Thank you! Your submission has been received
As payments happen more instantly, financial crime has become more connected, moves faster, and is tougher to spot using only rules that look at single transactions. Fraud today deeply involves understanding behavioral relationships: who deals with whom, how frequently, how recently, and in what kinds of patterns. This goes beyond looking at unusual activities by themselves.
This is where using graph-powered entity analytics, which means looking at accounts and transactions like a network map, provides a new way to see things. By viewing financial transactions as links between "entities" (like accounts or people) in a network, financial institutions (FIs) can find patterns that older rule systems don't catch. These include complex money laundering schemes (like multi-hop laundering where money moves through many accounts), quick changes in who receives money (rapid beneficiary switching), money moving in circles (circular fund flows), and groups of fake accounts (synthetic identity clusters).
This article explains three main methods fraud teams can now use, and how these methods improve their ability to find, investigate, and stop fraud.
1. Entity Centrality: Spotting the Hubs
What it is:
In network analysis, in-degree centrality helps us understand how many unique connections point to a specific item. In fraud terms, this means looking at how many different senders have recently sent money to a particular account or wallet.
Why it matters:
Finding Mule Accounts: A high centrality score often shows an account is acting as a collection point. This is common in schemes where fraudsters gather many accounts (account farming), run scams, or set up ways to launder money.
Detecting Unusual Activity: If an account that usually has little activity suddenly starts receiving money from many different sources, it’s a warning sign based on its behavior.
Focusing Investigations: When looking into a large fraud case, centrality scores can help investigators concentrate on the most important connection points in the network.
Example:
A digital wallet in Nigeria gets small payments from 17 different wallets over two hours. These sending wallets have almost no past transaction history. The centrality score for the receiving wallet quickly rises, flagging it for review. This review connects the wallet to a group involved in a phishing scam.
2. Top Beneficiary Lookups: Seeing Relationship Strength Quickly
What it is:
This is a straightforward yet effective idea. By listing and ranking who an account sends money to or receives money from most often over a period, you can quickly determine if the transaction patterns look normal or like fake activity.
Why it matters:
Spotting Synthetic Dispersal: If one account sends the same amount of money to many different wallets, it’s likely an attempt to hide money by spreading it out (a technique called layering).
Identifying Coordinated Agent Activity: An account getting money from numerous POS (Point of Sale) agents might be involved in an organized withdrawal scheme.
Uncovering Hidden Payouts: Repeated small payments to the same person or account often don't trigger alerts based on single transaction amounts. However, these stand out when you look at the strength of the relationship.
Use in investigations:
Investigators can immediately see unusual patterns (like many accounts sending to one, or one account sending to many). These patterns can suggest activities like structuring (making many small transactions to avoid limits), smurfing (using many people for small transactions), or money laundering.
3. Entity Graph Traversal: Seeing the Shape of Suspicion
What it is:
By mapping all transactions between accounts and people into a network map that shows the direction of money flow (a directional graph), and then following these connections (traversing it) from a specific account, fraud teams can see and examine:
Who an account deals with directly (immediate counterparties).
Who those direct connections then deal with (counterparties of counterparties).
Patterns like money moving in circles (loops), closely connected groups (cliques), and transaction chains that go through several steps (paths that extend several hops).
Why it matters:
Reveal Laundering Paths: Money moving in circles often shows an attempt to make illicit funds look legitimate or to confuse who really owns the money.
Find Groups of Fake Accounts: If, for example, 10 digital wallets only transact with each other and never with the wider financial system, they form an isolated "island." This is a strong warning sign of a synthetic cluster.
Make Stronger Cases for Reporting: Evidence from graph analysis helps justify escalating a case as high risk, especially for patterns that are hard to explain using only simple transaction rules. This is valuable for creating Suspicious Transaction Report (STR) narratives.
Beyond Rules: Why This Matters
Traditional rule-based systems are good at catching known fraud patterns, especially when their limits (thresholds) are set correctly. But they often fail to see:
Fraud activities coordinated across different channels (e.g., online and mobile).
Money laundering that involves multiple steps or accounts.
Misuse of accounts due to social engineering (tricking people) or coercion (forcing people).
Graph-powered methods add more insight:
Understanding Network Structure: They show not only what happened in a transaction, but also how an account or person is positioned within the larger network.
Seeing Behavioral Context: They provide a timeline of transaction patterns, offering a bigger picture than just one isolated transaction.
Clear Explanations: They help explain why a case is suspicious based on the network connections and structure, not just because a transaction crossed a certain money limit.
Where This Is Going
Forward-thinking fraud teams, particularly in active markets like Nigeria, Kenya, Ghana, and the UAE, are beginning to combine traditional scoring methods (based on individual signals) with indicators based on relationships:
Using centrality scores to flag accounts with unusually high incoming transaction volume.
Adding profiles of top senders/receivers into their risk scoring models.
Summaries of graph shapes and patterns can be used to give investigators a head start or to help fill out documentation for suspicious transaction reports.
This change is similar to what has already happened in other areas like cybersecurity, and social media safety, which have adopted network-focused threat detection.
Practical Considerations
To start using these graph-based approaches:
Begin by organizing your transaction data around accounts/people (entities) and those they transact with (counterparties).
Calculate basic centrality scores and lists of top counterparties as new data features.
Make graph views available through analytics dashboards or by using database queries that can trace connections.
Train analysts to understand not just individual alerts, but the relationships and network patterns behind them.
A Note on Tools
Some modern transaction monitoring platforms, such as Loci, offer built-in entity intelligence tools through APIs:
Real-time centrality scoring.
Lookups of top beneficiaries (receivers) with options to filter by time.
Graph traversal tools are available on demand to explore connections.
These features can help power rule systems, provide information for analyst dashboards, and assist in creating documentation for suspicious transaction reports, improving both fraud detection and the ability to explain why something is flagged.
Final Thought
Graph analytics significantly enriches rule-based logic rather than replacing it. For financial institutions that are serious about fighting modern fraud, it provides the necessary visibility to understand not just what happened in a single transaction, but how that transaction fits into a larger, often hidden, network structure.
The fight against fraud now deeply involves understanding these network structures (topologies), in addition to individual transaction events.