Fraud Detection - Using Graph Database

By



In Gartner Data and Analytics Summit Feb 2019, Gartner predicted the application of Graph technology to grow by 100% through 2022. The details are available here .

In addition to social networks and recommendation systems, fraud detection is a field where the value of graph technology cannot be understated. Today we'll learn the use of Graph technology with a real world business use case of fraud detection. 

If you are new to Graph technology, and haven't read my previous publication Graph technology in plain english, I highly recommend to read that once. It will help you to understand the fundamentals of Graph technology and serve as a catalyst for your learning process. 


Fraud detection

According to the research published by Crowe in July 2019, global fraud losses equate to shocking US$5.127 trillion each year. Fraudsters commit monetary frauds almost every day. 

What if such fraud can be detected at an early stage, through prior experience of some common fraud patterns or known fraudsters. We'll look at how Graph can be used to identify one such link and how tedious it can be to obtain this knowledge from a non-graph database.


Detect fraud for a finance company A2ZMoney:

A2ZMoney is a financial service company, which has substantial web presence. Businesses and individuals can sign up by creating profiles and use its financial services. Once onboarded, customers can make transactions and send or receive money. This company stores customers' PII and non-PII data.

Fraud A2ZMoney wants to detect Tom is a new customer and A2ZMoney wants to know how risky it would be, to accept Tom as a new customer and allow him to transact. 
 
Let's use a graph to answer this. 
Given that A2ZMoney has access to all of its customers' PII and non-PII data, we can use attributes like email addresses, residential addresses etc, to build a graph (shown below) that illustrates the relationships between each client. By now we know, that a graph is a combination of vertices and edges. Edges being the relationship between the vertices. Below I created a pictorial representation of A2ZMoney's graph:


Click on image to enlarge




Details of above Graph:

Please spend a minute to observe the above graph and you would see the following relationships. Below I have explained, 4 randomly picked relationships from this graph:


Relationships between customers:

Below are shown 4 relationships, with all the vertices colored orange and all the edges colored in green.

1. Tom and Jane have same email id.

          hasEmail                                          hasEmail
Tom --------------> xyz@yahoo.com  <-------------- Jane


2. Jane and Sam use the same device.

           useDevice                                       useDevice
Jane --------------> IP 10.100.13.44  <-------------- Sam


3. Sam and Jonny use the same credit card.

           hasPaymentCard                                                     hasPaymentCard
Sam -----------------------> 3333-3333-3333-3333  <------------------------ Jonny


4. Richard and Sam live in the same house.

                  lives at                                                  lives at
Richard --------------> 999 PQR Street, CA  <-------------- Sam



Vertices:

All A2ZMoney's customers including Tom, Jane, Richard, Mike, Sam and Jonny and their attributes such as email address, phone number, physical address, bank account number, payment card, ssn and the device they used, are vertices of the graph. 

Edges:

Every edge in this graph starts from the customer vertex and ends at the attribute vertex(such as email, phone, address etc). The edges shows the association of every customer with their attributes. 
I have assigned specific edge labels such as hasEmail, useDevice, lives at etc, to facilitate required graph traversals to get the desired insights. 

Please pay close attention to customers Tom(with NEW CUSTOMER sign in red) on the extreme left and Jonny(with Fraud sign) on the extreme right in the graph, as they would be our point of focus for this fraud detection use case. 

How does this graph answer - "If Tom would be a risky customer":

When the company tries to see association of Tom, by linking him with their dataset of known individuals, the above graph clearly shows the association of Tom with a fraudster named Jonny. This linkage is shown in the graph with yellow highlighted edges

Tom -> Jane -> Sam -> Jonny 

This raises a suspicion flag and hints of a risk.

There are two approaches in which Graph can be utilized to detect such risk:
 
1. Deterministic approach:

Such multi level linkage(of Tom with Jonny) can be efficiently calculated using graph traversal.
We need to just write an OLTP traversal logic, with Tom as the starting point. Traverse the graph to find Tom's connections with know fraudster vertex, measuring the number of hops and weightage of association. Weightage being high for attributes like SSN, DDA etc. 

Based on the number of hops and the weightage of association being weak or strong, business can set the acceptable number of hops to approve or reject the customer's on boarding. Thus determine the exact risk and hence the approach is called a deterministic approach.

A Gremlin(one of the graph query language) graph traversal on A2ZMoney's graph, to find Tom's connection with at least 2 fraudsters such as Jonny, is as follows:

g.V().hasLabel('Customer').has('name','Tom').outE().inV().inE().outV().outE().inV().inE().outV().outE().inV().inE().outV().has('status','Fraud').limit(2)

Isn't that one liner code easy, compared to a complex joins sql code or any custom application code you would have to write? That simplicity we get through graph query language.

2. Predictive approach:

This approach uses Graph along with a predictive Machine Learning Model. Collusion is a common fraud pattern, with multiple customers using say the same account number for transactions. Such data when viewed in a graph, appears as a ring. 

This approach involves traversing the graph, for the past known fraud ring patterns and training a data science(Machine Learning) model, with such ring patterns as features. The data science model once trained, gets equipped to generate a high score for a similar ring pattern and prevent similar fraud from recurring. In this case, Tom's association would also go through the scoring ML model, to predict the risk. Higher the score, higher would be the risk.
 
The importance of Graph is that such rings can be detected through traversals or prebuilt algorithms offered by Graph systems. We can design Gremlin traversals to achieve this, as well as there are graph algorithms, which can achieve this in an OLAP graph system.

To achieve best results out of the graph, it is recommended to enrich graph data, using maximum available data from external third party sources(such as Experian). 


How Graph DB is efficient over other Databases?




This question would be well answered, when we try to achieve this same traversal in a non-graph database. In relational world, the data model of A2ZMoney's customer's data looks like this, with fact and dimension tables. Ids of every attribute linking to the respective dimension table of the attribute.:

Click on image to enlarge


 
With this data model, if we try to find the connection of Tom with Jonny, which is 3 hops away, it is clear that it would need multiple self joins. More over the join would also have to be on different attributes, to just enquire if there is any connection with others or not. Dimensional Data Modeling helps a bit compared to Relational Data Modeling, but still several self joins for each hop are inevitable.

Every join operation is expensive. And this is one of those several reasons(besides flexible schema evolution, rich query support etc) which advocates the importance of Graph system. Graph stores this information already as edges. 

I have published techniques to optimize joins in Apache Spark, which you can find here. But still no one can deny the fact that joins are expensive. And Graph systems saves us from them. 

Besides relationships being first class citizen, ease of design of graph traversals and several graph algorithms available as part of the Graph APIs, makes Graph systems valuable. 

We now know how Graph systems can help us detect fraud, and how tedious it would be to detect the same fraud using non-graph databases. We also looked at the Predictive approach, where the power of Machine Learning can also be clubbed with Graph DB to predict fraud. 

Thank you for taking time to read this article. I hope you found it helpful. 

Big Data, Cloud(AWS), Graph and Machine Learning professional.

Comments

New comments are not allowed.

Popular posts from this blog

UPSERT in Hive(3 Step Process)

By
Image
In this post we'll learn an efficient 3 step process, for performing UPSERT in hive on a large size table containing entire history. Just for the audience not aware of UPSERT - It is a combination of UPDATE and INSERT. If on a table containing history data, we receive new data which needs to be inserted as well as some data which is an UPDATE to the existing data, then we have to perform an UPSERT operation to achieve this. Prerequisite  – The table containing history being very large in size should be partitioned, which is also a best practice for efficient data storage, when storing large volume of data in any Big Data warehouse. Business scenario  – Lets take an example of click stream data of a website, as gathered from different browsers of visitors who visited the website. The site_view_hist table contains the clicks and page impressions counts from different browsers and the table is partitioned on hit_date(the date on which the visitor hitted or visited the website).
Read more

Parquet tools utility

By
Image
It is a well known fact, that parquet format is a binary format. And for humans, reading binary data is not as easy as opening a text file and understanding its contents. But no worries, today we'll learn how to read a parquet file . If you would like to understand all the internal details of a parquet file , you can please refer my previous article here . In this article I have tried to explain all the inner storage details of Parquet and answered most of the questions around its usage, efficiency and performance.                                                                                Parquet tools - As we know parquet is a binary format, we need an interpreter to translate its contents so that we can understand them. And this is what parquet-tools  utility project does for us. It lets us read parquet files. Note - At the time of writing this blog, I used parquet-tools utility already installed on my Hadoop cluster. But you can always install parquet-tools on you
Read more

Hive - Merging small files into bigger files.

By
Image
Since Hadoop's inception, we have learnt that it is good for processing small number of large files, instead of large number of small files. Part of the reason pertaining to this behavior is, its MapReduce Paradigm which works on splits of input data.  In our day to day data processing, there can be various situations where our processes can produce large number of small files. Assume a process generated output data of 300 MB, but this data is distributed in approximately 3000 files of 99 KB each. Today we'll learn how to merge such large number of small files into bigger files. Before that let us quickly understand the problems, such large number of small files can cause. Problems posed by large number of small files -   1.   I f we store the data of this table in GZIP format(3000 files each of 99KB), then a downstream process running a hive query(MapReduce job) on this data, would spin up 3000 mappers to process individual splits for each file, as the GZIP format is non
Read more

Parquet File format - Storage details

By
Image
Columnar storage has revolutionized Big data processing, since its inception.  Its power can be realized from the fact that Google Big Query, Hbase, Amazon Redshift, Azure SQL Data Warehouse and many more, all utilize columnar storage. As you are here today reading this article, it is obvious that you are curious to learn how Columnar storage internally works. Well, just stay tuned for next few minutes, as  I'll explain all the details of the  most popular columnar file format called Parquet.  We'll learn the details  by  actually opening  a parquet file and by  going deep, at the level of how things work under the hood at disc level.  We'll also learn why Parquet would save cost, when it is used as underlying file format with A WS services such as Athena . When to use Parquet format  -  Just check this less than 30 seconds conversation, going on between a Data Engineer(male) and a  BI Analyst(female) . When to use parquet - Whenever our dataset has large num
Read more

Skew Join Optimization in Hive

By
Image
Skew is a very common issue which most of the data engineers come across.  What is Skew - When in our data we have very large number of records associated with one(or more) particular key, then this data is said to be skewed on that key.  We'll understand this with a very simple example. Think about world's population data table, where each record is of one person and the number of records equals to total world population. As we all know China and India, each accounts for around 17-18% of world's population, hence such population table is referred to as skewed on keys country=China and country=India. If you focus on the following pie chart of world's population distribution by country, then this would make exact sense. Problem statement  - Assume we have a table which tracks the online visits to different online websites. In this table amazon.com  being very popular,  has 1 Billion rows whereas other not very popular sites ( www.abc.com , www.xyz.com..etc) i
Read more

Apache Spark - Sort Merge Join

By
Image
Apache Spark is a well known open source cluster computation system, for large scale data processing. If you are into Big Data and Machine Learning, Apache Spark may not need any introduction. Its capabilities include In-memory processing, Distributed SQL Analytics, Real Time stream processing, Graph processing, Machine Learning,  support for several programming languages  and many more.  " What happens under the hood, when we execute a Spark application? ".    thinking????? This is a very common question, which crops up in every Apache Spark user's mind. If you have the same question, I 'll answer this using Spark SQL by executing one of the most common data processing operation i.e. "Join". Spark being a vast technology, it is nearly impossible to cover all of Spark's details in a single article. And we all learn something new, every time we use a technology to solve a new challenge.  However, the details I'll cover here, should be enough to give
Read more

Apache Spark - Explicit Broadcasting Optimization

By
Image
Join operation is an indispensable part of majority of Big Data Projects. If you are using Apache Spark for your Big Data processing and using join operation, in this article I'll explain a strategy to optimize joins. The technique I'll explain is how to explicitly broadcast a table, in any Spark join operation and convert the join operation to Broadcast Hash Join. Why Broadcasting - W hen we perform a join operation in Spark SQL, b roadcasting proves very efficient in reducing data shuffling and hence serialization and deserialization of data over the network, which happens during a Sort Merge Join operation. If you haven't read my previous article on Spark's Broadcast Hash join, I highly recommend you to first go through that. This would provide you most of the deeper details of Spark's Broadcast hash Join. You can please find it here :- Broadcast Hash Join - By Akshay Agarwal Business use case  -  To explain this optimization, let's take the business
Read more

Spark Optimization - Bucketing

By
Image
Complex data computation is a part of every Big Data Project.  Do you have a business scenario requiring complex join on data having billions or trillions of values?  If you are using Apache Spark, stay tuned for next few minutes, as this article will address this expensive join problem, using Spark's optimization technique called Bucketing. Before reading this article, I recommend you to once go through my previous articles on Spark's Sort Merge Join and Broadcast Hash Join . They will set up your foundation for understanding bucketing technique. It is recommended but is not mandatory, as you would still be able to grasp the core concept. When to use Bucketing ?    For any business problem, where we need to perform a join on tables with very high cardinality on join column( I repeat very high ) in say millions, billions or even trillions and also this join needs to happen multiple times. Lets understand bucketing using the data of a hypothetical service provider company
Read more

Apache Spark - Broadcast Hash Join

By
Image
In this technical article, we'll discuss about one of Apache Spark's efficient join technique called Broadcast Hash Join. I will explain in detail how this operation is implemented internally in Spark at DAG(Directed Acyclic Graph) level and also different phases of DAG. We'll also uncover the details of division of spark application into jobs and stages.  Data  -  To explain this join concept, I'll take customer data of a hypothetical online service provider organization with international presence. Different customers across the world using its services holds accounts with this company. Moreover the customers uses different devices to access this company's website. Hence to fetch the details of different  customers(business_accounts) and the corresponding device used by them, we'll use two datasets: Business Accounts data   -  Data consisting of details of the customer's business account, created with this service providing organization.  The schema f
Read more

Graph Technology - In plain English

By
Image
Graph processi ng systems have become a prominent buzzword in computation world in recent years. Is this just a passing trend which is here today and would vanish tomorrow? There is no harm in being skeptical. But with knowledge graphs recognized as a top emerging technology trend by industry expert Gartner, it's evident that graph technology is here to stay.  So let's dive in and discover what makes graph technology special and why it's gaining momentum.   What industry experts are saying about Graph Technology: Knowledge graphs has been recognized by Gartner among the top 5 emerging technology trends, alongside IOT & Blockchain, that will blur the lines between humans and machines. I have included a snippet from Gartner's press release below. You can also find Gartner's official full press release   here  . Snippet from Gartner's Newsroom Press Release  An important note before we proceed further. If you do a simple google search about graphs, y
Read more