This document discusses how graphs and graph databases can help identify reshipping scams. It provides an example of how transaction and address data can be modeled as a graph and analyzed to detect patterns indicating fraud. Suspicious patterns are visualized to help analysts investigate potential scams, such as a transaction with a billing address in one country but shipping to another. Turning these insights into actions like stopping transactions and banning users can help combat online fraud.
Fighting financial crime with graph analysis at BIWA Summit 2017
How to identify reshipping scams with Neo4j
1. SAS founded in 2013 in Paris | http://linkurio.us | @linkurious
How to identify
reshipping scams
with Neo4j.
2. Introduction.
CMO
>5 years in consulting
MSc Political sciences
and Competitive
Intelligence
Jean
Villedieu
Sébastien
Heymann
CEO
Gephi Founder
Phd in Computer
Science and Complex
Systems
Linkurious is a French
startup founded in 2013.
4. Father Of
Father Of
Siblings
This is a node
This is a
relationship
What is a graph ? / Nodes & relationshipsWhat is a graph : nodes and relationships.
A graph is a set of nodes
linked by relationships.
5. Some of the domains in which
our customers use graphs.
People, objects, movies,
restaurants, music…
Suggest new contacts, help
discover new music
Antennas, servers, phones,
people…
Diminish network outages
Supplier, roads, warehouses,
products…
Diminish transportation cost,
optimize delivery
Supply chains Social networks Communications
Differents domains where graphs are important.
6. The accomplice reships the
goods to the fraudster. The
fraudster sells the goods for
$.
He uses the credit cards to
buy goods on a website. He
has the goods shipped to an
accomplice.
Reshipping is used to launder
money.
A scammer steals a few
credit cards and wants to
turn it into $.
Steal credit
cards
Order goods
online
Sell the
goods
What i s reshipping.
7. The accomplice is sometimes a victim too..
The accomplice may think he
is doing a normal job.
8. Reshipping protects the
criminals.
Why use reshipping.
It is worth taking time and efforts to setup a reshipping network if it helps
launder money without getting caught.
9. Online fraud cost $3.5 billion per year to e-retailers.
Source : http://www.internetretailer.com/2013/03/28/online-fraud-costs-e-retailers-35-billion-2012
$3.5 billion
The cost of fraud for ecommerce 1/2.
10. Merchants pay $3.10 in
costs (replacements and
fees) for each dollar of
fraud losses they incur.
The cost of fraud for ecommerce 2/2.
Source : http://www.trulioo.com/blog/2014/05/13/social-login-as-an-added-measure-for-e-commerce-fraud/
11. How to make sense of complex data.
Is it possible for e-
retailers to identify
reshipping scams?
12. What is a graph ? / Nodes & relationshipsA graph data model for the ecommerce orders.
date :
11/08/2014
items : Laptop,
gifcard
amount : $878
IS_USED_FOR
Main Street
(Street)
Address 1
(Address)
San
Francisco
(City)
USA
(Country)
Order 1
(Transaction)
214.77.224.225
(IP_Address)
Address 2
(Address)
Detroit
(City)
Folsom Street
(Street)
Lagos
(City)
Nigeria
(Country)
IS_BILLING_ADDRESS
IS_SHIPPING_ADDRESS
IS_LOCATED_IN IS_LOCATED_IN
IS_LOCATED_IN IS_LOCATED_IN
IS_LOCATED_IN IS_LOCATED_IN
IS_LOCATED_IN
IS_LOCATED_IN
13. I’m particularly interested in orders where the billing
address, the shipping address and the location of the
IP address point in different directions ! Can we find
these?
A fraud expert designs a fraud
detection pattern.
Designing a fraud detection pattern.
14. The pattern is translated in a
graph language.
Looking for the pattern.
MATCH (a:Transaction)-[r*2..3]-(b:City)
WITH a, COUNT(DISTINCT b) AS group_size, COLLECT(DISTINCT b) AS cities
WHERE group_size > 2
RETURN a, cities
15. A graph database handles the
data analysis at scale.
We use Neo4j to store and analyse the data.
ETL
Traditional
databases.
Graph
database.
The graph databases helps store the data from various sources and analyse it in real-time to
identify potential fraud cases.
16. Visualization helps analyse the results.
ETL API
Traditional
database.
Graph
database.
Graph
visualization.
Graph visualization is used to
investigate the suspicious
cases.
Graph visualization solutions like Linkurious help data analysts investigate graph data faster.
17. Visualizing suspicious fraud cases.
The countries are in dark green, the cities in blue, the IP address in red, the street in orange, the
orders (with their date) in light green and the addresses in asparagus.
18. It seems a Nigerian scammer is using stolen credit
cards on our website. He has enrolled the help of
someone from Boston. We should :
- stop the transactions they are involved in ;
- ban these users and their IP addresses ;
- warn the credit card holders ;
- contact the authorities ;
The analyst turns the alert into
actions to stop the fraud.
Turning data into action.
19. ● This is an illustration of the potential of graphs. In the real world we’d use
more advanced techniques (ex : to handle proxies).
● Address analysis has to be combined with other fraud detection
mechanisms (ex : credit card verification).
● Only a subset of the fraudulent transactions can be inspected by a human.
● Graph-based fraud detection can be applied in other domains.
Graphs are great for fraud
detection.
Beyond that example.