]</span><span class="err">-></span><span class="py">new_device</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">login</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">CURRENT_TIMESTAMP</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">7</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">new_device</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">new_device_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">recent_logins</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">new_device_count</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">email</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">new_device_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">recent_logins</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">'</span><span class="py">ACCOUNT_TAKEOVER_SUSPECTED</span><span class="err">'</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">alert</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="duplicate-account-detection" class="position-relative d-flex align-items-center group">
<span>Duplicate Account Detection</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="duplicate-account-detection"
aria-haspopup="dialog"
aria-label="Share link: Duplicate Account Detection">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Find</span><span class="w"> </span><span class="py">duplicate</span><span class="w"> </span><span class="py">or</span><span class="w"> </span><span class="py">related</span><span class="w"> </span><span class="py">accounts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a1</span><span class="p">:</span><span class="nc">Account</span><span class="p">),</span><span class="w"> </span><span class="p">(</span><span class="py">a2</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">ID</span><span class="p">(</span><span class="py">a1</span><span class="p">)</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">ID</span><span class="p">(</span><span class="py">a2</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="p">(</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">a1</span><span class="err">.</span><span class="py">email</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">a2</span><span class="err">.</span><span class="py">email</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">a1</span><span class="err">.</span><span class="py">phone</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">a2</span><span class="err">.</span><span class="py">phone</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">LEVENSHTEIN</span><span class="p">(</span><span class="py">a1</span><span class="err">.</span><span class="py">name</span><span class="p">,</span><span class="w"> </span><span class="py">a2</span><span class="err">.</span><span class="py">name</span><span class="p">)</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">a1</span><span class="err">.</span><span class="py">ssn_last4</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">a2</span><span class="err">.</span><span class="py">ssn_last4</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">a1</span><span class="p">,</span><span class="w"> </span><span class="py">a2</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">a1</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USES</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Device</span><span class="p">)</span><span class="err"><-</span><span class="p">[:</span><span class="nc">USES</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">a2</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">shared_devices</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">a1</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FROM_IP</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">IPAddress</span><span class="p">)</span><span class="err"><-</span><span class="p">[:</span><span class="nc">FROM_IP</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">a2</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">shared_ips</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">shared_devices</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">shared_ips</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">a1</span><span class="err">.</span><span class="py">id</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">account1</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">a2</span><span class="err">.</span><span class="py">id</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">account2</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">a1</span><span class="err">.</span><span class="py">email</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">email1</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">a2</span><span class="err">.</span><span class="py">email</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">email2</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">shared_devices</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">shared_ips</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">'</span><span class="py">DUPLICATE_ACCOUNT</span><span class="err">'</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">fraud_type</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="best-practices" class="position-relative d-flex align-items-center group">
<span>Best Practices</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="best-practices"
aria-haspopup="dialog"
aria-label="Share link: Best Practices">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="graph-model-design" class="position-relative d-flex align-items-center group">
<span>Graph Model Design</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="graph-model-design"
aria-haspopup="dialog"
aria-label="Share link: Graph Model Design">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>Entity Resolution</strong>: Create nodes for shared attributes (devices, IPs, phones, payment methods) to make connections explicit and queryable.</p>
<p><strong>Temporal Properties</strong>: Store timestamps on all relationships to enable time-based analysis and velocity checks.</p>
<p><strong>Fraud Flags</strong>: Add boolean flags and timestamps when accounts/transactions are flagged for efficient filtering in subsequent queries.</p>
<p><strong>Attribute Hashing</strong>: Hash sensitive identifiers (SSN, credit cards) while preserving ability to detect matches.</p>
<h4 id="performance-optimization" class="position-relative d-flex align-items-center group">
<span>Performance Optimization</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="performance-optimization"
aria-haspopup="dialog"
aria-label="Share link: Performance Optimization">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Index</span><span class="w"> </span><span class="py">high</span><span class="err">-</span><span class="py">cardinality</span><span class="w"> </span><span class="py">lookup</span><span class="w"> </span><span class="py">fields</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">account_email_idx</span><span class="w"> </span><span class="py">FOR</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="err">.</span><span class="py">email</span><span class="p">)</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">device_fingerprint_idx</span><span class="w"> </span><span class="py">FOR</span><span class="w"> </span><span class="p">(</span><span class="py">d</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">(</span><span class="py">d</span><span class="err">.</span><span class="py">fingerprint</span><span class="p">)</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">transaction_timestamp_idx</span><span class="w"> </span><span class="py">FOR</span><span class="w"> </span><span class="p">()</span><span class="err">-</span><span class="p">[</span><span class="py">t</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-</span><span class="p">()</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">(</span><span class="py">t</span><span class="err">.</span><span class="py">timestamp</span><span class="p">)</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">--</span><span class="w"> </span><span class="py">Use</span><span class="w"> </span><span class="kd">query</span><span class="w"> </span><span class="nc">hints</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">large</span><span class="w"> </span><span class="py">fraud</span><span class="w"> </span><span class="py">ring</span><span class="w"> </span><span class="py">detection</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">device</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="err"><-</span><span class="p">[:</span><span class="nc">USES</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">USING</span><span class="w"> </span><span class="py">INDEX</span><span class="w"> </span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="p">(</span><span class="py">created_date</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">account</span><span class="err">.</span><span class="py">created_date</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">CURRENT_DATE</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">INTERVAL</span><span class="w"> </span><span class="err">'</span><span class="py">30</span><span class="err">'</span><span class="w"> </span><span class="py">DAY</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">device</span><span class="p">,</span><span class="w"> </span><span class="py">COLLECT</span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">accounts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">SIZE</span><span class="p">(</span><span class="py">accounts</span><span class="p">)</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">device</span><span class="p">,</span><span class="w"> </span><span class="py">accounts</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="real-time-detection" class="position-relative d-flex align-items-center group">
<span>Real-Time Detection</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="real-time-detection"
aria-haspopup="dialog"
aria-label="Share link: Real-Time Detection">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>Stream Processing</strong>: Process transactions as they occur, computing fraud scores before authorization.</p>
<p><strong>Incremental Updates</strong>: Update fraud scores incrementally rather than recomputing entire graphs.</p>
<p><strong>Caching</strong>: Cache frequently accessed fraud indicators (device reputations, IP risk scores).</p>
<p><strong>Threshold Tuning</strong>: Adjust fraud score thresholds based on false positive rates and business impact.</p>
<h3 id="integration-examples" class="position-relative d-flex align-items-center group">
<span>Integration Examples</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="integration-examples"
aria-haspopup="dialog"
aria-label="Share link: Integration Examples">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="python-client---real-time-scoring" class="position-relative d-flex align-items-center group">
<span>Python Client - Real-Time Scoring</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="python-client---real-time-scoring"
aria-haspopup="dialog"
aria-label="Share link: Python Client - Real-Time Scoring">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"><span class="line"><span class="cl"><span class="kn">from</span> <span class="nn">geode_client</span> <span class="kn">import</span> <span class="n">Client</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="k">async</span> <span class="k">def</span> <span class="nf">check_transaction_fraud</span><span class="p">(</span><span class="n">client</span><span class="p">,</span> <span class="n">account_id</span><span class="p">,</span> <span class="n">amount</span><span class="p">,</span> <span class="n">device_id</span><span class="p">,</span> <span class="n">ip_address</span><span class="p">):</span>
</span></span><span class="line"><span class="cl"> <span class="n">result</span><span class="p">,</span> <span class="n">_</span> <span class="o">=</span> <span class="k">await</span> <span class="n">client</span><span class="o">.</span><span class="n">query</span><span class="p">(</span><span class="s2">"""
</span></span></span><span class="line"><span class="cl"><span class="s2"> MATCH (account:Account {id: $account_id})
</span></span></span><span class="line"><span class="cl"><span class="s2"> OPTIONAL MATCH (account)-[:USES]->(device:Device {id: $device_id})
</span></span></span><span class="line"><span class="cl"><span class="s2"> OPTIONAL MATCH (account)-[:FROM_IP]->(ip:IPAddress {address: $ip_address})
</span></span></span><span class="line"><span class="cl"><span class="s2">
</span></span></span><span class="line"><span class="cl"><span class="s2"> WITH account,
</span></span></span><span class="line"><span class="cl"><span class="s2"> device,
</span></span></span><span class="line"><span class="cl"><span class="s2"> ip,
</span></span></span><span class="line"><span class="cl"><span class="s2"> COUNT { (device)<-[:USES]-(:Account {flagged: true}) } AS device_risk,
</span></span></span><span class="line"><span class="cl"><span class="s2"> COUNT { (ip)<-[:FROM_IP]-(:Account {flagged: true}) } AS ip_risk,
</span></span></span><span class="line"><span class="cl"><span class="s2"> COUNT {
</span></span></span><span class="line"><span class="cl"><span class="s2"> (account)-[t:TRANSACTION]->()
</span></span></span><span class="line"><span class="cl"><span class="s2"> WHERE t.timestamp > CURRENT_TIMESTAMP - INTERVAL '1' HOUR
</span></span></span><span class="line"><span class="cl"><span class="s2"> } AS recent_txn_count
</span></span></span><span class="line"><span class="cl"><span class="s2">
</span></span></span><span class="line"><span class="cl"><span class="s2"> RETURN device_risk * 20 +
</span></span></span><span class="line"><span class="cl"><span class="s2"> ip_risk * 15 +
</span></span></span><span class="line"><span class="cl"><span class="s2"> CASE WHEN recent_txn_count > 10 THEN 30 ELSE 0 END +
</span></span></span><span class="line"><span class="cl"><span class="s2"> CASE WHEN $amount > account.avg_transaction * 5 THEN 25 ELSE 0 END
</span></span></span><span class="line"><span class="cl"><span class="s2"> AS fraud_score
</span></span></span><span class="line"><span class="cl"><span class="s2"> """</span><span class="p">,</span> <span class="p">{</span>
</span></span><span class="line"><span class="cl"> <span class="s1">'account_id'</span><span class="p">:</span> <span class="n">account_id</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="s1">'device_id'</span><span class="p">:</span> <span class="n">device_id</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="s1">'ip_address'</span><span class="p">:</span> <span class="n">ip_address</span><span class="p">,</span>
</span></span><span class="line"><span class="cl"> <span class="s1">'amount'</span><span class="p">:</span> <span class="n">amount</span>
</span></span><span class="line"><span class="cl"> <span class="p">})</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="n">fraud_score</span> <span class="o">=</span> <span class="n">result</span><span class="o">.</span><span class="n">rows</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="n">fraud_score</span> <span class="o">></span> <span class="mi">70</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="p">{</span><span class="s1">'decision'</span><span class="p">:</span> <span class="s1">'BLOCK'</span><span class="p">,</span> <span class="s1">'score'</span><span class="p">:</span> <span class="n">fraud_score</span><span class="p">}</span>
</span></span><span class="line"><span class="cl"> <span class="k">elif</span> <span class="n">fraud_score</span> <span class="o">></span> <span class="mi">40</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="p">{</span><span class="s1">'decision'</span><span class="p">:</span> <span class="s1">'REVIEW'</span><span class="p">,</span> <span class="s1">'score'</span><span class="p">:</span> <span class="n">fraud_score</span><span class="p">}</span>
</span></span><span class="line"><span class="cl"> <span class="k">else</span><span class="p">:</span>
</span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="p">{</span><span class="s1">'decision'</span><span class="p">:</span> <span class="s1">'APPROVE'</span><span class="p">,</span> <span class="s1">'score'</span><span class="p">:</span> <span class="n">fraud_score</span><span class="p">}</span>
</span></span></code></pre></div>
<h4 id="rust-client---fraud-ring-detection" class="position-relative d-flex align-items-center group">
<span>Rust Client - Fraud Ring Detection</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="rust-client---fraud-ring-detection"
aria-haspopup="dialog"
aria-label="Share link: Rust Client - Fraud Ring Detection">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-rust" data-lang="rust"><span class="line"><span class="cl"><span class="k">use</span><span class="w"> </span><span class="n">geode_client</span>::<span class="n">Client</span><span class="p">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="k">async</span><span class="w"> </span><span class="k">fn</span> <span class="nf">detect_fraud_ring</span><span class="p">(</span><span class="n">client</span>: <span class="kp">&</span><span class="nc">Client</span><span class="p">,</span><span class="w"> </span><span class="n">min_accounts</span>: <span class="kt">i32</span><span class="p">)</span><span class="w"> </span>-> <span class="nb">Result</span><span class="o"><</span><span class="nb">Vec</span><span class="o"><</span><span class="n">FraudRing</span><span class="o">>></span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="n">results</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="n">execute</span><span class="p">(</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="s">"MATCH (device:Device)<-[:USES]-(account:Account) </span><span class="se">\</span><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE account.created_date > CURRENT_DATE - INTERVAL '30' DAY </span><span class="se">\</span><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> WITH device, COLLECT(account) AS accounts </span><span class="se">\</span><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> WHERE SIZE(accounts) >= $min_accounts </span><span class="se">\</span><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> RETURN device.fingerprint AS device_id, </span><span class="se">\</span><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> SIZE(accounts) AS account_count, </span><span class="se">\</span><span class="s">
</span></span></span><span class="line"><span class="cl"><span class="s"> [a IN accounts | a.email] AS emails"</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="o">&</span><span class="p">[(</span><span class="s">"min_accounts"</span><span class="p">,</span><span class="w"> </span><span class="n">min_accounts</span><span class="p">.</span><span class="n">into</span><span class="p">())]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">).</span><span class="k">await</span><span class="o">?</span><span class="p">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="k">mut</span><span class="w"> </span><span class="n">fraud_rings</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">Vec</span>::<span class="n">new</span><span class="p">();</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">row</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="n">results</span><span class="p">.</span><span class="n">rows</span><span class="p">()</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">fraud_rings</span><span class="p">.</span><span class="n">push</span><span class="p">(</span><span class="n">FraudRing</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">device_id</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get_string</span><span class="p">(</span><span class="mi">0</span><span class="p">)</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">account_count</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get_int</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span><span class="o">?</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="kt">usize</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">emails</span>: <span class="nc">row</span><span class="p">.</span><span class="n">get_string_list</span><span class="p">(</span><span class="mi">2</span><span class="p">)</span><span class="o">?</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">});</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nb">Ok</span><span class="p">(</span><span class="n">fraud_rings</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="related-topics" class="position-relative d-flex align-items-center group">
<span>Related Topics</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="related-topics"
aria-haspopup="dialog"
aria-label="Share link: Related Topics">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><ul>
<li><strong>Anomaly Detection</strong>: See anomaly-detection tag for general anomaly detection patterns</li>
<li><strong>Pattern Matching</strong>: Check patterns tag for complex graph pattern queries</li>
<li><strong>Real-Time Analytics</strong>: Explore real-time-analytics for streaming fraud detection</li>
<li><strong>Security</strong>: Review security tag for authentication and access control integration</li>
</ul>
<h3 id="advanced-fraud-detection-patterns" class="position-relative d-flex align-items-center group">
<span>Advanced Fraud Detection Patterns</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="advanced-fraud-detection-patterns"
aria-haspopup="dialog"
aria-label="Share link: Advanced Fraud Detection Patterns">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="money-laundering-detection-layering--integration" class="position-relative d-flex align-items-center group">
<span>Money Laundering Detection (Layering &amp; Integration)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="money-laundering-detection-layering--integration"
aria-haspopup="dialog"
aria-label="Share link: Money Laundering Detection (Layering &amp; Integration)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Detect complex money laundering schemes:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Detect</span><span class="w"> </span><span class="py">smurfing</span><span class="w"> </span><span class="p">(</span><span class="py">structuring</span><span class="w"> </span><span class="py">to</span><span class="w"> </span><span class="py">avoid</span><span class="w"> </span><span class="py">reporting</span><span class="w"> </span><span class="py">thresholds</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">t</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-></span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">7</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">amount</span><span class="w"> </span><span class="py">BETWEEN</span><span class="w"> </span><span class="py">9000</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">9999</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">Just</span><span class="w"> </span><span class="py">below</span><span class="w"> </span><span class="nv">$10k</span><span class="w"> </span><span class="py">reporting</span><span class="w"> </span><span class="py">threshold</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">a</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">t</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">near_threshold_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SUM</span><span class="p">(</span><span class="py">t</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">date</span><span class="err">.</span><span class="py">truncate</span><span class="p">(</span><span class="err">'</span><span class="py">day</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">timestamp</span><span class="p">))</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">days_active</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">near_threshold_count</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">total_amount</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">40000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">account_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">near_threshold_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">total_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">days_active</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">'</span><span class="py">STRUCTURING</span><span class="err">'</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">fraud_pattern</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">--</span><span class="w"> </span><span class="py">Fan</span><span class="err">-</span><span class="py">out</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="py">Fan</span><span class="err">-</span><span class="py">in</span><span class="w"> </span><span class="py">patterns</span><span class="w"> </span><span class="p">(</span><span class="py">integration</span><span class="w"> </span><span class="py">phase</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">origin</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">t1</span><span class="p">:</span><span class="nc">TRANSFER</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">layer1</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">-</span><span class="p">[</span><span class="py">t2</span><span class="p">:</span><span class="nc">TRANSFER</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">layer2</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">t1</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">3</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">t2</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">t1</span><span class="err">.</span><span class="py">timestamp</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">t2</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">t1</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">PT2H</span><span class="err">'</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">origin</span><span class="p">,</span><span class="w"> </span><span class="py">layer2</span><span class="p">,</span><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">layer1</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">intermediaries</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">intermediaries</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">layer2</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">t3</span><span class="p">:</span><span class="nc">TRANSFER</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">destination</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">t3</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">3</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">origin</span><span class="p">,</span><span class="w"> </span><span class="py">destination</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">layer2</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">layering_nodes</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SUM</span><span class="p">(</span><span class="py">t3</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">final_amount</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">layering_nodes</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">2</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">final_amount</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">50000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">origin</span><span class="err">.</span><span class="py">account_id</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">source</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">destination</span><span class="err">.</span><span class="py">account_id</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">sink</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">layering_nodes</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">final_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">'</span><span class="py">LAYERING_NETWORK</span><span class="err">'</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">fraud_type</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="identity-verification-fraud" class="position-relative d-flex align-items-center group">
<span>Identity Verification Fraud</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="identity-verification-fraud"
aria-haspopup="dialog"
aria-label="Share link: Identity Verification Fraud">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Detect fake identities and account takeovers:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Synthetic</span><span class="w"> </span><span class="py">identity</span><span class="w"> </span><span class="py">detection</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">created_date</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">180</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">a</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">HAS_PHONE</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Phone</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">phone_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">HAS_EMAIL</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Email</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">email_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USES</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Device</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">device_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FROM_IP</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">IPAddress</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">ip_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SIZE</span><span class="p">((</span><span class="py">a</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">SHARES_SSN</span><span class="p">]</span><span class="err">-></span><span class="p">())</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">ssn_matches</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">phone_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">device_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">15</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">ip_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">25</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">ssn_matches</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">a</span><span class="p">,</span><span class="w"> </span><span class="py">phone_count</span><span class="p">,</span><span class="w"> </span><span class="py">device_count</span><span class="p">,</span><span class="w"> </span><span class="py">ip_count</span><span class="p">,</span><span class="w"> </span><span class="py">ssn_matches</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">phone_count</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">2</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">device_count</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">3</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">ip_count</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">ssn_matches</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">10</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">synthetic_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">synthetic_score</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">30</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">account_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">name</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">phone_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">device_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ip_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ssn_matches</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">synthetic_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">ORDER</span><span class="w"> </span><span class="py">BY</span><span class="w"> </span><span class="py">synthetic_score</span><span class="w"> </span><span class="py">DESC</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">--</span><span class="w"> </span><span class="py">Account</span><span class="w"> </span><span class="py">takeover</span><span class="w"> </span><span class="py">detection</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">login</span><span class="p">:</span><span class="nc">LOGIN</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">device</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">login</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">30</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">a</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COLLECT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">device</span><span class="err">.</span><span class="py">fingerprint</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">recent_devices</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">LOGIN</span><span class="p">]</span><span class="err">-></span><span class="p">()</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">login</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">30</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">historical_logins</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">a</span><span class="p">,</span><span class="w"> </span><span class="py">recent_devices</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SIZE</span><span class="p">([</span><span class="py">d</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">recent_devices</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">NOT</span><span class="w"> </span><span class="py">EXISTS</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">LOGIN</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Device</span><span class="w"> </span><span class="p">{</span><span class="py">fingerprint</span><span class="p">:</span><span class="w"> </span><span class="nc">d</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">login</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">30</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}])</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">new_device_count</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">new_device_count</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">recent_login</span><span class="p">:</span><span class="nc">LOGIN</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Device</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">recent_login</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">7</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">recent_login</span><span class="err">.</span><span class="py">failed_attempts</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">a</span><span class="p">,</span><span class="w"> </span><span class="py">new_device_count</span><span class="p">,</span><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">recent_login</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">failed_login_attempts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">failed_login_attempts</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">account_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">new_device_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">failed_login_attempts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">'</span><span class="py">ACCOUNT_TAKEOVER_SUSPECTED</span><span class="err">'</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">alert</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="card-not-present-cnp-fraud" class="position-relative d-flex align-items-center group">
<span>Card-Not-Present (CNP) Fraud</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="card-not-present-cnp-fraud"
aria-haspopup="dialog"
aria-label="Share link: Card-Not-Present (CNP) Fraud">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Detect online payment fraud:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Card</span><span class="w"> </span><span class="py">testing</span><span class="w"> </span><span class="py">patterns</span><span class="w"> </span><span class="p">(</span><span class="py">small</span><span class="w"> </span><span class="py">transactions</span><span class="w"> </span><span class="py">before</span><span class="w"> </span><span class="py">large</span><span class="w"> </span><span class="py">purchase</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">card</span><span class="p">:</span><span class="nc">CreditCard</span><span class="p">)</span><span class="err"><-</span><span class="p">[</span><span class="py">t</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">merchant</span><span class="p">:</span><span class="nc">Merchant</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusHours</span><span class="p">(</span><span class="py">24</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">card</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">t</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">tx_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">t</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">COLLECT</span><span class="p">(</span><span class="py">t</span><span class="p">)</span><span class="w"> </span><span class="py">ORDER</span><span class="w"> </span><span class="py">BY</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">amount</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">amounts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">card</span><span class="p">,</span><span class="w"> </span><span class="py">tx_count</span><span class="p">,</span><span class="w"> </span><span class="py">amounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">a</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">amounts</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">a</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">5</span><span class="mf">.0</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">small_amounts</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">[</span><span class="py">a</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">amounts</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">a</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">500</span><span class="mf">.0</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">large_amounts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">SIZE</span><span class="p">(</span><span class="py">small_amounts</span><span class="p">)</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">SIZE</span><span class="p">(</span><span class="py">large_amounts</span><span class="p">)</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">amounts</span><span class="p">[</span><span class="err">-</span><span class="py">1</span><span class="p">]</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">500</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">Latest</span><span class="w"> </span><span class="py">transaction</span><span class="w"> </span><span class="py">is</span><span class="w"> </span><span class="py">large</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">card</span><span class="err">.</span><span class="py">card_number_last4</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">tx_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SIZE</span><span class="p">(</span><span class="py">small_amounts</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">test_transactions</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">amounts</span><span class="p">[</span><span class="err">-</span><span class="py">1</span><span class="p">]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">large_purchase_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">'</span><span class="py">CARD_TESTING</span><span class="err">'</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">fraud_indicator</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">--</span><span class="w"> </span><span class="py">Cross</span><span class="err">-</span><span class="py">border</span><span class="w"> </span><span class="py">fraud</span><span class="w"> </span><span class="py">velocity</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">card</span><span class="p">:</span><span class="nc">CreditCard</span><span class="p">)</span><span class="err"><-</span><span class="p">[</span><span class="py">t</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">merchant</span><span class="p">:</span><span class="nc">Merchant</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">7</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">card</span><span class="p">,</span><span class="w"> </span><span class="py">merchant</span><span class="err">.</span><span class="py">country</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">country</span><span class="p">,</span><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">t</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">tx_in_country</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">card</span><span class="p">,</span><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">country</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">countries_used</span><span class="p">,</span><span class="w"> </span><span class="py">SUM</span><span class="p">(</span><span class="py">tx_in_country</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_tx</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">countries_used</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">5</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">total_tx</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">card</span><span class="p">)</span><span class="err"><-</span><span class="p">[</span><span class="py">recent</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">m</span><span class="p">:</span><span class="nc">Merchant</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">recent</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusHours</span><span class="p">(</span><span class="py">12</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">card</span><span class="p">,</span><span class="w"> </span><span class="py">countries_used</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COLLECT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">m</span><span class="err">.</span><span class="py">country</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">recent_countries</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">SIZE</span><span class="p">(</span><span class="py">recent_countries</span><span class="p">)</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">card</span><span class="err">.</span><span class="py">card_number_last4</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">countries_used</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">recent_countries</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">'</span><span class="py">GEOGRAPHIC_VELOCITY</span><span class="err">'</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">fraud_type</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="machine-learning-based-fraud-detection" class="position-relative d-flex align-items-center group">
<span>Machine Learning-Based Fraud Detection</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="machine-learning-based-fraud-detection"
aria-haspopup="dialog"
aria-label="Share link: Machine Learning-Based Fraud Detection">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="feature-engineering-for-ml-models" class="position-relative d-flex align-items-center group">
<span>Feature Engineering for ML Models</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="feature-engineering-for-ml-models"
aria-haspopup="dialog"
aria-label="Share link: Feature Engineering for ML Models">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Extract</span><span class="w"> </span><span class="py">fraud</span><span class="w"> </span><span class="py">detection</span><span class="w"> </span><span class="py">features</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">t</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-></span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">90</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">a</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">t</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">tx_count_90d</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AVG</span><span class="p">(</span><span class="py">t</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">avg_tx_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">STDDEV</span><span class="p">(</span><span class="py">t</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">stddev_tx_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">MAX</span><span class="p">(</span><span class="py">t</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">max_tx_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">date</span><span class="err">.</span><span class="py">truncate</span><span class="p">(</span><span class="err">'</span><span class="py">day</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">timestamp</span><span class="p">))</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">active_days</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">merchant_id</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">unique_merchants</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">a</span><span class="p">,</span><span class="w"> </span><span class="py">tx_count_90d</span><span class="p">,</span><span class="w"> </span><span class="py">avg_tx_amount</span><span class="p">,</span><span class="w"> </span><span class="py">stddev_tx_amount</span><span class="p">,</span><span class="w"> </span><span class="py">max_tx_amount</span><span class="p">,</span><span class="w"> </span><span class="py">active_days</span><span class="p">,</span><span class="w"> </span><span class="py">unique_merchants</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SIZE</span><span class="p">((</span><span class="py">a</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USES</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">Device</span><span class="p">))</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">device_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SIZE</span><span class="p">((</span><span class="py">a</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">FROM_IP</span><span class="p">]</span><span class="err">-></span><span class="p">(:</span><span class="nc">IPAddress</span><span class="p">))</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">ip_count</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">TRANSACTED_WITH</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">other</span><span class="p">:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">flagged</span><span class="p">:</span><span class="w"> </span><span class="nc">true</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">a</span><span class="p">,</span><span class="w"> </span><span class="py">tx_count_90d</span><span class="p">,</span><span class="w"> </span><span class="py">avg_tx_amount</span><span class="p">,</span><span class="w"> </span><span class="py">stddev_tx_amount</span><span class="p">,</span><span class="w"> </span><span class="py">max_tx_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">active_days</span><span class="p">,</span><span class="w"> </span><span class="py">unique_merchants</span><span class="p">,</span><span class="w"> </span><span class="py">device_count</span><span class="p">,</span><span class="w"> </span><span class="py">ip_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">other</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">flagged_connections</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">account_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">tx_count_90d</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">avg_tx_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">stddev_tx_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">max_tx_amount</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">active_days</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">unique_merchants</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">device_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ip_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">flagged_connections</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">tx_count_90d</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">1</span><span class="mf">.0</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="py">NULLIF</span><span class="p">(</span><span class="py">active_days</span><span class="p">,</span><span class="w"> </span><span class="py">0</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">tx_per_active_day</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">max_tx_amount</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="py">NULLIF</span><span class="p">(</span><span class="py">avg_tx_amount</span><span class="p">,</span><span class="w"> </span><span class="py">0</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">amount_volatility</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">flagged_connections</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">100</span><span class="mf">.0</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="py">NULLIF</span><span class="p">(</span><span class="py">device_count</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">ip_count</span><span class="p">,</span><span class="w"> </span><span class="py">0</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">network_risk_ratio</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="graph-neural-network-gnn-fraud-detection" class="position-relative d-flex align-items-center group">
<span>Graph Neural Network (GNN) Fraud Detection</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="graph-neural-network-gnn-fraud-detection"
aria-haspopup="dialog"
aria-label="Share link: Graph Neural Network (GNN) Fraud Detection">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Store</span><span class="w"> </span><span class="py">GNN</span><span class="w"> </span><span class="py">embeddings</span><span class="w"> </span><span class="py">computed</span><span class="w"> </span><span class="py">externally</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">account_id</span><span class="p">:</span><span class="w"> </span><span class="nv">$account_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nc">SET</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">gnn_embedding</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nv">$embedding_vector</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">--</span><span class="w"> </span><span class="py">Query</span><span class="w"> </span><span class="py">using</span><span class="w"> </span><span class="py">learned</span><span class="w"> </span><span class="py">representations</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">suspicious</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">suspicious</span><span class="err">.</span><span class="py">gnn_fraud_score</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="mf">.8</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">Score</span><span class="w"> </span><span class="py">from</span><span class="w"> </span><span class="py">external</span><span class="w"> </span><span class="py">GNN</span><span class="w"> </span><span class="py">model</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">suspicious</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">TRANSACTED_WITH</span><span class="err">*</span><span class="py">1</span><span class="err">.</span><span class="mf">.2</span><span class="p">]</span><span class="err">-</span><span class="p">(</span><span class="py">connected</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">connected</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AVG</span><span class="p">(</span><span class="py">suspicious</span><span class="err">.</span><span class="py">gnn_fraud_score</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">avg_neighbor_fraud_score</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">suspicious</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">suspicious_connections</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">avg_neighbor_fraud_score</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="mf">.6</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">suspicious_connections</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">connected</span><span class="err">.</span><span class="py">account_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">avg_neighbor_fraud_score</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">suspicious_connections</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">'</span><span class="py">GUILT_BY_ASSOCIATION</span><span class="err">'</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">detection_method</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="rule-based-expert-systems" class="position-relative d-flex align-items-center group">
<span>Rule-Based Expert Systems</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="rule-based-expert-systems"
aria-haspopup="dialog"
aria-label="Share link: Rule-Based Expert Systems">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="configurable-fraud-rules-engine" class="position-relative d-flex align-items-center group">
<span>Configurable Fraud Rules Engine</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="configurable-fraud-rules-engine"
aria-haspopup="dialog"
aria-label="Share link: Configurable Fraud Rules Engine">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Define</span><span class="w"> </span><span class="py">fraud</span><span class="w"> </span><span class="py">rules</span><span class="w"> </span><span class="py">as</span><span class="w"> </span><span class="py">data</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">rule</span><span class="p">:</span><span class="nc">FraudRule</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">rule_id</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">RULE_001</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">name</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">High</span><span class="w"> </span><span class="py">Velocity</span><span class="w"> </span><span class="py">Small</span><span class="w"> </span><span class="py">Transactions</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">condition</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">tx_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">20</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">max_amount</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">100</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">time_window_hours</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">1</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">score</span><span class="p">:</span><span class="w"> </span><span class="nc">0</span><span class="mf">.7</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">action</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">BLOCK</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">enabled</span><span class="p">:</span><span class="w"> </span><span class="nc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">rule</span><span class="p">:</span><span class="nc">FraudRule</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">rule_id</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">RULE_002</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">name</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">Geographic</span><span class="w"> </span><span class="py">Impossibility</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">condition</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">distance_km</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">500</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">time_diff_minutes</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">60</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">score</span><span class="p">:</span><span class="w"> </span><span class="nc">0</span><span class="mf">.9</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">action</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">BLOCK</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">enabled</span><span class="p">:</span><span class="w"> </span><span class="nc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">--</span><span class="w"> </span><span class="py">Execute</span><span class="w"> </span><span class="py">rules</span><span class="w"> </span><span class="py">engine</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">tx</span><span class="p">:</span><span class="nc">Transaction</span><span class="w"> </span><span class="p">{</span><span class="py">transaction_id</span><span class="p">:</span><span class="w"> </span><span class="nv">$tx_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nc">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">rule</span><span class="p">:</span><span class="nc">FraudRule</span><span class="w"> </span><span class="p">{</span><span class="py">enabled</span><span class="p">:</span><span class="w"> </span><span class="nc">true</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CALL</span><span class="w"> </span><span class="py">fraud</span><span class="err">.</span><span class="py">evaluate_rule</span><span class="p">(</span><span class="py">tx</span><span class="p">,</span><span class="w"> </span><span class="py">rule</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">YIELD</span><span class="w"> </span><span class="py">matched</span><span class="p">,</span><span class="w"> </span><span class="py">score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">matched</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">tx</span><span class="p">,</span><span class="w"> </span><span class="py">SUM</span><span class="p">(</span><span class="py">score</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_fraud_score</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COLLECT</span><span class="p">(</span><span class="py">rule</span><span class="err">.</span><span class="py">name</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">triggered_rules</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">tx</span><span class="p">,</span><span class="w"> </span><span class="py">total_fraud_score</span><span class="p">,</span><span class="w"> </span><span class="py">triggered_rules</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">CASE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">total_fraud_score</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="mf">.9</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="err">'</span><span class="py">BLOCK</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">total_fraud_score</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="mf">.6</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="err">'</span><span class="py">REVIEW</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">total_fraud_score</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="mf">.3</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="err">'</span><span class="py">FLAG</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="err">'</span><span class="py">APPROVE</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">END</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">decision</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">transaction_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">decision</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">total_fraud_score</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">triggered_rules</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="production-deployment-patterns" class="position-relative d-flex align-items-center group">
<span>Production Deployment Patterns</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="production-deployment-patterns"
aria-haspopup="dialog"
aria-label="Share link: Production Deployment Patterns">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="real-time-fraud-scoring-pipeline" class="position-relative d-flex align-items-center group">
<span>Real-Time Fraud Scoring Pipeline</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="real-time-fraud-scoring-pipeline"
aria-haspopup="dialog"
aria-label="Share link: Real-Time Fraud Scoring Pipeline">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Inline</span><span class="w"> </span><span class="py">transaction</span><span class="w"> </span><span class="py">scoring</span><span class="w"> </span><span class="p">(</span><span class="err"><</span><span class="w"> </span><span class="py">50ms</span><span class="w"> </span><span class="py">latency</span><span class="w"> </span><span class="py">requirement</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">tx</span><span class="p">:</span><span class="nc">PendingTransaction</span><span class="w"> </span><span class="p">{</span><span class="py">transaction_id</span><span class="p">:</span><span class="w"> </span><span class="nv">$tx_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nc">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">:</span><span class="nc">Account</span><span class="w"> </span><span class="p">{</span><span class="py">account_id</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">account_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Parallel</span><span class="w"> </span><span class="py">risk</span><span class="w"> </span><span class="py">checks</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CALL</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">Check</span><span class="w"> </span><span class="py">1</span><span class="p">:</span><span class="w"> </span><span class="nc">Account</span><span class="w"> </span><span class="py">velocity</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">recent</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-></span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">recent</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusHours</span><span class="p">(</span><span class="py">1</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WITH</span><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">recent</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">recent_count</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">RETURN</span><span class="w"> </span><span class="py">CASE</span><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">recent_count</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">10</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">0</span><span class="mf">.3</span><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="py">0</span><span class="mf">.0</span><span class="w"> </span><span class="py">END</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">velocity_risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CALL</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">Check</span><span class="w"> </span><span class="py">2</span><span class="p">:</span><span class="w"> </span><span class="nc">Device</span><span class="w"> </span><span class="py">reputation</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">USES</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">device</span><span class="p">:</span><span class="nc">Device</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WITH</span><span class="w"> </span><span class="py">device</span><span class="err">.</span><span class="py">reputation_score</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">device_rep</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">RETURN</span><span class="w"> </span><span class="py">CASE</span><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">device_rep</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">0</span><span class="mf">.5</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">0</span><span class="mf">.4</span><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="py">0</span><span class="mf">.0</span><span class="w"> </span><span class="py">END</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">device_risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CALL</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WITH</span><span class="w"> </span><span class="py">account</span><span class="p">,</span><span class="w"> </span><span class="py">tx</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">Check</span><span class="w"> </span><span class="py">3</span><span class="p">:</span><span class="w"> </span><span class="nc">Amount</span><span class="w"> </span><span class="py">anomaly</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">hist</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-></span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">hist</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">30</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WITH</span><span class="w"> </span><span class="py">AVG</span><span class="p">(</span><span class="py">hist</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">avg_amount</span><span class="p">,</span><span class="w"> </span><span class="py">STDDEV</span><span class="p">(</span><span class="py">hist</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">stddev_amount</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WITH</span><span class="w"> </span><span class="py">ABS</span><span class="p">(</span><span class="py">tx</span><span class="err">.</span><span class="py">amount</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="py">avg_amount</span><span class="p">)</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="py">NULLIF</span><span class="p">(</span><span class="py">stddev_amount</span><span class="p">,</span><span class="w"> </span><span class="py">0</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">z_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">RETURN</span><span class="w"> </span><span class="py">CASE</span><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">z_score</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">3</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">0</span><span class="mf">.3</span><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="py">0</span><span class="mf">.0</span><span class="w"> </span><span class="py">END</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">amount_risk</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">tx</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">velocity_risk</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">device_risk</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">amount_risk</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">fraud_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">SET</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">fraud_score</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">fraud_score</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">decision</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">CASE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">fraud_score</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="mf">.8</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="err">'</span><span class="py">BLOCK</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">fraud_score</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="mf">.5</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="err">'</span><span class="py">REVIEW</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="err">'</span><span class="py">APPROVE</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">END</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">scored_at</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">transaction_id</span><span class="p">,</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">decision</span><span class="p">,</span><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">fraud_score</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="batch-fraud-sweep-dailyweekly" class="position-relative d-flex align-items-center group">
<span>Batch Fraud Sweep (Daily/Weekly)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="batch-fraud-sweep-dailyweekly"
aria-haspopup="dialog"
aria-label="Share link: Batch Fraud Sweep (Daily/Weekly)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Comprehensive</span><span class="w"> </span><span class="py">fraud</span><span class="w"> </span><span class="py">analysis</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">all</span><span class="w"> </span><span class="py">accounts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">last_fraud_check</span><span class="w"> </span><span class="err"><</span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">1</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CALL</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WITH</span><span class="w"> </span><span class="py">a</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="py">Run</span><span class="w"> </span><span class="py">full</span><span class="w"> </span><span class="py">suite</span><span class="w"> </span><span class="py">of</span><span class="w"> </span><span class="py">checks</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">CALL</span><span class="w"> </span><span class="py">fraud</span><span class="err">.</span><span class="py">check_network_anomalies</span><span class="p">(</span><span class="py">a</span><span class="p">)</span><span class="w"> </span><span class="py">YIELD</span><span class="w"> </span><span class="py">network_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">CALL</span><span class="w"> </span><span class="py">fraud</span><span class="err">.</span><span class="py">check_behavioral_patterns</span><span class="p">(</span><span class="py">a</span><span class="p">)</span><span class="w"> </span><span class="py">YIELD</span><span class="w"> </span><span class="py">behavior_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">CALL</span><span class="w"> </span><span class="py">fraud</span><span class="err">.</span><span class="py">check_transaction_patterns</span><span class="p">(</span><span class="py">a</span><span class="p">)</span><span class="w"> </span><span class="py">YIELD</span><span class="w"> </span><span class="py">transaction_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WITH</span><span class="w"> </span><span class="py">network_score</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">behavior_score</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">transaction_score</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">total_score</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">0</span><span class="mf">.6</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SET</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">fraud_risk_score</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">total_score</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">last_fraud_check</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">datetime</span><span class="p">(),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">requires_review</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">RETURN</span><span class="w"> </span><span class="py">a</span><span class="err">.</span><span class="py">account_id</span><span class="p">,</span><span class="w"> </span><span class="py">total_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">TRANSACTIONS</span><span class="w"> </span><span class="py">OF</span><span class="w"> </span><span class="py">10000</span><span class="w"> </span><span class="py">ROWS</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="err">*</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">accounts_flagged</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="feedback-loop-and-model-retraining" class="position-relative d-flex align-items-center group">
<span>Feedback Loop and Model Retraining</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="feedback-loop-and-model-retraining"
aria-haspopup="dialog"
aria-label="Share link: Feedback Loop and Model Retraining">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Collect</span><span class="w"> </span><span class="py">feedback</span><span class="w"> </span><span class="py">from</span><span class="w"> </span><span class="py">fraud</span><span class="w"> </span><span class="py">analysts</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">tx</span><span class="p">:</span><span class="nc">Transaction</span><span class="w"> </span><span class="p">{</span><span class="py">flagged</span><span class="p">:</span><span class="w"> </span><span class="nc">true</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">review</span><span class="p">:</span><span class="nc">FraudReview</span><span class="w"> </span><span class="p">{</span><span class="py">transaction_id</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">transaction_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">review</span><span class="err">.</span><span class="py">analyst_decision</span><span class="w"> </span><span class="py">IS</span><span class="w"> </span><span class="py">NOT</span><span class="w"> </span><span class="py">NULL</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">tx</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">review</span><span class="err">.</span><span class="py">analyst_decision</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">true_label</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">'</span><span class="py">FRAUD</span><span class="err">'</span><span class="w"> </span><span class="py">or</span><span class="w"> </span><span class="err">'</span><span class="py">LEGITIMATE</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">tx</span><span class="err">.</span><span class="py">fraud_score</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">predicted_score</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">COLLECT</span><span class="p">({</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">transaction_id</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">transaction_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">features</span><span class="p">:</span><span class="w"> </span><span class="nc">tx</span><span class="err">.</span><span class="py">features</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">predicted_score</span><span class="p">:</span><span class="w"> </span><span class="nc">predicted_score</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">true_label</span><span class="p">:</span><span class="w"> </span><span class="nc">true_label</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">training_data</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">//</span><span class="w"> </span><span class="py">Export</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">model</span><span class="w"> </span><span class="py">retraining</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">training_data</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">--</span><span class="w"> </span><span class="py">Track</span><span class="w"> </span><span class="py">model</span><span class="w"> </span><span class="py">performance</span><span class="w"> </span><span class="py">metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="p">[</span><span class="py">review</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">fraud_reviews</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">review</span><span class="err">.</span><span class="py">created_at</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">30</span><span class="p">)]</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">reviews</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">SIZE</span><span class="p">([</span><span class="py">r</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">reviews</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">r</span><span class="err">.</span><span class="py">predicted</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">FRAUD</span><span class="err">'</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">r</span><span class="err">.</span><span class="py">actual</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">FRAUD</span><span class="err">'</span><span class="p">])</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">true_positives</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SIZE</span><span class="p">([</span><span class="py">r</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">reviews</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">r</span><span class="err">.</span><span class="py">predicted</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">FRAUD</span><span class="err">'</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">r</span><span class="err">.</span><span class="py">actual</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">LEGITIMATE</span><span class="err">'</span><span class="p">])</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">false_positives</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SIZE</span><span class="p">([</span><span class="py">r</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">reviews</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">r</span><span class="err">.</span><span class="py">predicted</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">LEGITIMATE</span><span class="err">'</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">r</span><span class="err">.</span><span class="py">actual</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">FRAUD</span><span class="err">'</span><span class="p">])</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">false_negatives</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SIZE</span><span class="p">([</span><span class="py">r</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="py">reviews</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">r</span><span class="err">.</span><span class="py">predicted</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">LEGITIMATE</span><span class="err">'</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">r</span><span class="err">.</span><span class="py">actual</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">LEGITIMATE</span><span class="err">'</span><span class="p">])</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">true_negatives</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">true_positives</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">1</span><span class="mf">.0</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="p">(</span><span class="py">true_positives</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">false_positives</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">precision</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">true_positives</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">1</span><span class="mf">.0</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="p">(</span><span class="py">true_positives</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">false_negatives</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">recall</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">2</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">precision</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="py">recall</span><span class="w"> </span><span class="err">/</span><span class="w"> </span><span class="p">(</span><span class="py">precision</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">recall</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">f1_score</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="compliance-and-regulatory-requirements" class="position-relative d-flex align-items-center group">
<span>Compliance and Regulatory Requirements</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="compliance-and-regulatory-requirements"
aria-haspopup="dialog"
aria-label="Share link: Compliance and Regulatory Requirements">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="amlkyc-transaction-monitoring" class="position-relative d-flex align-items-center group">
<span>AML/KYC Transaction Monitoring</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="amlkyc-transaction-monitoring"
aria-haspopup="dialog"
aria-label="Share link: AML/KYC Transaction Monitoring">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Monitor</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">suspicious</span><span class="w"> </span><span class="py">activity</span><span class="w"> </span><span class="py">reports</span><span class="w"> </span><span class="p">(</span><span class="py">SARs</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">a</span><span class="p">:</span><span class="nc">Account</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">t</span><span class="p">:</span><span class="nc">TRANSACTION</span><span class="p">]</span><span class="err">-></span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">timestamp</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">datetime</span><span class="p">()</span><span class="err">.</span><span class="py">minusDays</span><span class="p">(</span><span class="py">30</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">a</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SUM</span><span class="p">(</span><span class="py">CASE</span><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">amount</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">10000</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">1</span><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="py">0</span><span class="w"> </span><span class="py">END</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">large_tx_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SUM</span><span class="p">(</span><span class="py">CASE</span><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">amount</span><span class="w"> </span><span class="py">BETWEEN</span><span class="w"> </span><span class="py">9000</span><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">9999</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="py">1</span><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="py">0</span><span class="w"> </span><span class="py">END</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">structuring_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">COUNT</span><span class="p">(</span><span class="py">DISTINCT</span><span class="w"> </span><span class="py">t</span><span class="err">.</span><span class="py">destination_country</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">international_countries</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">SUM</span><span class="p">(</span><span class="py">t</span><span class="err">.</span><span class="py">amount</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">total_volume</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">large_tx_count</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">structuring_count</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">international_countries</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">total_volume</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">100000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WITH</span><span class="w"> </span><span class="py">a</span><span class="p">,</span><span class="w"> </span><span class="py">large_tx_count</span><span class="p">,</span><span class="w"> </span><span class="py">structuring_count</span><span class="p">,</span><span class="w"> </span><span class="py">international_countries</span><span class="p">,</span><span class="w"> </span><span class="py">total_volume</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">CASE</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">structuring_count</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">3</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="err">'</span><span class="py">STRUCTURING</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">large_tx_count</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">10</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="err">'</span><span class="py">HIGH_VOLUME</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WHEN</span><span class="w"> </span><span class="py">international_countries</span><span class="w"> </span><span class="err">></span><span class="p">=</span><span class="w"> </span><span class="py">15</span><span class="w"> </span><span class="py">THEN</span><span class="w"> </span><span class="err">'</span><span class="py">INTERNATIONAL_SUSPICIOUS</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ELSE</span><span class="w"> </span><span class="err">'</span><span class="py">REVIEW_REQUIRED</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">END</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">sar_reason</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">sar</span><span class="p">:</span><span class="nc">SuspiciousActivityReport</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">sar_id</span><span class="p">:</span><span class="w"> </span><span class="nc">uuid</span><span class="p">(),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">account_id</span><span class="p">:</span><span class="w"> </span><span class="nc">a</span><span class="err">.</span><span class="py">account_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">reason</span><span class="p">:</span><span class="w"> </span><span class="nc">sar_reason</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">large_tx_count</span><span class="p">:</span><span class="w"> </span><span class="nc">large_tx_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">structuring_count</span><span class="p">:</span><span class="w"> </span><span class="nc">structuring_count</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">international_countries</span><span class="p">:</span><span class="w"> </span><span class="nc">international_countries</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">total_volume</span><span class="p">:</span><span class="w"> </span><span class="nc">total_volume</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">created_at</span><span class="p">:</span><span class="w"> </span><span class="nc">datetime</span><span class="p">(),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">status</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">PENDING_REVIEW</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="best-practices-1" class="position-relative d-flex align-items-center group">
<span>Best Practices</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="best-practices-1"
aria-haspopup="dialog"
aria-label="Share link: Best Practices">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><ol>
<li><strong>Multi-Layered Defense</strong>: Combine rule-based, statistical, and ML approaches</li>
<li><strong>Real-Time + Batch</strong>: Inline scoring for authorization, deep analysis offline</li>
<li><strong>Low Latency</strong>: Target < 50ms for real-time fraud checks</li>
<li><strong>Explainability</strong>: Always provide reason codes for fraud decisions</li>
<li><strong>Feedback Loops</strong>: Collect analyst decisions to improve models</li>
<li><strong>False Positive Management</strong>: Balance security with user experience</li>
<li><strong>Privacy</strong>: Anonymize data in analytics, log access to sensitive information</li>
<li><strong>Monitoring</strong>: Track precision, recall, F1-score, and false positive rates</li>
<li><strong>Adaptive Thresholds</strong>: Adjust sensitivity based on risk appetite and trends</li>
<li><strong>Cross-Channel</strong>: Detect fraud across web, mobile, API, and physical channels</li>
</ol>
<h3 id="further-reading" class="position-relative d-flex align-items-center group">
<span>Further Reading</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="further-reading"
aria-haspopup="dialog"
aria-label="Share link: Further Reading">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><ul>
<li><strong>Fraud Detection</strong>: Graph-Based Approaches for Financial Crime</li>
<li><strong>Money Laundering Detection</strong>: Layering, Structuring, and Integration Patterns</li>
<li><strong>Machine Learning for Fraud</strong>: GNNs, Autoencoders, and Ensemble Methods</li>
<li><strong>Real-Time Scoring</strong>: Low-Latency Architectures and Optimization</li>
<li><strong>AML/KYC Compliance</strong>: Regulatory Requirements and Implementation</li>
<li><strong>Identity Fraud</strong>: Synthetic Identities and Account Takeover Detection</li>
<li><strong>Payment Fraud</strong>: Card-Not-Present, Card Testing, and Authorization Fraud</li>
</ul>
<p>Browse the tagged content below for comprehensive fraud detection documentation and case studies.</p>
Tag
2 articles
Fraud Detection
Build fraud detection systems with Geode graph database. Detect fraud rings, money laundering, identity theft, and suspicious patterns using GQL graph queries and real-time anomaly detection.