银行欺诈检测

(原始来源: https://github.com/neo4j-contrib/gists/blob/master/other/BankFraudDetection.adoc )

本交互式Neo4j图教程涵盖了银行欺诈检测场景。

问题介绍

银行和保险公司每年因欺诈损失数十亿美元。传统的欺诈检测方法在最大限度地减少这些损失方面发挥着重要作用。然而，越来越复杂的欺诈者已经开发出各种方法来逃避发现，无论是通过合作还是利用各种其他手段构建虚假身份。

场景说明

虽然没有任何欺诈预防措施可以做到完美，但改进的重大机会在于超越单个数据点，关注连接它们的关系。这些关系通常在为时已晚之前才会被注意到——这是不幸的，因为这些关系通常包含最佳线索。

典型场景

虽然每次第一方欺诈串谋背后的具体细节因操作而异，但以下模式说明了欺诈团伙通常如何运作

两名或多名人员组成一个欺诈团伙
该团伙共享一部分合法的联系信息，例如电话号码和地址，并将它们组合起来创建多个虚构身份
团伙成员使用这些虚构身份开户
新账户添加到原始账户中：无担保信贷额度、信用卡、透支保护、个人贷款等。
账户像往常一样使用，定期购物并按时付款
由于观察到的负责任的信用行为，银行会随着时间的推移增加循环信贷额度
有一天，团伙“突然撤资”，协调他们的活动，最大限度地利用所有信贷额度，然后消失
有时，欺诈者会更进一步，在之前的步骤之前立即使用伪造支票将其所有余额归零，从而使损失加倍
随后进行催收流程，但代理商始终无法联系到欺诈者
坏账被注销

解决方案说明

图数据库提供了新的方法来发现欺诈团伙和其他复杂的诈骗，准确率很高，并且能够实时阻止高级欺诈场景。

图数据库如何提供帮助

可以通过运行使用图数据库的适当实体链接分析查询，并在客户和账户生命周期的关键阶段（例如）运行检查，来增强现有的欺诈检测基础设施以支持团伙检测

在创建账户时
在调查期间
一旦达到信用余额阈值
当支票退票时

与正确的事件类型相关的实时图遍历可以帮助银行在“突然撤资”发生期间甚至之前识别可能的欺诈团伙。

银行欺诈图数据模型

图数据库已成为克服这些障碍的理想工具。像Cypher这样的语言为在图中检测环、在内存中实时导航连接提供了简单的语义。

下面的图数据模型表示数据在图数据库中的实际外观，并说明了如何通过简单地遍历图来查找环

图1. 银行欺诈

示例数据集

// Create account holders
CREATE (accountHolder1:AccountHolder {
       		FirstName: "John",
       		LastName: "Doe",
       		UniqueId: "JohnDoe" })

CREATE (accountHolder2:AccountHolder {
			FirstName: "Jane",
			LastName: "Appleseed",
			UniqueId: "JaneAppleseed" })

CREATE (accountHolder3:AccountHolder {
			FirstName: "Matt",
			LastName: "Smith",
			UniqueId: "MattSmith" })

// Create Address
CREATE (address1:Address {
			Street: "123 NW 1st Street",
			City: "San Francisco",
			State: "California",
			ZipCode: "94101" })

// Connect 3 account holders to 1 address
CREATE (accountHolder1)-[:HAS_ADDRESS]->(address1),
       (accountHolder2)-[:HAS_ADDRESS]->(address1),
       (accountHolder3)-[:HAS_ADDRESS]->(address1)

// Create Phone Number
CREATE (phoneNumber1:PhoneNumber { PhoneNumber: "555-555-5555" })

// Connect 2 account holders to 1 phone number
CREATE (accountHolder1)-[:HAS_PHONENUMBER]->(phoneNumber1),
       (accountHolder2)-[:HAS_PHONENUMBER]->(phoneNumber1)

// Create SSN
CREATE (ssn1:SSN { SSN: "241-23-1234" })

// Connect 2 account holders to 1 SSN
CREATE (accountHolder2)-[:HAS_SSN]->(ssn1),
       (accountHolder3)-[:HAS_SSN]->(ssn1)

// Create SSN and connect 1 account holder
CREATE (ssn2:SSN { SSN: "241-23-4567" })<-[:HAS_SSN]-(accountHolder1)

// Create Credit Card and connect 1 account holder
CREATE (creditCard1:CreditCard {
			AccountNumber: "1234567890123456",
			Limit: 5000, Balance: 1442.23,
			ExpirationDate: "01-20",
			SecurityCode: "123" })<-[:HAS_CREDITCARD]-(accountHolder1)

// Create Bank Account and connect 1 account holder
CREATE (bankAccount1:BankAccount {
			AccountNumber: "2345678901234567",
			Balance: 7054.43 })<-[:HAS_BANKACCOUNT]-(accountHolder1)

// Create Credit Card and connect 1 account holder
CREATE (creditCard2:CreditCard {
			AccountNumber: "1234567890123456",
			Limit: 4000, Balance: 2345.56,
			ExpirationDate: "02-20",
			SecurityCode: "456" })<-[:HAS_CREDITCARD]-(accountHolder2)

// Create Bank Account and connect 1 account holder
CREATE (bankAccount2:BankAccount {
			AccountNumber: "3456789012345678",
			Balance: 4231.12 })<-[:HAS_BANKACCOUNT]-(accountHolder2)

// Create Unsecured Loan and connect 1 account holder
CREATE (unsecuredLoan2:UnsecuredLoan {
			AccountNumber: "4567890123456789-0",
			Balance: 9045.53,
			APR: .0541,
			LoanAmount: 12000.00 })<-[:HAS_UNSECUREDLOAN]-(accountHolder2)

// Create Bank Account and connect 1 account holder
CREATE (bankAccount3:BankAccount {
			AccountNumber: "4567890123456789",
			Balance: 12345.45 })<-[:HAS_BANKACCOUNT]-(accountHolder3)

// Create Unsecured Loan and connect 1 account holder
CREATE (unsecuredLoan3:UnsecuredLoan {
			AccountNumber: "5678901234567890-0",
			Balance: 16341.95, APR: .0341,
			LoanAmount: 22000.00 })<-[:HAS_UNSECUREDLOAN]-(accountHolder3)

// Create Phone Number and connect 1 account holder
CREATE (phoneNumber2:PhoneNumber {
			PhoneNumber: "555-555-1234" })<-[:HAS_PHONENUMBER]-(accountHolder3)

RETURN *

实体链接分析

下面演示了对上述数据模型执行实体链接分析。我们在下表中使用括号来隔离集合的各个元素。

查找共享两个以上合法联系信息的账户持有人

MATCH 		(accountHolder:AccountHolder)-[]->(contactInformation)
WITH 		contactInformation,
			count(accountHolder) AS RingSize
MATCH 		(contactInformation)<-[]-(accountHolder)
WITH 		collect(accountHolder.UniqueId) AS AccountHolders,
			contactInformation, RingSize
WHERE 		RingSize > 1
RETURN 		AccountHolders AS FraudRing,
			labels(contactInformation) AS ContactType,
			RingSize
ORDER BY 	RingSize DESC

确定可能的欺诈团伙的财务风险

MATCH 		(accountHolder:AccountHolder)-[]->(contactInformation)
WITH 		contactInformation,
			count(accountHolder) AS RingSize
MATCH 		(contactInformation)<-[]-(accountHolder),
			(accountHolder)-[r:HAS_CREDITCARD|HAS_UNSECUREDLOAN]->(unsecuredAccount)
WITH 		collect(DISTINCT accountHolder.UniqueId) AS AccountHolders,
			contactInformation, RingSize,
			SUM(CASE type(r)
				WHEN 'HAS_CREDITCARD' THEN unsecuredAccount.Limit
				WHEN 'HAS_UNSECUREDLOAN' THEN unsecuredAccount.Balance
				ELSE 0
			END) as FinancialRisk
WHERE 		RingSize > 1
RETURN 		AccountHolders AS FraudRing,
			labels(contactInformation) AS ContactType,
			RingSize,
			round(FinancialRisk) as FinancialRisk
ORDER BY 	FinancialRisk DESC

此页面是否有帮助？

GraphGists