SlideShare a Scribd company logo
1 of 57
Download to read offline
Fraud Analysis with Neo4j
GraphTalk Stockholm
Oct 22, 2019
Dr. Jesús Barrasa Neo4j @BarrasaDV
May 2016…
...11.5M documents, 2.6 TB!
GraphTalk Stockholm - Fraud Detection with Graphs
May 2016…
https://offshoreleaks.icij.org/pages/database
GraphTalk Stockholm - Fraud Detection with Graphs
What did we learn from the Panama Papers?
Look at this dataset
Swap glasses
Look at the dataset again
GraphTalk Stockholm - Fraud Detection with Graphs
Do I have a graph problem?
Law of the instrument (of the
hammer) : cognitive bias that
involves an over-reliance on a
familiar tool.
A.Maslow 1966
Did Google have a graph problem back in the
early 2000s?
I’d say it was an information retrieval problem
nd so, my fellow graphistas: ask not
whether you have a graph problem - instead, look
at your problem with a graph thinking mindset”
J. Barrasa - Graph Connect Europe 2017
“A
Example 1: Credit card fraud origination and
assessment of potential impact
GraphTalk Stockholm - Fraud Detection with Graphs
Mark
Robert
Sheila
Kate
GraphTalk Stockholm - Fraud Detection with Graphs
GraphTalk Stockholm - Fraud Detection with Graphs
WITH { amount: 2.50, currency:"USD", txid:"05015244006",
mid:"5073047", tid:"5073440-7", timestamp:1490060618007,
cardno:"5224654370862586050" } AS newTxData
MATCH (lastTx:Transaction { cardno: newTxData.cardno })
WHERE NOT (lastTx)-[:NEXT]->()
CREATE (newTx:Transaction) SET newTx += newTxData
CREATE (lastTx)-[:NEXT]->(newTx)
WITH newTx, newTxData
MERGE (term:Terminal { tid: newTxData.tid})
CREATE (newTx)-[:IN_TERMINAL]->(term)
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Transactions
WITH { amount: 2.50, currency:"USD", txid:"05015244006",
mid:"5073047", tid:"5073440-7", timestamp:1490060618007,
cardno:"5224654370862586050" } AS newTxData
MATCH (lastTx:Transaction { cardno: newTxData.cardno })
WHERE NOT (lastTx)-[:NEXT]->()
CREATE (newTx:Transaction) SET newTx += newTxData
CREATE (lastTx)-[:NEXT]->(newTx)
WITH newTx, newTxData
MERGE (term:Terminal { tid: newTxData.tid})
CREATE (newTx)-[:IN_TERMINAL]->(term)
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Transactions
WITH { amount: 2.50, currency:"USD", txid:"05015244006",
mid:"5073047", tid:"5073440-7", timestamp:1490060618007,
cardno:"5224654370862586050" } AS newTxData
MATCH (lastTx:Transaction { cardno: newTxData.cardno })
WHERE NOT (lastTx)-[:NEXT]->()
CREATE (newTx:Transaction) SET newTx += newTxData
CREATE (lastTx)-[:NEXT]->(newTx)
WITH newTx, newTxData
MERGE (term:Terminal { tid: newTxData.tid})
CREATE (newTx)-[:IN_TERMINAL]->(term)
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Transactions
WITH { amount: 2.50, currency:"USD", txid:"05015244006",
mid:"5073047", tid:"5073440-7", timestamp:1490060618007,
cardno:"5224654370862586050" } AS newTxData
MATCH (lastTx:Transaction { cardno: newTxData.cardno })
WHERE NOT (lastTx)-[:NEXT]->()
CREATE (newTx:Transaction) SET newTx += newTxData
CREATE (lastTx)-[:NEXT]->(newTx)
WITH newTx, newTxData
MERGE (term:Terminal { tid: newTxData.tid})
CREATE (newTx)-[:IN_TERMINAL]->(term)
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Transactions
GraphTalk Stockholm - Fraud Detection with Graphs
WITH { txid:"0501524400006"} AS unrecognizedTx
MATCH (tx:Transaction { txid: unrecognizedTx.txid })
SET tx:FraudTx
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Reported fraud
WITH { txid:"0501524400006"} AS unrecognizedTx
MATCH (tx:Transaction { txid: unrecognizedTx.txid })
SET tx:FraudTx
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Reported fraud
WITH { txid:"0501524400006"} AS unrecognizedTx
MATCH (tx:Transaction { txid: unrecognizedTx.txid })
SET tx:FraudTx
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Reported fraud
WITH { txid:"0501524400006"} AS unrecognizedTx
MATCH (tx:Transaction { txid: unrecognizedTx.txid })
SET tx:FraudTx
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Reported fraud
GraphTalk Stockholm - Fraud Detection with Graphs
MATCH (term:Terminal)<-[:IN_TERMINAL]-(t)-[n:NEXT*]->(:FraudTx)
WITH term , count(distinct t.cardno) as ct,
min(t.timestamp) as mindate, max(t.timestamp) as maxdate
WHERE ct > 1
MATCH (term)<-[:IN_TERMINAL]-(otherTx)
WHERE otherTx.timestamp < maxdate and otherTx.timestamp > mindate
RETURN term.tid AS terminal,mindate,maxdate,
100 * ct / COUNT(DISTINCT otherTx.cardno) AS impact,
(maxdate - mindate)/(24*3600000) as timewindow
ORDER BY impact DESC, timewindow DESC
Query: Fraud origination at terminal level
MATCH (term:Terminal)<-[:IN_TERMINAL]-(t)-[n:NEXT*]->(:FraudTx)
WITH term , count(distinct t.cardno) as ct,
min(t.timestamp) as mindate, max(t.timestamp) as maxdate
WHERE ct > 1
MATCH (term)<-[:IN_TERMINAL]-(otherTx)
WHERE otherTx.timestamp < maxdate and otherTx.timestamp > mindate
RETURN term.tid AS terminal,mindate,maxdate,
100 * ct / COUNT(DISTINCT otherTx.cardno) AS impact,
(maxdate - mindate)/(24*3600000) as timewindow
ORDER BY impact DESC, timewindow DESC
Query: Fraud origination at terminal level
MATCH (term:Terminal)<-[:IN_TERMINAL]-(t)-[n:NEXT*]->(:FraudTx)
WITH term , count(distinct t.cardno) as ct,
min(t.timestamp) as mindate, max(t.timestamp) as maxdate
WHERE ct > 1
MATCH (term)<-[:IN_TERMINAL]-(otherTx)
WHERE otherTx.timestamp < maxdate and otherTx.timestamp > mindate
RETURN term.tid AS terminal,mindate,maxdate,
100 * ct / COUNT(DISTINCT otherTx.cardno) AS impact,
(maxdate - mindate)/(24*3600000) as timewindow
ORDER BY impact DESC, timewindow DESC
Query: Fraud origination at terminal level
MATCH (term:Terminal)<-[:IN_TERMINAL]-(t)-[n:NEXT*]->(:FraudTx)
WITH term , count(distinct t.cardno) as ct,
min(t.timestamp) as mindate, max(t.timestamp) as maxdate
WHERE ct > 1
MATCH (term)<-[:IN_TERMINAL]-(otherTx)
WHERE otherTx.timestamp < maxdate and otherTx.timestamp > mindate
RETURN term.tid AS terminal,mindate,maxdate,
100 * ct / COUNT(DISTINCT otherTx.cardno) AS impact,
(maxdate - mindate)/(24*3600000) as timewindow
ORDER BY impact DESC, timewindow DESC
Query: Fraud origination at terminal level
Query: Fraud origination at terminal level
WITH { tid : '2373743-7', from: 1487340089000, to:
1488039852000 } AS compTerm
MATCH (term:Terminal { tid: compTerm.tid} )<-[:IN_TERMINAL]-(t)
WHERE NOT (t)-[:NEXT*]->(:FraudTx)
AND t.timestamp > compTerm.from
AND t.timestamp < compTerm.to
RETURN distinct t.cardno AS cardAtRisk
Query: Proactive prevention
WITH { tid : '2373743-7', from: 1487340089000, to:
1488039852000 } AS compTerm
MATCH (term:Terminal { tid: compTerm.tid} )<-[:IN_TERMINAL]-(t)
WHERE NOT (t)-[:NEXT*]->(:FraudTx)
AND t.timestamp > compTerm.from
AND t.timestamp < compTerm.to
RETURN distinct t.cardno AS cardAtRisk
Query: Proactive prevention
WITH { tid : '2373743-7', from: 1487340089000, to:
1488039852000 } AS compTerm
MATCH (term:Terminal { tid: compTerm.tid} )<-[:IN_TERMINAL]-(t)
WHERE NOT (t)-[:NEXT*]->(:FraudTx)
AND t.timestamp > compTerm.from
AND t.timestamp < compTerm.to
RETURN distinct t.cardno AS cardAtRisk
Query: Proactive prevention
Query: Proactive prevention
Why graph native matters
DB#1
1027910 nodes
4017217 relationships
10044420 properties
DB#2
509451186 nodes
1008977685 relationships
3551517114 properties
Fraud origination at terminal level 93ms 104 ms
Fraud origination at merchant level 102ms 116 ms
Proactive prevention 11ms 12 ms
Example 1: Credit card fraud origination and
assessment of potential impact
Example 2: Referral program fraud
The flatmates
<-[:INVITES]------
<-[:INVITES]------------
-----[:TRANSFER{amount:200}]->
<-[:INVITES]-
-------------[:TRANSFER{amount:200}]->
-[:TRANSFER{amount:200}]->
timestamp ,from,to ,amnt ,transferid
1492194035,3316,3606,33.52,f4d21fed-a307-4
1493759810,2693,3886,1655.53,8d060469-f363
1493889115,2229,3557,2725.36,f32b20de-f227
1493946497,3877,2343,672.9,064b98fb-5395-4
1493413944,2360,3358,78.68,d87308f4-508b-4
1491524249,3472,3490,1894.58,3e9bdf77-06be
1492912151,3576,3196,3335.02,d3a50a83-329a
1491846100,3717,2269,3891.62,3fc0f2d6-57c4
1492268780,2656,3527,1809.7,cbc16b4f-b95e-
1493420085,2873,3749,2960.73,4fbf48b8-7501
1492236572,2223,3120,2973.38,1e5b95e7-4e86
1492735617,2318,2820,36.04,c07bc1cd-8970-4
MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER]->(u)
WHERE t.timestamp - i.timestamp < 15*24*3600000 AND
t.amount < 210 AND t.amount > 199 AND
size((x)-[:TRANSFER]-())=1
RETURN p
MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER]->(u)
WHERE t.timestamp - i.timestamp < 15*24*3600000 AND
t.amount < 210 AND t.amount > 199 AND
size((x)-[:TRANSFER]-())=1
RETURN p
MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER]->(u)
WHERE t.timestamp - i.timestamp < 15*24*3600000 AND
t.amount < 210 AND t.amount > 199 AND
size((x)-[:TRANSFER]-())=1
RETURN p
GraphTalk Stockholm - Fraud Detection with Graphs
Fraudsters got more and more sophisticated...
<-[:INVITES]--
--[:INVITES]->
---[:INVITES]->
-[:TRANSFER]->
-[:TRANSFER]->
<-[:TRANSFER]---
But cypher beat them all!
MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER*3..]->(u)
WHERE all(r IN relationships(p) WHERE type(r) <>'TRANSFER' OR
(r.timestamp - i.timestamp < 15*24*3600000 AND
r.amount < 210 AND r.amount > 199)) AND
all(n IN nodes(p) WHERE n=u or size((n)-[:TRANSFER]->())=1)
RETURN p
But cypher beat them all!
MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER*3..]->(u)
WHERE all(r IN relationships(p) WHERE type(r) <>'TRANSFER' OR
(r.timestamp - i.timestamp < 15*24*3600000 AND
r.amount < 210 AND r.amount > 199)) AND
all(n IN nodes(p) WHERE n=u or size((n)-[:TRANSFER]->())=1)
RETURN p
and *3.. detects chains of any length!
But cypher beat them all!
MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER*3..]->(u)
WHERE all(r IN relationships(p) WHERE type(r) <>'TRANSFER' OR
(r.timestamp - i.timestamp < 15*24*3600000 AND
r.amount < 210 AND r.amount > 199)) AND
all(n IN nodes(p) WHERE n=u or size((n)-[:TRANSFER]->())=1)
RETURN p
GraphTalk Stockholm - Fraud Detection with Graphs
I could go on with more variants the pattern...
<-[:INVITES]-
--[:INVITES]->---[:INVITES]->
-[:TRANSFER]->
-[:TRANSFER]->
-[:TRANSFER]->
MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER*3..]->()
Example 2: Referral program fraud
Three takeaways
Graph thinking
Graph native matters
Graphs rock! Enjoy the rest of the day!
Tack!

More Related Content

What's hot

MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...MongoDB
 
MongoDB .local Houston 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Houston 2019: Using Client Side Encryption in MongoDB 4.2MongoDB .local Houston 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Houston 2019: Using Client Side Encryption in MongoDB 4.2MongoDB
 
apidays LIVE New York - WT* is JWT? by Maciej Treder
apidays LIVE New York -  WT* is JWT? by Maciej Trederapidays LIVE New York -  WT* is JWT? by Maciej Treder
apidays LIVE New York - WT* is JWT? by Maciej Trederapidays
 
How to leverage what's new in MongoDB 3.6
How to leverage what's new in MongoDB 3.6How to leverage what's new in MongoDB 3.6
How to leverage what's new in MongoDB 3.6Maxime Beugnet
 
Common Browser Hijacking Methods
Common Browser Hijacking MethodsCommon Browser Hijacking Methods
Common Browser Hijacking MethodsDavid Barroso
 
MongoDB dla administratora
MongoDB dla administratora MongoDB dla administratora
MongoDB dla administratora 3camp
 
Meetup Analytics with R and Neo4j
Meetup Analytics with R and Neo4jMeetup Analytics with R and Neo4j
Meetup Analytics with R and Neo4jNeo4j
 
Every Click Counts (But All the Money Goes to Me)
Every Click Counts (But All the Money Goes to Me)Every Click Counts (But All the Money Goes to Me)
Every Click Counts (But All the Money Goes to Me)Avast
 
SITCON 雲林定期聚 #1
SITCON 雲林定期聚 #1SITCON 雲林定期聚 #1
SITCON 雲林定期聚 #1Ting-You Xu
 
MongoDB Performance Tuning
MongoDB Performance TuningMongoDB Performance Tuning
MongoDB Performance TuningPuneet Behl
 

What's hot (11)

MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
 
MongoDB .local Houston 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Houston 2019: Using Client Side Encryption in MongoDB 4.2MongoDB .local Houston 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Houston 2019: Using Client Side Encryption in MongoDB 4.2
 
apidays LIVE New York - WT* is JWT? by Maciej Treder
apidays LIVE New York -  WT* is JWT? by Maciej Trederapidays LIVE New York -  WT* is JWT? by Maciej Treder
apidays LIVE New York - WT* is JWT? by Maciej Treder
 
How to leverage what's new in MongoDB 3.6
How to leverage what's new in MongoDB 3.6How to leverage what's new in MongoDB 3.6
How to leverage what's new in MongoDB 3.6
 
Common Browser Hijacking Methods
Common Browser Hijacking MethodsCommon Browser Hijacking Methods
Common Browser Hijacking Methods
 
Mongo db presentation
Mongo db presentationMongo db presentation
Mongo db presentation
 
MongoDB dla administratora
MongoDB dla administratora MongoDB dla administratora
MongoDB dla administratora
 
Meetup Analytics with R and Neo4j
Meetup Analytics with R and Neo4jMeetup Analytics with R and Neo4j
Meetup Analytics with R and Neo4j
 
Every Click Counts (But All the Money Goes to Me)
Every Click Counts (But All the Money Goes to Me)Every Click Counts (But All the Money Goes to Me)
Every Click Counts (But All the Money Goes to Me)
 
SITCON 雲林定期聚 #1
SITCON 雲林定期聚 #1SITCON 雲林定期聚 #1
SITCON 雲林定期聚 #1
 
MongoDB Performance Tuning
MongoDB Performance TuningMongoDB Performance Tuning
MongoDB Performance Tuning
 

Similar to GraphTalk Stockholm - Fraud Detection with Graphs

Next Generation Solutions with Neo4j
Next Generation Solutions with Neo4jNext Generation Solutions with Neo4j
Next Generation Solutions with Neo4jNeo4j
 
The intersection of business rules and big data.
The intersection of business rules and big data.The intersection of business rules and big data.
The intersection of business rules and big data.Anurag Saran
 
MongoDB for Time Series Data Part 2: Analyzing Time Series Data Using the Agg...
MongoDB for Time Series Data Part 2: Analyzing Time Series Data Using the Agg...MongoDB for Time Series Data Part 2: Analyzing Time Series Data Using the Agg...
MongoDB for Time Series Data Part 2: Analyzing Time Series Data Using the Agg...MongoDB
 
NLP in the Deep Learning Era: the story so far
NLP in the Deep Learning Era: the story so farNLP in the Deep Learning Era: the story so far
NLP in the Deep Learning Era: the story so farIlias Chalkidis
 
From Bits to Bitcoin, Presented by Marshall Swatt Mar 2016
From Bits to Bitcoin, Presented by Marshall Swatt Mar 2016From Bits to Bitcoin, Presented by Marshall Swatt Mar 2016
From Bits to Bitcoin, Presented by Marshall Swatt Mar 2016Marshall Swatt
 
Using R for Building a Simple and Effective Dashboard
Using R for Building a Simple and Effective DashboardUsing R for Building a Simple and Effective Dashboard
Using R for Building a Simple and Effective DashboardAndrea Gigli
 
Work in TDW
Work in TDWWork in TDW
Work in TDWsaso70
 
Measurements in Cryptocurrency Networks
Measurements in Cryptocurrency NetworksMeasurements in Cryptocurrency Networks
Measurements in Cryptocurrency NetworksBernhard Haslhofer
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeWim Godden
 
Small pieces loosely joined
Small pieces loosely joinedSmall pieces loosely joined
Small pieces loosely joinedennui2342
 
Fraud Detection in Real-time @ Apache Big Data con
Fraud Detection in Real-time @ Apache Big Data conFraud Detection in Real-time @ Apache Big Data con
Fraud Detection in Real-time @ Apache Big Data conSeshika Fernando
 
Fraud Detection in Real-time @ Apache Big Data Con
Fraud Detection in Real-time @ Apache Big Data ConFraud Detection in Real-time @ Apache Big Data Con
Fraud Detection in Real-time @ Apache Big Data ConSeshika Fernando
 
BCHGraz - Meetup #16 - Blockchain Real Life Usecases - Dr. Peter Teufl
BCHGraz - Meetup #16 - Blockchain Real Life Usecases - Dr. Peter TeuflBCHGraz - Meetup #16 - Blockchain Real Life Usecases - Dr. Peter Teufl
BCHGraz - Meetup #16 - Blockchain Real Life Usecases - Dr. Peter TeuflBlockchainHub Graz
 
Fraud Detection and Neo4j
Fraud Detection and Neo4j Fraud Detection and Neo4j
Fraud Detection and Neo4j Max De Marzi
 

Similar to GraphTalk Stockholm - Fraud Detection with Graphs (20)

Next Generation Solutions with Neo4j
Next Generation Solutions with Neo4jNext Generation Solutions with Neo4j
Next Generation Solutions with Neo4j
 
The intersection of business rules and big data.
The intersection of business rules and big data.The intersection of business rules and big data.
The intersection of business rules and big data.
 
MongoDB for Time Series Data Part 2: Analyzing Time Series Data Using the Agg...
MongoDB for Time Series Data Part 2: Analyzing Time Series Data Using the Agg...MongoDB for Time Series Data Part 2: Analyzing Time Series Data Using the Agg...
MongoDB for Time Series Data Part 2: Analyzing Time Series Data Using the Agg...
 
NLP in the Deep Learning Era: the story so far
NLP in the Deep Learning Era: the story so farNLP in the Deep Learning Era: the story so far
NLP in the Deep Learning Era: the story so far
 
From Bits to Bitcoin, Presented by Marshall Swatt Mar 2016
From Bits to Bitcoin, Presented by Marshall Swatt Mar 2016From Bits to Bitcoin, Presented by Marshall Swatt Mar 2016
From Bits to Bitcoin, Presented by Marshall Swatt Mar 2016
 
Using R for Building a Simple and Effective Dashboard
Using R for Building a Simple and Effective DashboardUsing R for Building a Simple and Effective Dashboard
Using R for Building a Simple and Effective Dashboard
 
Work in TDW
Work in TDWWork in TDW
Work in TDW
 
RCEC Email 3.5.03
RCEC Email 3.5.03RCEC Email 3.5.03
RCEC Email 3.5.03
 
Measurements in Cryptocurrency Networks
Measurements in Cryptocurrency NetworksMeasurements in Cryptocurrency Networks
Measurements in Cryptocurrency Networks
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the code
 
Serverless stateful
Serverless statefulServerless stateful
Serverless stateful
 
Bash tricks
Bash tricksBash tricks
Bash tricks
 
Small pieces loosely joined
Small pieces loosely joinedSmall pieces loosely joined
Small pieces loosely joined
 
~Ns2~
~Ns2~~Ns2~
~Ns2~
 
WSO2 Complex Event Processor
WSO2 Complex Event ProcessorWSO2 Complex Event Processor
WSO2 Complex Event Processor
 
Log mining
Log miningLog mining
Log mining
 
Fraud Detection in Real-time @ Apache Big Data con
Fraud Detection in Real-time @ Apache Big Data conFraud Detection in Real-time @ Apache Big Data con
Fraud Detection in Real-time @ Apache Big Data con
 
Fraud Detection in Real-time @ Apache Big Data Con
Fraud Detection in Real-time @ Apache Big Data ConFraud Detection in Real-time @ Apache Big Data Con
Fraud Detection in Real-time @ Apache Big Data Con
 
BCHGraz - Meetup #16 - Blockchain Real Life Usecases - Dr. Peter Teufl
BCHGraz - Meetup #16 - Blockchain Real Life Usecases - Dr. Peter TeuflBCHGraz - Meetup #16 - Blockchain Real Life Usecases - Dr. Peter Teufl
BCHGraz - Meetup #16 - Blockchain Real Life Usecases - Dr. Peter Teufl
 
Fraud Detection and Neo4j
Fraud Detection and Neo4j Fraud Detection and Neo4j
Fraud Detection and Neo4j
 

More from Neo4j

Webinar - IA generativa e grafi Neo4j: RAG time!
Webinar - IA generativa e grafi Neo4j: RAG time!Webinar - IA generativa e grafi Neo4j: RAG time!
Webinar - IA generativa e grafi Neo4j: RAG time!Neo4j
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeNeo4j
 
Neo4j: Data Engineering for RAG (retrieval augmented generation)
Neo4j: Data Engineering for RAG (retrieval augmented generation)Neo4j: Data Engineering for RAG (retrieval augmented generation)
Neo4j: Data Engineering for RAG (retrieval augmented generation)Neo4j
 
Neo4j Graph Summit 2024 Workshop - EMEA - Breda_and_Munchen.pdf
Neo4j Graph Summit 2024 Workshop - EMEA - Breda_and_Munchen.pdfNeo4j Graph Summit 2024 Workshop - EMEA - Breda_and_Munchen.pdf
Neo4j Graph Summit 2024 Workshop - EMEA - Breda_and_Munchen.pdfNeo4j
 
Enabling GenAI Breakthroughs with Knowledge Graphs
Enabling GenAI Breakthroughs with Knowledge GraphsEnabling GenAI Breakthroughs with Knowledge Graphs
Enabling GenAI Breakthroughs with Knowledge GraphsNeo4j
 
Neo4j_Anurag Tandon_Product Vision and Roadmap.Benelux.pptx.pdf
Neo4j_Anurag Tandon_Product Vision and Roadmap.Benelux.pptx.pdfNeo4j_Anurag Tandon_Product Vision and Roadmap.Benelux.pptx.pdf
Neo4j_Anurag Tandon_Product Vision and Roadmap.Benelux.pptx.pdfNeo4j
 
Neo4j_Jesus Barrasa_The Art of the Possible with Graph.pptx.pdf
Neo4j_Jesus Barrasa_The Art of the Possible with Graph.pptx.pdfNeo4j_Jesus Barrasa_The Art of the Possible with Graph.pptx.pdf
Neo4j_Jesus Barrasa_The Art of the Possible with Graph.pptx.pdfNeo4j
 
Swift_Maintaining Critical Standards(...).pptx.pdf
Swift_Maintaining Critical Standards(...).pptx.pdfSwift_Maintaining Critical Standards(...).pptx.pdf
Swift_Maintaining Critical Standards(...).pptx.pdfNeo4j
 
Deloitte+RedCross_Talk to your data with Knowledge-enriched Generative AI.ppt...
Deloitte+RedCross_Talk to your data with Knowledge-enriched Generative AI.ppt...Deloitte+RedCross_Talk to your data with Knowledge-enriched Generative AI.ppt...
Deloitte+RedCross_Talk to your data with Knowledge-enriched Generative AI.ppt...Neo4j
 
Ingka Digital_Linked Metadata by Design.pdf
Ingka Digital_Linked Metadata by Design.pdfIngka Digital_Linked Metadata by Design.pdf
Ingka Digital_Linked Metadata by Design.pdfNeo4j
 
Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24
Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24
Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24Neo4j
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
Identification of insulin-resistance genes with Knowledge Graphs topology and...
Identification of insulin-resistance genes with Knowledge Graphs topology and...Identification of insulin-resistance genes with Knowledge Graphs topology and...
Identification of insulin-resistance genes with Knowledge Graphs topology and...Neo4j
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 
EY: Graphs as Critical Enablers for LLM-based Assistants- the Case of Custome...
EY: Graphs as Critical Enablers for LLM-based Assistants- the Case of Custome...EY: Graphs as Critical Enablers for LLM-based Assistants- the Case of Custome...
EY: Graphs as Critical Enablers for LLM-based Assistants- the Case of Custome...Neo4j
 
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxGraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxNeo4j
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxNeo4j
 
KUBRICK Graphs: A journey from in vogue to success-ion
KUBRICK Graphs: A journey from in vogue to success-ionKUBRICK Graphs: A journey from in vogue to success-ion
KUBRICK Graphs: A journey from in vogue to success-ionNeo4j
 
SKY Paradigms, change and cake: the steep curve of introducing new technologies
SKY Paradigms, change and cake: the steep curve of introducing new technologiesSKY Paradigms, change and cake: the steep curve of introducing new technologies
SKY Paradigms, change and cake: the steep curve of introducing new technologiesNeo4j
 

More from Neo4j (20)

Webinar - IA generativa e grafi Neo4j: RAG time!
Webinar - IA generativa e grafi Neo4j: RAG time!Webinar - IA generativa e grafi Neo4j: RAG time!
Webinar - IA generativa e grafi Neo4j: RAG time!
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG time
 
Neo4j: Data Engineering for RAG (retrieval augmented generation)
Neo4j: Data Engineering for RAG (retrieval augmented generation)Neo4j: Data Engineering for RAG (retrieval augmented generation)
Neo4j: Data Engineering for RAG (retrieval augmented generation)
 
Neo4j Graph Summit 2024 Workshop - EMEA - Breda_and_Munchen.pdf
Neo4j Graph Summit 2024 Workshop - EMEA - Breda_and_Munchen.pdfNeo4j Graph Summit 2024 Workshop - EMEA - Breda_and_Munchen.pdf
Neo4j Graph Summit 2024 Workshop - EMEA - Breda_and_Munchen.pdf
 
Enabling GenAI Breakthroughs with Knowledge Graphs
Enabling GenAI Breakthroughs with Knowledge GraphsEnabling GenAI Breakthroughs with Knowledge Graphs
Enabling GenAI Breakthroughs with Knowledge Graphs
 
Neo4j_Anurag Tandon_Product Vision and Roadmap.Benelux.pptx.pdf
Neo4j_Anurag Tandon_Product Vision and Roadmap.Benelux.pptx.pdfNeo4j_Anurag Tandon_Product Vision and Roadmap.Benelux.pptx.pdf
Neo4j_Anurag Tandon_Product Vision and Roadmap.Benelux.pptx.pdf
 
Neo4j_Jesus Barrasa_The Art of the Possible with Graph.pptx.pdf
Neo4j_Jesus Barrasa_The Art of the Possible with Graph.pptx.pdfNeo4j_Jesus Barrasa_The Art of the Possible with Graph.pptx.pdf
Neo4j_Jesus Barrasa_The Art of the Possible with Graph.pptx.pdf
 
Swift_Maintaining Critical Standards(...).pptx.pdf
Swift_Maintaining Critical Standards(...).pptx.pdfSwift_Maintaining Critical Standards(...).pptx.pdf
Swift_Maintaining Critical Standards(...).pptx.pdf
 
Deloitte+RedCross_Talk to your data with Knowledge-enriched Generative AI.ppt...
Deloitte+RedCross_Talk to your data with Knowledge-enriched Generative AI.ppt...Deloitte+RedCross_Talk to your data with Knowledge-enriched Generative AI.ppt...
Deloitte+RedCross_Talk to your data with Knowledge-enriched Generative AI.ppt...
 
Ingka Digital_Linked Metadata by Design.pdf
Ingka Digital_Linked Metadata by Design.pdfIngka Digital_Linked Metadata by Design.pdf
Ingka Digital_Linked Metadata by Design.pdf
 
Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24
Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24
Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
Identification of insulin-resistance genes with Knowledge Graphs topology and...
Identification of insulin-resistance genes with Knowledge Graphs topology and...Identification of insulin-resistance genes with Knowledge Graphs topology and...
Identification of insulin-resistance genes with Knowledge Graphs topology and...
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 
EY: Graphs as Critical Enablers for LLM-based Assistants- the Case of Custome...
EY: Graphs as Critical Enablers for LLM-based Assistants- the Case of Custome...EY: Graphs as Critical Enablers for LLM-based Assistants- the Case of Custome...
EY: Graphs as Critical Enablers for LLM-based Assistants- the Case of Custome...
 
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxGraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
 
KUBRICK Graphs: A journey from in vogue to success-ion
KUBRICK Graphs: A journey from in vogue to success-ionKUBRICK Graphs: A journey from in vogue to success-ion
KUBRICK Graphs: A journey from in vogue to success-ion
 
SKY Paradigms, change and cake: the steep curve of introducing new technologies
SKY Paradigms, change and cake: the steep curve of introducing new technologiesSKY Paradigms, change and cake: the steep curve of introducing new technologies
SKY Paradigms, change and cake: the steep curve of introducing new technologies
 

Recently uploaded

Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...OnePlan Solutions
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIIvo Andreev
 
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.Sharon Liu
 
Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilVICTOR MAESTRE RAMIREZ
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionsNirav Modi
 
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)Jonathan Katz
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024Mind IT Systems
 
Understanding Native Mobile App Development
Understanding Native Mobile App DevelopmentUnderstanding Native Mobile App Development
Understanding Native Mobile App DevelopmentMobulous Technologies
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024ThousandEyes
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxAutus Cyber Tech
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Incrobinwilliams8624
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageDista
 
How to Improve the Employee Experience? - HRMS Software
How to Improve the Employee Experience? - HRMS SoftwareHow to Improve the Employee Experience? - HRMS Software
How to Improve the Employee Experience? - HRMS SoftwareNYGGS Automation Suite
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdfMeon Technology
 
Webinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.pptWebinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.pptkinjal48
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsJaydeep Chhasatia
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyRaymond Okyere-Forson
 
React 19: Revolutionizing Web Development
React 19: Revolutionizing Web DevelopmentReact 19: Revolutionizing Web Development
React 19: Revolutionizing Web DevelopmentBOSC Tech Labs
 

Recently uploaded (20)

Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AI
 
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
 
Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-Council
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspections
 
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024
 
Understanding Native Mobile App Development
Understanding Native Mobile App DevelopmentUnderstanding Native Mobile App Development
Understanding Native Mobile App Development
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in Trivandrum
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptx
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Inc
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
 
How to Improve the Employee Experience? - HRMS Software
How to Improve the Employee Experience? - HRMS SoftwareHow to Improve the Employee Experience? - HRMS Software
How to Improve the Employee Experience? - HRMS Software
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdf
 
Webinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.pptWebinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.ppt
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human Beauty
 
React 19: Revolutionizing Web Development
React 19: Revolutionizing Web DevelopmentReact 19: Revolutionizing Web Development
React 19: Revolutionizing Web Development
 

GraphTalk Stockholm - Fraud Detection with Graphs

  • 1. Fraud Analysis with Neo4j GraphTalk Stockholm Oct 22, 2019 Dr. Jesús Barrasa Neo4j @BarrasaDV
  • 7. What did we learn from the Panama Papers?
  • 8. Look at this dataset
  • 10. Look at the dataset again
  • 12. Do I have a graph problem?
  • 13. Law of the instrument (of the hammer) : cognitive bias that involves an over-reliance on a familiar tool. A.Maslow 1966
  • 14. Did Google have a graph problem back in the early 2000s? I’d say it was an information retrieval problem
  • 15. nd so, my fellow graphistas: ask not whether you have a graph problem - instead, look at your problem with a graph thinking mindset” J. Barrasa - Graph Connect Europe 2017 “A
  • 16. Example 1: Credit card fraud origination and assessment of potential impact
  • 21. WITH { amount: 2.50, currency:"USD", txid:"05015244006", mid:"5073047", tid:"5073440-7", timestamp:1490060618007, cardno:"5224654370862586050" } AS newTxData MATCH (lastTx:Transaction { cardno: newTxData.cardno }) WHERE NOT (lastTx)-[:NEXT]->() CREATE (newTx:Transaction) SET newTx += newTxData CREATE (lastTx)-[:NEXT]->(newTx) WITH newTx, newTxData MERGE (term:Terminal { tid: newTxData.tid}) CREATE (newTx)-[:IN_TERMINAL]->(term) Tx Tx Tx Tx Fraud Fraud Data load: Transactions
  • 22. WITH { amount: 2.50, currency:"USD", txid:"05015244006", mid:"5073047", tid:"5073440-7", timestamp:1490060618007, cardno:"5224654370862586050" } AS newTxData MATCH (lastTx:Transaction { cardno: newTxData.cardno }) WHERE NOT (lastTx)-[:NEXT]->() CREATE (newTx:Transaction) SET newTx += newTxData CREATE (lastTx)-[:NEXT]->(newTx) WITH newTx, newTxData MERGE (term:Terminal { tid: newTxData.tid}) CREATE (newTx)-[:IN_TERMINAL]->(term) Tx Tx Tx Tx Fraud Fraud Data load: Transactions
  • 23. WITH { amount: 2.50, currency:"USD", txid:"05015244006", mid:"5073047", tid:"5073440-7", timestamp:1490060618007, cardno:"5224654370862586050" } AS newTxData MATCH (lastTx:Transaction { cardno: newTxData.cardno }) WHERE NOT (lastTx)-[:NEXT]->() CREATE (newTx:Transaction) SET newTx += newTxData CREATE (lastTx)-[:NEXT]->(newTx) WITH newTx, newTxData MERGE (term:Terminal { tid: newTxData.tid}) CREATE (newTx)-[:IN_TERMINAL]->(term) Tx Tx Tx Tx Fraud Fraud Data load: Transactions
  • 24. WITH { amount: 2.50, currency:"USD", txid:"05015244006", mid:"5073047", tid:"5073440-7", timestamp:1490060618007, cardno:"5224654370862586050" } AS newTxData MATCH (lastTx:Transaction { cardno: newTxData.cardno }) WHERE NOT (lastTx)-[:NEXT]->() CREATE (newTx:Transaction) SET newTx += newTxData CREATE (lastTx)-[:NEXT]->(newTx) WITH newTx, newTxData MERGE (term:Terminal { tid: newTxData.tid}) CREATE (newTx)-[:IN_TERMINAL]->(term) Tx Tx Tx Tx Fraud Fraud Data load: Transactions
  • 26. WITH { txid:"0501524400006"} AS unrecognizedTx MATCH (tx:Transaction { txid: unrecognizedTx.txid }) SET tx:FraudTx Tx Tx Tx Tx Fraud Fraud Data load: Reported fraud
  • 27. WITH { txid:"0501524400006"} AS unrecognizedTx MATCH (tx:Transaction { txid: unrecognizedTx.txid }) SET tx:FraudTx Tx Tx Tx Tx Fraud Fraud Data load: Reported fraud
  • 28. WITH { txid:"0501524400006"} AS unrecognizedTx MATCH (tx:Transaction { txid: unrecognizedTx.txid }) SET tx:FraudTx Tx Tx Tx Tx Fraud Fraud Data load: Reported fraud
  • 29. WITH { txid:"0501524400006"} AS unrecognizedTx MATCH (tx:Transaction { txid: unrecognizedTx.txid }) SET tx:FraudTx Tx Tx Tx Tx Fraud Fraud Data load: Reported fraud
  • 31. MATCH (term:Terminal)<-[:IN_TERMINAL]-(t)-[n:NEXT*]->(:FraudTx) WITH term , count(distinct t.cardno) as ct, min(t.timestamp) as mindate, max(t.timestamp) as maxdate WHERE ct > 1 MATCH (term)<-[:IN_TERMINAL]-(otherTx) WHERE otherTx.timestamp < maxdate and otherTx.timestamp > mindate RETURN term.tid AS terminal,mindate,maxdate, 100 * ct / COUNT(DISTINCT otherTx.cardno) AS impact, (maxdate - mindate)/(24*3600000) as timewindow ORDER BY impact DESC, timewindow DESC Query: Fraud origination at terminal level
  • 32. MATCH (term:Terminal)<-[:IN_TERMINAL]-(t)-[n:NEXT*]->(:FraudTx) WITH term , count(distinct t.cardno) as ct, min(t.timestamp) as mindate, max(t.timestamp) as maxdate WHERE ct > 1 MATCH (term)<-[:IN_TERMINAL]-(otherTx) WHERE otherTx.timestamp < maxdate and otherTx.timestamp > mindate RETURN term.tid AS terminal,mindate,maxdate, 100 * ct / COUNT(DISTINCT otherTx.cardno) AS impact, (maxdate - mindate)/(24*3600000) as timewindow ORDER BY impact DESC, timewindow DESC Query: Fraud origination at terminal level
  • 33. MATCH (term:Terminal)<-[:IN_TERMINAL]-(t)-[n:NEXT*]->(:FraudTx) WITH term , count(distinct t.cardno) as ct, min(t.timestamp) as mindate, max(t.timestamp) as maxdate WHERE ct > 1 MATCH (term)<-[:IN_TERMINAL]-(otherTx) WHERE otherTx.timestamp < maxdate and otherTx.timestamp > mindate RETURN term.tid AS terminal,mindate,maxdate, 100 * ct / COUNT(DISTINCT otherTx.cardno) AS impact, (maxdate - mindate)/(24*3600000) as timewindow ORDER BY impact DESC, timewindow DESC Query: Fraud origination at terminal level
  • 34. MATCH (term:Terminal)<-[:IN_TERMINAL]-(t)-[n:NEXT*]->(:FraudTx) WITH term , count(distinct t.cardno) as ct, min(t.timestamp) as mindate, max(t.timestamp) as maxdate WHERE ct > 1 MATCH (term)<-[:IN_TERMINAL]-(otherTx) WHERE otherTx.timestamp < maxdate and otherTx.timestamp > mindate RETURN term.tid AS terminal,mindate,maxdate, 100 * ct / COUNT(DISTINCT otherTx.cardno) AS impact, (maxdate - mindate)/(24*3600000) as timewindow ORDER BY impact DESC, timewindow DESC Query: Fraud origination at terminal level
  • 35. Query: Fraud origination at terminal level
  • 36. WITH { tid : '2373743-7', from: 1487340089000, to: 1488039852000 } AS compTerm MATCH (term:Terminal { tid: compTerm.tid} )<-[:IN_TERMINAL]-(t) WHERE NOT (t)-[:NEXT*]->(:FraudTx) AND t.timestamp > compTerm.from AND t.timestamp < compTerm.to RETURN distinct t.cardno AS cardAtRisk Query: Proactive prevention
  • 37. WITH { tid : '2373743-7', from: 1487340089000, to: 1488039852000 } AS compTerm MATCH (term:Terminal { tid: compTerm.tid} )<-[:IN_TERMINAL]-(t) WHERE NOT (t)-[:NEXT*]->(:FraudTx) AND t.timestamp > compTerm.from AND t.timestamp < compTerm.to RETURN distinct t.cardno AS cardAtRisk Query: Proactive prevention
  • 38. WITH { tid : '2373743-7', from: 1487340089000, to: 1488039852000 } AS compTerm MATCH (term:Terminal { tid: compTerm.tid} )<-[:IN_TERMINAL]-(t) WHERE NOT (t)-[:NEXT*]->(:FraudTx) AND t.timestamp > compTerm.from AND t.timestamp < compTerm.to RETURN distinct t.cardno AS cardAtRisk Query: Proactive prevention
  • 40. Why graph native matters DB#1 1027910 nodes 4017217 relationships 10044420 properties DB#2 509451186 nodes 1008977685 relationships 3551517114 properties Fraud origination at terminal level 93ms 104 ms Fraud origination at merchant level 102ms 116 ms Proactive prevention 11ms 12 ms
  • 41. Example 1: Credit card fraud origination and assessment of potential impact
  • 42. Example 2: Referral program fraud
  • 44. timestamp ,from,to ,amnt ,transferid 1492194035,3316,3606,33.52,f4d21fed-a307-4 1493759810,2693,3886,1655.53,8d060469-f363 1493889115,2229,3557,2725.36,f32b20de-f227 1493946497,3877,2343,672.9,064b98fb-5395-4 1493413944,2360,3358,78.68,d87308f4-508b-4 1491524249,3472,3490,1894.58,3e9bdf77-06be 1492912151,3576,3196,3335.02,d3a50a83-329a 1491846100,3717,2269,3891.62,3fc0f2d6-57c4 1492268780,2656,3527,1809.7,cbc16b4f-b95e- 1493420085,2873,3749,2960.73,4fbf48b8-7501 1492236572,2223,3120,2973.38,1e5b95e7-4e86 1492735617,2318,2820,36.04,c07bc1cd-8970-4
  • 45. MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER]->(u) WHERE t.timestamp - i.timestamp < 15*24*3600000 AND t.amount < 210 AND t.amount > 199 AND size((x)-[:TRANSFER]-())=1 RETURN p
  • 46. MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER]->(u) WHERE t.timestamp - i.timestamp < 15*24*3600000 AND t.amount < 210 AND t.amount > 199 AND size((x)-[:TRANSFER]-())=1 RETURN p
  • 47. MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER]->(u) WHERE t.timestamp - i.timestamp < 15*24*3600000 AND t.amount < 210 AND t.amount > 199 AND size((x)-[:TRANSFER]-())=1 RETURN p
  • 49. Fraudsters got more and more sophisticated... <-[:INVITES]-- --[:INVITES]-> ---[:INVITES]-> -[:TRANSFER]-> -[:TRANSFER]-> <-[:TRANSFER]---
  • 50. But cypher beat them all! MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER*3..]->(u) WHERE all(r IN relationships(p) WHERE type(r) <>'TRANSFER' OR (r.timestamp - i.timestamp < 15*24*3600000 AND r.amount < 210 AND r.amount > 199)) AND all(n IN nodes(p) WHERE n=u or size((n)-[:TRANSFER]->())=1) RETURN p
  • 51. But cypher beat them all! MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER*3..]->(u) WHERE all(r IN relationships(p) WHERE type(r) <>'TRANSFER' OR (r.timestamp - i.timestamp < 15*24*3600000 AND r.amount < 210 AND r.amount > 199)) AND all(n IN nodes(p) WHERE n=u or size((n)-[:TRANSFER]->())=1) RETURN p and *3.. detects chains of any length!
  • 52. But cypher beat them all! MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER*3..]->(u) WHERE all(r IN relationships(p) WHERE type(r) <>'TRANSFER' OR (r.timestamp - i.timestamp < 15*24*3600000 AND r.amount < 210 AND r.amount > 199)) AND all(n IN nodes(p) WHERE n=u or size((n)-[:TRANSFER]->())=1) RETURN p
  • 54. I could go on with more variants the pattern... <-[:INVITES]- --[:INVITES]->---[:INVITES]-> -[:TRANSFER]-> -[:TRANSFER]-> -[:TRANSFER]-> MATCH p = (u:User)-[i:INVITES]->(x)-[t:TRANSFER*3..]->()
  • 55. Example 2: Referral program fraud
  • 56. Three takeaways Graph thinking Graph native matters Graphs rock! Enjoy the rest of the day!
  • 57. Tack!