银行欺诈检测

(原始来源： https://github.com/neo4j-contrib/gists/blob/master/other/BankFraudDetection.adoc )

本交互式 Neo4j 图谱教程涵盖了银行欺诈检测场景。

问题介绍

银行和保险公司每年因欺诈损失数十亿美元。传统的欺诈检测方法在最大限度地减少这些损失方面发挥着重要作用。然而，越来越复杂的欺诈者已经开发出各种方法来逃避侦查，他们既协同作案，又利用各种其他手段构建虚假身份。

场景说明

虽然没有任何欺诈预防措施是完美的，但改进的巨大机会在于超越单个数据点，着眼于连接它们的关系。这些关系往往在为时已晚时才被注意到——这很不幸，因为这些关系通常蕴含着最佳线索。

典型场景

虽然每个第一方欺诈串通的精确细节因操作而异，但以下模式说明了欺诈团伙的常见运作方式

两名或更多人员组成一个欺诈团伙
该团伙共享一部分合法联系信息，即电话号码和地址，并将它们组合起来创建多个虚假身份
团伙成员使用这些虚假身份开设账户
新账户被添加到原始账户中：无担保信用额度、信用卡、透支保护、个人贷款等。
这些账户正常使用，有常规购物和及时还款
由于观察到负责任的信用行为，银行会随着时间推移增加循环信用额度
有一天，该团伙“爆发”，协调他们的活动，透支所有信用额度，然后消失
有时欺诈者会更进一步，在上述步骤之前立即使用假支票将其所有余额清零，使损失翻倍
收款流程随之启动，但代理人始终无法联系到欺诈者
无法收回的债务被核销

解决方案说明

图数据库提供了高精度地揭露欺诈团伙和其他复杂骗局的新方法，并能够实时阻止高级欺诈场景。

图数据库如何提供帮助

通过使用图数据库运行适当的实体链接分析查询，并在客户与账户生命周期的关键阶段运行检查，可以增强现有的欺诈检测基础设施以支持团伙检测，例如：

账户创建时
调查期间
达到信用余额阈值时
支票退票时

结合正确事件的实时图遍历可以帮助银行在“爆发”发生期间甚至之前识别可能的欺诈团伙。

银行欺诈图数据模型

图数据库已成为克服这些障碍的理想工具。Cypher 等语言提供了简单的语义，用于在图谱中检测团伙，并实时在内存中导航连接。

下面的图数据模型展示了数据在图数据库中的实际外观，并说明了如何通过简单地遍历图谱来查找团伙

图1. 银行欺诈

样本数据集

// Create account holders
CREATE (accountHolder1:AccountHolder {
       		FirstName: "John",
       		LastName: "Doe",
       		UniqueId: "JohnDoe" })

CREATE (accountHolder2:AccountHolder {
			FirstName: "Jane",
			LastName: "Appleseed",
			UniqueId: "JaneAppleseed" })

CREATE (accountHolder3:AccountHolder {
			FirstName: "Matt",
			LastName: "Smith",
			UniqueId: "MattSmith" })

// Create Address
CREATE (address1:Address {
			Street: "123 NW 1st Street",
			City: "San Francisco",
			State: "California",
			ZipCode: "94101" })

// Connect 3 account holders to 1 address
CREATE (accountHolder1)-[:HAS_ADDRESS]->(address1),
       (accountHolder2)-[:HAS_ADDRESS]->(address1),
       (accountHolder3)-[:HAS_ADDRESS]->(address1)

// Create Phone Number
CREATE (phoneNumber1:PhoneNumber { PhoneNumber: "555-555-5555" })

// Connect 2 account holders to 1 phone number
CREATE (accountHolder1)-[:HAS_PHONENUMBER]->(phoneNumber1),
       (accountHolder2)-[:HAS_PHONENUMBER]->(phoneNumber1)

// Create SSN
CREATE (ssn1:SSN { SSN: "241-23-1234" })

// Connect 2 account holders to 1 SSN
CREATE (accountHolder2)-[:HAS_SSN]->(ssn1),
       (accountHolder3)-[:HAS_SSN]->(ssn1)

// Create SSN and connect 1 account holder
CREATE (ssn2:SSN { SSN: "241-23-4567" })<-[:HAS_SSN]-(accountHolder1)

// Create Credit Card and connect 1 account holder
CREATE (creditCard1:CreditCard {
			AccountNumber: "1234567890123456",
			Limit: 5000, Balance: 1442.23,
			ExpirationDate: "01-20",
			SecurityCode: "123" })<-[:HAS_CREDITCARD]-(accountHolder1)

// Create Bank Account and connect 1 account holder
CREATE (bankAccount1:BankAccount {
			AccountNumber: "2345678901234567",
			Balance: 7054.43 })<-[:HAS_BANKACCOUNT]-(accountHolder1)

// Create Credit Card and connect 1 account holder
CREATE (creditCard2:CreditCard {
			AccountNumber: "1234567890123456",
			Limit: 4000, Balance: 2345.56,
			ExpirationDate: "02-20",
			SecurityCode: "456" })<-[:HAS_CREDITCARD]-(accountHolder2)

// Create Bank Account and connect 1 account holder
CREATE (bankAccount2:BankAccount {
			AccountNumber: "3456789012345678",
			Balance: 4231.12 })<-[:HAS_BANKACCOUNT]-(accountHolder2)

// Create Unsecured Loan and connect 1 account holder
CREATE (unsecuredLoan2:UnsecuredLoan {
			AccountNumber: "4567890123456789-0",
			Balance: 9045.53,
			APR: .0541,
			LoanAmount: 12000.00 })<-[:HAS_UNSECUREDLOAN]-(accountHolder2)

// Create Bank Account and connect 1 account holder
CREATE (bankAccount3:BankAccount {
			AccountNumber: "4567890123456789",
			Balance: 12345.45 })<-[:HAS_BANKACCOUNT]-(accountHolder3)

// Create Unsecured Loan and connect 1 account holder
CREATE (unsecuredLoan3:UnsecuredLoan {
			AccountNumber: "5678901234567890-0",
			Balance: 16341.95, APR: .0341,
			LoanAmount: 22000.00 })<-[:HAS_UNSECUREDLOAN]-(accountHolder3)

// Create Phone Number and connect 1 account holder
CREATE (phoneNumber2:PhoneNumber {
			PhoneNumber: "555-555-1234" })<-[:HAS_PHONENUMBER]-(accountHolder3)

RETURN *

实体链接分析

下面演示了对上述数据模型执行实体链接分析。下表中的方括号用于隔离集合的单个元素。

查找共享多个合法联系信息的账户持有人

MATCH 		(accountHolder:AccountHolder)-[]->(contactInformation)
WITH 		contactInformation,
			count(accountHolder) AS RingSize
MATCH 		(contactInformation)<-[]-(accountHolder)
WITH 		collect(accountHolder.UniqueId) AS AccountHolders,
			contactInformation, RingSize
WHERE 		RingSize > 1
RETURN 		AccountHolders AS FraudRing,
			labels(contactInformation) AS ContactType,
			RingSize
ORDER BY 	RingSize DESC

确定潜在欺诈团伙的财务风险

MATCH 		(accountHolder:AccountHolder)-[]->(contactInformation)
WITH 		contactInformation,
			count(accountHolder) AS RingSize
MATCH 		(contactInformation)<-[]-(accountHolder),
			(accountHolder)-[r:HAS_CREDITCARD|HAS_UNSECUREDLOAN]->(unsecuredAccount)
WITH 		collect(DISTINCT accountHolder.UniqueId) AS AccountHolders,
			contactInformation, RingSize,
			SUM(CASE type(r)
				WHEN 'HAS_CREDITCARD' THEN unsecuredAccount.Limit
				WHEN 'HAS_UNSECUREDLOAN' THEN unsecuredAccount.Balance
				ELSE 0
			END) as FinancialRisk
WHERE 		RingSize > 1
RETURN 		AccountHolders AS FraudRing,
			labels(contactInformation) AS ContactType,
			RingSize,
			round(FinancialRisk) as FinancialRisk
ORDER BY 	FinancialRisk DESC

此页面有帮助吗？

图谱列表