The Network Strikes Back: How Graph-Based Rules Outsmart Modern Fraud

Fraud is no longer a problem confined to a single transaction or individual—it's a network problem.

‍

Fraudsters carefully study static rules and restrictions before launching large-scale attacks. These bad actors now operate more sophisticated schemes, often involving multiple individuals to execute identity theft, money laundering, and other scams.

‍

Graph-based rules help connect the dots, uncovering relationships between accounts and users. Every transaction, change in personally identifiable information (PII), login session, or account update can serve as a critical clue in exposing large-scale fraud rings within a financial institution.

‍

Why We’re Talking About Graph-Based Rules

Fraud prevention has historically been done using traditional static rules. If this set of circumstances happens, trigger an alert. Analysts are then forced to spend time digging into history, combing through previous transactions, and trying to determine if the payment/account opening is possible fraud. It’s time-consuming as these rules are static in nature and don’t evolve with the ever-changing fraud landscape. The rules must continually be adjusted and tested, and usually present a large number of false positives.

‍

As fraudsters have continued to adapt and change tactics, static rules may catch a one-off fraudulent transaction, but lack the ability to see the full scope. These rules, even when assisted with some machine learning, often don’t pick up on patterns and interconnected data. Enter network analysis.

‍

What is Network Analysis (And Why It’s Powerful But Limited)?

Network analysis (also known as Link analysis) is a powerful tool that pieces together different data points to help uncover fraudulent activity. Instead of looking at pieces of data individually, such as a transaction or a user, network analysis looks for patterns and activity across different data points to identify relationships. Linking together multiple data points can help with identifying more complex schemes, such as money laundering or other fraud rings working together.

‍

Network analysis helps bring things together to show how users may be related to other users, businesses, IP addresses, emails, and more. It gives a broader picture of the behavior of the user and the interconnectedness of this behavior. Perhaps two users are using the same device or IP address. This behavior might make sense if they are husband and wife, for example, but may not make sense if these two people are supposedly not related. It’s even more unlikely that ten people would be sharing the same device. Seeing these relationships is next to impossible with standalone rules that look at one user and one user only.

‍

These analyses commonly use data visualization to easily find connections. It’s a visual display of information to communicate complex relationships and data-driven insights in a way that is fast and easy to understand. The human mind perceives images and graphs much better and faster than simple text reports and charts. In fact, a joint study between the University of Minnesota and 3M found that the human brain processes images 60,000 times faster than text, and visuals helped improve learning by up to 400%. Data visualization is an extremely useful approach when it comes to decision-making.

‍

The more data there is, the harder it can be to sift through and fraudsters are able to camouflage activity. The power of network analysis allows financial institutions to spot hidden rings, identify farming (creating multiple user accounts controlled by one entity), and repeat actors. The catch: this tool is uncovering existing relationships. It’s more retrospective, which is great for investigating and detecting fraud. However, it’s not as useful for fraud prevention. 

‍

Network analysis is often used as part of the investigation of an alert, instead of using it to help alert before the fact. In addition, many risk teams do not have the technical background to give them comfort in querying databases, writing code, and deploying strategies looking for commonalities between different users in databases. Hence, graph-based rules were born.

‍

What Makes Graph-Based Rules Different

Graph-based rules (GBRs) combine the ideas of data visualization and link analysis into a powerful, effective tool for risk and compliance teams to use to proactively identify and alert on potential fraudulent behavior. GBRs allow organizations to uncover potential risks by analyzing how entities are interconnected with their data. Once suspicious accounts, users, or entities are identified, they can be labeled with tags that allow rules to be automatically applied. GBRs allow teams to visually build what they think is high-risk and deploy that rule within minutes without the need for deep technical skills.

‍

Teams move from not just visualizing the connections, but being able to use them to stop fraud in real-time. Leveraging GBRs can help organizations build a better fraud strategy by helping their risk teams make data-driven, accurate decisions in the shortest amount of time to prevent financial loss. Graphs can make sense of complex data and tell compelling stories, which helps improve decision-making. As fraudsters shift and try to avoid common rules in place, they may change their associated data, re-use techniques, and evade detection. GBRs can help identify bad actors even as they change their associated data points.

‍

Moving from detection to prevention enables faster intervention by fraud teams and fewer manual investigations. Teams can focus on actionable insights to stop fraud before it happens or spreads.

‍

How It Works in Unit21

Unit21 assists fraud teams by providing multiple options for rule building. There are simple rules that users can create, as well as out-of-the-box rules that can be employed. There’s the dynamic model builder that allows teams to design rules by creating formulas using variables and trigger conditions, allowing financial institutions to be more surgical in designing trigger conditions. However, they also offer graph-based rules to map out fraudulent networks and spot sophisticated fraud schemes through entity link analysis.

‍

Unit21’s GBRs allow teams to visually uncover how entities are interconnected through data. Once suspicious accounts are identified, they can be labeled with tags that allow risk teams to create rules automatically to prevent those fraudsters from accessing the platform with different information. GBRs can be used in multiple use cases, such as ban evasion and fraud ring detection.

‍

The graph-based rules as part of the built-in rule engine, no need to purchase additional components. There’s no code interface, which means fraud teams can deploy rules without requiring engineers. Plus, it's easy to write the rules and test them prior to deployment. Teams can use “shadow mode”, which allows them to validate the rules without any risk to production. Writing a team’s GBRs allows teams to dig deeper and fine-tune what they are seeing, and where they want to focus, depending on the risk of individual financial institutions.

‍

Graph-Based Rules in Action (Fictional Use Cases)

Let’s look at a few use cases on how graph-based rules can help identify fraud.

‍

Marketplace:

• A seller banned for abuse signs up with a slightly new name and email.
• GBR spots the overlap in device/IP, shared buyer history, and triggers a pre-onboarding block.

‍

Fintech Lending App:

• A fraud ring applies for loans under slightly varied synthetic IDs.
• GBR connects them via shared bank accounts and past phone numbers before disbursement.

‍

Credit Union:

• A member routes ACH transfers through multiple newly created accounts.
• GBR identifies the layering pattern early and prevents the next step in the chain.

‍

Why This Changes Everything

The fraud landscape is ever changing, ever evolving. Static-based rules cannot keep up, so how does deploying GBRs change the game?

‍

GBRs save time by catching coordinated fraud before it spreads. Teams can pinpoint patterns, allowing them to dig in deeper and alert them to possible collaboration. GBRs also empower fraud teams to build smarter rules faster, without development cycles and the use of an engineering team. Analysts don’t have to be experts in code, but can easily deploy and test the rules to fine-tune them. Plus, these rules help stay ahead of attackers, adapting faster than ever before. 

‍

GBRs take existing effective tools and combine them into one powerful method that changes a reactive process into a proactive one in identifying and preventing fraud. These rules can be customized according to the financial institution’s needs, customer profile, appetite for risk, and what makes sense for them, transforming data into actionable insights. Don’t just detect fraud, prevent it with graph-based rules.