alphaspirit - Fotolia


Graph databases could prove invaluable to fraud investigation process

The fraud investigation process remains complicated for companies, but graph databases' information management techniques can help collect and manage valuable evidentiary data.

Fraud continues to be a significant drain on the economy, and its effects are increasingly insidious: The number of fraud attempts is growing, while the percentage of revenues lost to fraud is increasing. According to the 2016 LexisNexis True Cost of Fraud Study, in 2015 U.S. merchants reported an 8% increase over the prior year in the cost per dollar of fraud losses, from $2.23 to $2.40. This means that for every dollar of losses due to fraud, merchants are losing $2.40 based on chargebacks, fees and merchandise replacement.

There are different types of fraudulent behaviors across industries. A common fraud pattern in the online retail industry is called "friendly fraud," in which purchases are made using a credit card, then are soon pulled back by the purchaser who claims that the transaction was not made by them because their credit card or identity was stolen. Despite getting reimbursed for the transaction, they still keep the products that were purchased. Another example is health insurance fraud, when a healthcare provider submits claims for services that were not performed or for more expensive services than the ones that were provided.

Both of these examples exhibit one similarity: a single instance of the fraudulent behavior is indistinguishable from valid instances of similar transactions. For every criminal that initiates a fraudulent chargeback, there are going to be a number of valid cases where a stolen credit card was used to make a purchase and the customer's reimbursement should be processed. For every upcharge submitted by a physician, there will be other cases where the higher level of service was necessary and provided, so therefore the claim should be paid.

Reducing the impacts of fraud has inspired many organizations to consider different approaches to detect suspicious behavior earlier to ferret out fraudulent activities. There are a variety of analytics technologies positioned to improve the fraud investigation process. The more glamorous fraud detection/prevention tools focus on analyzing historical and ongoing streaming transaction data: They look for fraud by scanning for behavior patterns that are known to be fraudulent, patterns of behavior that appear to be suspicious, or activities that are outside the realm of normal operations.

Analyzing, detecting and managing fraud forces organizations, and especially retailers, to walk a very fine line. Proactive measures can be put into place to detect potential fraudulent activity and trigger processes that short-circuit fraudulent transactions before they are completely processed. On the other hand, one does not want the fraud investigation process to slow down the business or, as implied by our previously cited examples, disrupt the relationship with a customer.

Making a wrong choice and denying a legitimate customer's transaction may provoke that customer to take his or her business elsewhere, thereby cutting off that customer's lifetime value. That means that in addition to the analysis and detection, there must also be a way to assemble a case that allows your investigators to rapidly determine whether a detected anomaly is true fraud, or is just a peculiarity.

In other words, once a suspicious pattern is identified, there are some concrete steps that must be taken to examine the situation and determine if a fraudulent act has taken place. If fraud is detected, then there must be specific processes to collect and organize the data required for taking action.

The graph database can be continuously populated with information about suspicious behaviors and suspected fraudsters.

One method may be familiar from a number of crime movies and television shows: Investigators can carefully assemble an evidence board containing images, documents and maps, then draw lines showing how they are connected. When presented with a situation of potential fraud, the investigator will similarly want to gather more information about the suspect, that suspect's activities (such as the other products purchased), as well as relationships with other individuals (who may or may not exhibit similar suspicious behavior). To help, fraud investigators can use graph databases to further investigations and to help collect and manage the information that demonstrates the evidence against an identified suspect.

Graph databases are NoSQL data management systems designed to capture, represent and answer questions about entities and their relationships. A graph database storage model's design captures the nodes and the links among those nodes. The system is engineered to optimize the data model to not just represent the nodes and the links but also to efficiently capture their associated attributes and properties -- such as a time at which a transaction was made, or the size and color of a product.

Graph databases support the fraud investigation process in a number of ways:

Documentation of relationships: The graph database simplifies the method of logging a relationship between two entities by virtue of the data model. If two individuals are related in some way, simply add a link into the database and add the characteristics of that relationship (such as sharing a household, family relationships, employer-employee relationships, etc.) as properties of that link.

Search and discovery of relationships: The storage model is also designed for fast traversal of the graph, as well as the application of algorithms to uncover insights about entities, their properties and their transitive relationships. For example, an algorithm that looks for paths between different nodes might demonstrate that even though the suspect is not directly associated with any other known criminals, there is a path that shows an indirect connection to other unsavory characters.

Documentation of evidence: When conducting fraud investigations, one might have pieces of information that originate outside of internal systems but is of importance to establishing a case. One example might be a police record associated with some prior illegal activity that lends credence to the suspicion. That document can be easily added into the graph database and linked to the individual's node.

Virtual evidence board: Most graph databases either come with an integrated visualizer or are easily connected to a visualization tool that displays the nodes and their links. This allows the investigator to view their virtual evidence board that can help in quickly making the determination about allowing transactions to go through or not.

The graph database can be continuously populated with information about suspicious behaviors and suspected fraudsters, allowing you to build a repository that can be leveraged over time to see if the same individuals are investigated, or if investigated individuals are somehow associated. This creates a growing knowledge base that can continue to support the fraud investigation process.

Next Steps

More on graph databases:

Panama Papers revealed by graph database software

What are the graph database benefits for CIOs?

Graph databases: A ComputerWeekly buyer's guide

Dig Deeper on Information technology governance