A company called Ravelin offers services towards wire fraud detection. Wire fraud is defined as crime done electronically; you may know it as stealing credit card information. This is the process by which scammers would acquire credit card information from unsuspecting victims and use them as their own payment methods. Ravelin attempts to mitigate the damages by compiling a database of various data such as persons and spending habits to graph trends. Normal spending behavior may differ from person to person, but it is predictable in sense of a pattern. Ravelin uses this information to build a graph network using nodes and edges. By doing so, the resulting graphs will form trends and patterns which differ between normal activity and those which exhibit malicious activity.
One of the graphs may look at what you use your credit card for and connect your credit card transfers as edges to the recipients that are nodes. “Fraudsters” as Ravelin labels them are typically strongly connected component, which is to say they typically know each other, or are using the same methods and tactics. Because they operate similarly with each other their patterns are very distinct but spontaneous. In one example, a spontaneous large amount of orders on multiple computer generated accounts were made to a book store with a shipping address that all lead to the same location. Upon detecting a sudden influx of the exact same transaction, further research found the destination to be a market for illegal goods as well as a forum where the fraudsters planned the whole ordeal.
Other techniques include monitoring growth of a network, since family doesn’t often multiply; their growth is slow in contrast to the fast growing scale in which a scam operation needs to turn a profit. As you may have surmised, placing multiple orders on the same account will look suspicious, while placing multiple purchases on multiple generated accounts will also seem suspicious when paying with the same credit card. These bridges connecting the graph from customer, payment, and location are obvious signs that fraud has taken place. They are easy to spot and typically can be traced back to fraud rings, which are criminals who work together.
In summary, graph networks are can be used to run analytics and determine the probability in which fraud may be taking place. The connections which exhibit fraud typically form graphs which differ in shape compared to normal user activity. Fraud networks are clustered, grows very quickly, and has smaller number of bridges relative to the size of connected clusters. This makes them easy to detect and narrow down fraudulent cyber activity.
Source: https://www.ravelin.com/insights/link-analysis-and-graph-database-for-fraud-detection