Fraud Detection

Detect financial fraud by unifying four detection signals in a single multi-model database: graph traversal exposes organized fraud rings through shared identifier patterns such as devices, phones, and addresses; vector similarity flags behavioral anomalies using vectorCosineSimilarity() on transaction embeddings; time-series analysis catches velocity attacks through temporal transaction patterns; and document queries resolve synthetic identities by detecting duplicate SSNs.

Architecture Overview

Vertices

Account, Customer, Device, Phone, Address, Email, Beneficiary, Transaction

Edges

USES_DEVICE, HAS_PHONE, HAS_ADDRESS, HAS_EMAIL, TRANSFERRED_TO, BENEFICIARY_OF

Accounts and customers connect through shared devices, phones, and addresses. Overlapping identifiers reveal fraud rings. Customers carry profile_embedding vectors and transactions carry behavior_embedding vectors for anomaly detection.

Key Queries

Fraud Ring Detection — Identify accounts sharing devices or phones:

MATCH (a1:Account)-[:USES_DEVICE]->(d:Device)<-[:USES_DEVICE]-(a2:Account)
WHERE a1 <> a2
RETURN a1.name, a2.name, d.deviceId AS sharedDevice

Synthetic Identity Detection — Find accounts sharing SSNs:

SELECT a1.name, a2.name, a1.ssn
FROM Account a1, Account a2
WHERE a1.ssn = a2.ssn AND a1 != a2

Behavioral Anomaly Detection — Compare transaction embeddings against baselines:

SELECT name, vectorCosineSimilarity(behavior_embedding, [0.1, 0.9, 0.1, 0.8]) AS similarity
FROM Transaction
WHERE vectorCosineSimilarity(behavior_embedding, [0.1, 0.9, 0.1, 0.8]) < 0.7

Try It Yourself

git clone https://github.com/ArcadeData/arcadedb-usecases.git
cd arcadedb-usecases/fraud-detection
docker compose up -d
./setup.sh
./queries/queries.sh

Full source: fraud-detection on GitHub