9. Law of the instrument (of the hammer) : cognitive bias that
involves an over-reliance on a familiar tool.
A.Maslow 1966
10. Did Google have a graph problem back in the
early 2000s?
I’d say it was an information retrieval problem… but they looked at it
with a graph-thinking mindset!
11. nd so, my fellow graphistas: ask not
whether you have a graph problem - instead, look
at your problem with a graph thinking mindset”
J. Barrasa - Graph Connect Europe 2017
“A
17. WITH { amount: 2.50, currency:"USD", txid:"05015244006",
mid:"5073047", tid:"5073440-7", timestamp:1490060618007,
cardno:"5224654370862586050" } AS newTxData
MATCH (lastTx:Transaction { cardno: newTxData.cardno })
WHERE NOT (lastTx)-[:NEXT]->()
CREATE (newTx:Transaction) SET newTx += newTxData
CREATE (lastTx)-[:NEXT]->(newTx)
WITH newTx, newTxData
MERGE (term:Terminal { tid: newTxData.tid})
CREATE (newTx)-[:IN_TERMINAL]->(term)
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Transactions
18. WITH { amount: 2.50, currency:"USD", txid:"05015244006",
mid:"5073047", tid:"5073440-7", timestamp:1490060618007,
cardno:"5224654370862586050" } AS newTxData
MATCH (lastTx:Transaction { cardno: newTxData.cardno })
WHERE NOT (lastTx)-[:NEXT]->()
CREATE (newTx:Transaction) SET newTx += newTxData
CREATE (lastTx)-[:NEXT]->(newTx)
WITH newTx, newTxData
MERGE (term:Terminal { tid: newTxData.tid})
CREATE (newTx)-[:IN_TERMINAL]->(term)
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Transactions
19. WITH { amount: 2.50, currency:"USD", txid:"05015244006",
mid:"5073047", tid:"5073440-7", timestamp:1490060618007,
cardno:"5224654370862586050" } AS newTxData
MATCH (lastTx:Transaction { cardno: newTxData.cardno })
WHERE NOT (lastTx)-[:NEXT]->()
CREATE (newTx:Transaction) SET newTx += newTxData
CREATE (lastTx)-[:NEXT]->(newTx)
WITH newTx, newTxData
MERGE (term:Terminal { tid: newTxData.tid})
CREATE (newTx)-[:IN_TERMINAL]->(term)
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Transactions
20. WITH { amount: 2.50, currency:"USD", txid:"05015244006",
mid:"5073047", tid:"5073440-7", timestamp:1490060618007,
cardno:"5224654370862586050" } AS newTxData
MATCH (lastTx:Transaction { cardno: newTxData.cardno })
WHERE NOT (lastTx)-[:NEXT]->()
CREATE (newTx:Transaction) SET newTx += newTxData
CREATE (lastTx)-[:NEXT]->(newTx)
WITH newTx, newTxData
MERGE (term:Terminal { tid: newTxData.tid})
CREATE (newTx)-[:IN_TERMINAL]->(term)
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Transactions
21.
22. WITH { txid:"0501524400006"} AS unrecognizedTx
MATCH (tx:Transaction { txid: unrecognizedTx.txid })
SET tx:FraudTx
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Reported fraud
23. WITH { txid:"0501524400006"} AS unrecognizedTx
MATCH (tx:Transaction { txid: unrecognizedTx.txid })
SET tx:FraudTx
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Reported fraud
24. WITH { txid:"0501524400006"} AS unrecognizedTx
MATCH (tx:Transaction { txid: unrecognizedTx.txid })
SET tx:FraudTx
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Reported fraud
25. WITH { txid:"0501524400006"} AS unrecognizedTx
MATCH (tx:Transaction { txid: unrecognizedTx.txid })
SET tx:FraudTx
Tx
Tx
Tx
Tx
Fraud
Fraud
Data load: Reported fraud
26.
27. MATCH (term:Terminal)<-[:IN_TERMINAL]-(t)-[n:NEXT*]->(:FraudTx)
WITH term , count(distinct t.cardno) as ct,
min(t.timestamp) as mindate, max(t.timestamp) as maxdate
WHERE ct > 1
MATCH (term)<-[:IN_TERMINAL]-(otherTx)
WHERE otherTx.timestamp < maxdate and otherTx.timestamp > mindate
RETURN term.tid AS terminal,mindate,maxdate,
100 * ct / COUNT(DISTINCT otherTx.cardno) AS impact,
(maxdate - mindate)/(24*3600000) as timewindow
ORDER BY impact DESC, timewindow DESC
Query: Fraud origination at terminal level
28. MATCH (term:Terminal)<-[:IN_TERMINAL]-(t)-[n:NEXT*]->(:FraudTx)
WITH term , count(distinct t.cardno) as ct,
min(t.timestamp) as mindate, max(t.timestamp) as maxdate
WHERE ct > 1
MATCH (term)<-[:IN_TERMINAL]-(otherTx)
WHERE otherTx.timestamp < maxdate and otherTx.timestamp > mindate
RETURN term.tid AS terminal,mindate,maxdate,
100 * ct / COUNT(DISTINCT otherTx.cardno) AS impact,
(maxdate - mindate)/(24*3600000) as timewindow
ORDER BY impact DESC, timewindow DESC
Query: Fraud origination at terminal level
29. MATCH (term:Terminal)<-[:IN_TERMINAL]-(t)-[n:NEXT*]->(:FraudTx)
WITH term , count(distinct t.cardno) as ct,
min(t.timestamp) as mindate, max(t.timestamp) as maxdate
WHERE ct > 1
MATCH (term)<-[:IN_TERMINAL]-(otherTx)
WHERE otherTx.timestamp < maxdate and otherTx.timestamp > mindate
RETURN term.tid AS terminal,mindate,maxdate,
100 * ct / COUNT(DISTINCT otherTx.cardno) AS impact,
(maxdate - mindate)/(24*3600000) as timewindow
ORDER BY impact DESC, timewindow DESC
Query: Fraud origination at terminal level
30. MATCH (term:Terminal)<-[:IN_TERMINAL]-(t)-[n:NEXT*]->(:FraudTx)
WITH term , count(distinct t.cardno) as ct,
min(t.timestamp) as mindate, max(t.timestamp) as maxdate
WHERE ct > 1
MATCH (term)<-[:IN_TERMINAL]-(otherTx)
WHERE otherTx.timestamp < maxdate and otherTx.timestamp > mindate
RETURN term.tid AS terminal,mindate,maxdate,
100 * ct / COUNT(DISTINCT otherTx.cardno) AS impact,
(maxdate - mindate)/(24*3600000) as timewindow
ORDER BY impact DESC, timewindow DESC
Query: Fraud origination at terminal level
32. WITH { tid : '2373743-7', from: 1487340089000, to:
1488039852000 } AS compTerm
MATCH (term:Terminal { tid: compTerm.tid} )<-[:IN_TERMINAL]-(t)
WHERE NOT (t)-[:NEXT*]->(:FraudTx)
AND t.timestamp > compTerm.from
AND t.timestamp < compTerm.to
RETURN distinct t.cardno AS cardAtRisk
Query: Proactive prevention
33. WITH { tid : '2373743-7', from: 1487340089000, to:
1488039852000 } AS compTerm
MATCH (term:Terminal { tid: compTerm.tid} )<-[:IN_TERMINAL]-(t)
WHERE NOT (t)-[:NEXT*]->(:FraudTx)
AND t.timestamp > compTerm.from
AND t.timestamp < compTerm.to
RETURN distinct t.cardno AS cardAtRisk
Query: Proactive prevention
34. WITH { tid : '2373743-7', from: 1487340089000, to:
1488039852000 } AS compTerm
MATCH (term:Terminal { tid: compTerm.tid} )<-[:IN_TERMINAL]-(t)
WHERE NOT (t)-[:NEXT*]->(:FraudTx)
AND t.timestamp > compTerm.from
AND t.timestamp < compTerm.to
RETURN distinct t.cardno AS cardAtRisk
Query: Proactive prevention