CN113159778A - Financial fraud detection method and device - Google Patents
Financial fraud detection method and device Download PDFInfo
- Publication number
- CN113159778A CN113159778A CN202011552836.4A CN202011552836A CN113159778A CN 113159778 A CN113159778 A CN 113159778A CN 202011552836 A CN202011552836 A CN 202011552836A CN 113159778 A CN113159778 A CN 113159778A
- Authority
- CN
- China
- Prior art keywords
- node
- account
- abnormal
- graph
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 29
- 230000002159 abnormal effect Effects 0.000 claims abstract description 84
- 238000003062 neural network model Methods 0.000 claims abstract description 20
- 238000004364 calculation method Methods 0.000 claims abstract description 18
- 238000000034 method Methods 0.000 claims description 31
- 230000000875 corresponding effect Effects 0.000 claims description 23
- 230000002596 correlated effect Effects 0.000 claims description 5
- 230000006978 adaptation Effects 0.000 description 6
- 210000002268 wool Anatomy 0.000 description 6
- 230000009286 beneficial effect Effects 0.000 description 5
- 238000005065 mining Methods 0.000 description 5
- 230000008520 organization Effects 0.000 description 4
- 230000000644 propagated effect Effects 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 2
- 238000004220 aggregation Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013479 data entry Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/018—Certifying business or products
- G06Q30/0185—Product, service or business identity fraud
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Biophysics (AREA)
- Computing Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Biomedical Technology (AREA)
- Marketing (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Entrepreneurship & Innovation (AREA)
- Computer Security & Cryptography (AREA)
- Technology Law (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The disclosure provides a financial fraud detection method and device, relates to the field of financial wind control, and can solve the problem that financial fraud groups are difficult to identify in the prior art. The specific technical scheme is as follows: firstly, acquiring target map data; then, carrying out graph neural network model learning on the target graph data to obtain an abnormal account; according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant; and finally, executing a graph algorithm on the target graph data according to the abnormal commercial tenant to obtain the associated commercial tenant and the associated account. The present disclosure is used for detection of financial fraud.
Description
Technical Field
The disclosure relates to the technical field of financial wind control, in particular to a financial fraud detection method and device.
Background
At present, the group partner operation becomes a serious problem in the field of financial fraud, and a plurality of group partner organizations such as retail terminal pos machine card raising group partner can be excavated in the cases of cash register, illegal obtaining legalization, malicious wool pulling and the like.
In the field of financial anti-fraud, monitoring and identifying of anomalies are generally based on a complex rule model, a large number of identification strategies are written by using experience of business personnel, and malicious targets are captured by adjusting a threshold and a weight. The scheme is difficult to maintain and poor in accuracy, more importantly, judgment and prediction can be performed only by taking a single target as an object generally, and a possibly existing malicious fraud organization is difficult to grasp from a group perspective.
Disclosure of Invention
The embodiment of the disclosure provides a financial fraud detection method and device, which can solve the problem that financial fraud groups are difficult to identify in the prior art. The technical scheme is as follows:
according to a first aspect of embodiments of the present disclosure, there is provided a financial fraud detection method, including:
acquiring target map data;
carrying out graph neural network model learning on the target graph data to obtain an abnormal account;
according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant;
and running a graph algorithm on the target graph data according to the abnormal merchant to obtain an associated merchant and an associated account.
The financial fraud detection method provided by the embodiment of the disclosure comprises the steps of firstly obtaining target graph data; then, carrying out graph neural network model learning on the target graph data to obtain an abnormal account; according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant; and finally, executing a graph algorithm on the target graph data according to the abnormal commercial tenant to obtain the associated commercial tenant and the associated account. After the single abnormal account and the abnormal commercial tenant are obtained, the malicious and fraudulent group partners are mined through the graph algorithm by the target graph data. The method has multiple and flexible adaptation scenes, and can prevent various cases of legalization, wool pulling, cash withdrawal and the like caused by illegal acquisition, and the method is easy to maintain, and the mining of the group dimension is also beneficial to further analysis and control of related business personnel.
In one embodiment, acquiring the target graph data comprises:
acquiring original data, wherein the original data comprises debit card information and credit card information of an account and transaction flow information corresponding to the account;
adding node features and edge features to the original data to obtain a graph database, wherein the node features comprise accounts and merchants, and the edge features comprise transaction flow information;
extracting the target map data in the map database.
According to the method, the original data are obtained, and the node characteristics and the edge characteristics are added to the original data to form the graph database.
In one embodiment, after performing graph neural network model learning on the target graph data, the method further comprises:
and obtaining the weight value of each two adjacent node connecting edges in the target graph data.
In one embodiment, performing graph calculation on the target graph data according to the abnormal account, and obtaining an abnormal merchant includes:
and according to the abnormal account, carrying out graph calculation based on account node characteristics, merchant node characteristics and transaction flow information side characteristics on the target graph data to obtain an abnormal merchant, wherein the transaction flow information at least comprises one of transaction amount, transaction type and transaction degree.
In one embodiment, running a graph algorithm on the target graph data according to the abnormal merchant, and obtaining an associated merchant and an associated account includes:
acquiring an association value of an ith starting node and N destination nodes corresponding to a first-order neighbor node of the ith starting node, wherein i is more than or equal to 1, and N is more than or equal to 1;
acquiring an association value of each destination node in the N destination nodes, wherein the association value of each destination node is an association value of the ith departure node and a weight value of a connecting edge between the ith departure node and the destination node;
determining each destination node in the N destination nodes as an i +1 th starting node, and acquiring a correlation value of the i +1 th starting node and M destination nodes corresponding to first-order neighbor nodes of the i +1 th starting node, wherein M is larger than or equal to 1;
after repeating the preset times, outputting the commercial tenant of which the correlation value is greater than or equal to a first preset threshold value, the fraudulent transaction quantity is greater than a second preset threshold value, and the proportion of the fraudulent transaction quantity is greater than a third preset threshold value, and determining the commercial tenant as a correlated commercial tenant;
and outputting the correlation value which is greater than or equal to a fourth preset threshold value, determining the correlation value as the account of the abnormal account, and determining the correlation value as the correlation account.
In one embodiment, when i is 1, the ith departure node is the abnormal merchant, and the association value of the ith departure node is set to be a fifth preset threshold.
According to a second aspect of the embodiments of the present disclosure, there is provided a financial fraud detection apparatus, including a first obtaining module, a second obtaining module, a third obtaining module, and a fourth obtaining module;
the first acquisition module is used for acquiring target map data;
the second acquisition module is used for carrying out graph neural network model learning on the target graph data to acquire an abnormal account;
the third obtaining module is configured to perform graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant;
the fourth obtaining module is configured to run a graph algorithm on the target graph data according to the abnormal merchant, and obtain an associated merchant and an associated account.
The financial fraud detection device provided by the embodiment of the disclosure comprises a first acquisition module, a second acquisition module, a third acquisition module and a fourth acquisition module; a first acquisition module acquires target map data; the second acquisition module performs graph neural network model learning on the target graph data to acquire an abnormal account; the third acquisition module performs graph calculation on the target graph data according to the abnormal account to acquire an abnormal merchant; and the fourth acquisition module runs a graph algorithm on the target graph data according to the abnormal merchant to acquire the associated merchant and the associated account. After the single abnormal account and the abnormal commercial tenant are obtained, the malicious and fraudulent group partners are mined through the graph algorithm by the target graph data. The method has multiple and flexible adaptation scenes, and can prevent various cases of legalization, wool pulling, cash withdrawal and the like caused by illegal acquisition, and the method is easy to maintain, and the mining of the group dimension is also beneficial to further analysis and control of related business personnel.
In one embodiment, the first obtaining module is specifically configured to obtain original data, where the original data includes debit card information and credit card information of an account, and transaction flow information corresponding to the account;
adding node features and edge features to the original data to obtain a graph database, wherein the node features comprise accounts and merchants, and the edge features comprise transaction flow information;
extracting the target map data in the map database.
In an embodiment, the second obtaining module is further configured to obtain a weight value of a continuous edge between every two adjacent nodes in the target graph data.
In one embodiment, the fourth acquisition module includes a first acquisition unit, a second acquisition unit, a determination unit, and an output unit:
the first obtaining unit is used for obtaining the correlation value of the ith starting node and N destination nodes corresponding to first-order neighbor nodes of the ith starting node, wherein i is more than or equal to 1, and N is more than or equal to 1;
the second obtaining unit is configured to obtain an association value of each destination node in the N destination nodes, where the association value of each destination node is an association value of the ith departure node and a weight value of a connecting edge between the ith departure node and the destination node;
the determining unit is configured to determine each destination node of the N destination nodes as an i +1 th departure node;
the first obtaining unit is further configured to obtain an association value of an i +1 th starting node and M destination nodes corresponding to a first-order neighbor node of the i +1 th starting node, where M is greater than or equal to 1;
the output unit is used for outputting the commercial tenant of which the correlation value is greater than or equal to a first preset threshold value, the fraudulent transaction quantity is greater than a second preset threshold value, and the proportion of the fraudulent transaction quantity is greater than a third preset threshold value, and determining the commercial tenant as a correlated commercial tenant;
the output unit is further configured to output that the association value is greater than or equal to a fourth preset threshold, and the account is an account of the abnormal account and determined as an associated account.
According to a third aspect of embodiments of the present disclosure, there is provided a financial fraud detection apparatus, comprising a processor and a memory, the memory having stored therein at least one computer instruction, the instruction being loaded and executed by the processor to implement the steps performed in the financial fraud detection method according to any of the above-mentioned items.
According to a fourth aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium, having at least one computer instruction stored therein, the instruction being loaded and executed by a processor to implement the steps performed in the financial fraud detection method according to any of the above-mentioned embodiments.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flow chart of a method of detecting financial fraud provided by embodiments of the present disclosure;
FIG. 2 is a flow chart of a method for detecting financial fraud provided by embodiments of the present disclosure;
FIG. 3 is a block diagram of a financial fraud detection apparatus provided by an embodiment of the present disclosure;
fig. 4 is a block diagram of a financial fraud detection apparatus provided in an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of systems and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
Generally, for financial anti-fraud cases such as legalization, anti-cash-out, against various illegal results, consider general data entry including debit card, credit card information for accounts, transaction streamers, and information for acquiring merchants. The disclosure defines a malicious group organization as a network type group behavior formed by taking one or more malicious fraudulent merchants as the center, adding associated malicious fraudulent accounts and other fraudulent merchants associated with the accounts, and repeating and expanding the operations in sequence. Based on this, the disclosed embodiment provides a financial fraud detection method, as shown in fig. 1, the financial fraud detection method includes the following steps:
in one embodiment, acquiring the target graph data comprises:
acquiring original data, wherein the original data comprises debit card information and credit card information of an account and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction running information;
target map data is extracted from a map database.
Specifically, account debit card information, credit card information, transaction flow information, and the like in the relational database are derived and stored in a graph database representing a transaction network. The graph data structure consists of nodes and edges and their attributes, and in this disclosure, account and merchant information is stored in the form of nodes on the graph and transaction flow information is stored in the form of edges on the graph.
According to the method, the original data are obtained, and the node characteristics and the edge characteristics are added to the original data to form the graph database.
102, learning a graph neural network model for target graph data to obtain an abnormal account;
in the embodiment of the disclosure, graph data is extracted from a graph database and is imported into the existing graph neural network model for learning, so that a malicious mark, namely an abnormal account, for a single user is obtained, and whether the single user has abnormal behaviors or not is identified.
In one embodiment, after the graph neural network model learning is performed on the target graph data, the method further includes:
and obtaining the weight value of each two adjacent node connecting edges in the target graph data.
And 103, carrying out graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant.
In one embodiment, performing graph calculation on the target graph data according to the abnormal account, and obtaining the abnormal merchant includes:
and according to the abnormal account, performing graph calculation based on account node characteristics, merchant node characteristics and transaction flow information side characteristics on the target graph data to obtain the abnormal merchant, wherein the transaction flow information at least comprises one of transaction amount, type and entrance and exit degree.
Specifically, target graph data is extracted from a graph database, and a merchant suspected to be in a malicious and fraudulent group organization, namely an abnormal merchant, is obtained based on account, merchant and graph calculation of transaction information correlation attributes (including transaction amount, type, access degree and the like).
And step 104, running a graph algorithm on the target graph data according to the abnormal merchant to obtain the associated merchant and the associated account.
In one embodiment, running a graph algorithm on the target graph data according to the abnormal merchant, and obtaining the associated merchant and the associated account includes:
acquiring an association value of an ith starting node and N destination nodes corresponding to first-order neighbor nodes of the ith starting node, wherein i is more than or equal to 1, and N is more than or equal to 1;
acquiring a correlation value of each destination node in the N destination nodes, wherein the correlation value of each destination node is a correlation value of the ith departure node and a weight value of a connecting edge of the ith departure node and the destination node;
determining each destination node in the N destination nodes as an i +1 th starting node, and acquiring a correlation value of the i +1 th starting node and M destination nodes corresponding to first-order neighbor nodes of the i +1 th starting node, wherein M is more than or equal to 1;
after repeating the preset times, outputting the commercial tenant of which the correlation value is greater than or equal to a first preset threshold value, the fraudulent transaction quantity is greater than a second preset threshold value, and the proportion of the fraudulent transaction quantity is greater than a third preset threshold value, and determining the commercial tenant as a correlated commercial tenant;
and the output association value is greater than or equal to a fourth preset threshold value, is an account of the abnormal account, and is determined to be an associated account.
In one embodiment, when i is 1, the ith departure node is an abnormal merchant, and the association value of the ith departure node is set to be a fifth preset threshold.
In this step, based on the abnormal merchant, a graph algorithm is run to complete the propagation and aggregation of information, and the associated account and the associated merchant with a larger association degree with the abnormal merchant are output.
Specifically, the method acts on the extracted abnormal merchant.
(a) The initial "relevance value" scores of all nodes are set to be a fifth preset threshold, and in this embodiment, the relevance value may be set to be 0.
(b) The abnormal merchant node is taken as a starting node for the first time, and a plurality of first-order adjacent nodes of the abnormal merchant node are taken as a destination node set. And (3) performing score propagation on the starting node to the destination node, recording the weight value of the connecting edge of the starting node and the destination node as a propagation value, and calculating the association value of each destination node as the sum of the association value and the propagation value of the starting node according to the propagation value obtained by the graph neural network model.
(c) The new set of starting nodes is the destination node propagated last time, and the new set of destination nodes is the first-order neighbor of the new set of starting nodes. The starting node set does not contain the repeated elements, and the destination node set can contain the repeated elements.
(d) And finishing after repeating for multiple times. Outputting a plurality of suspicious merchant nodes, namely associated merchants, wherein the associated value is greater than or equal to a first preset threshold, the number of fraudulent transactions is greater than a second preset threshold, and the proportion of the number of fraudulent transactions is greater than a third preset threshold; and outputting a plurality of account nodes, namely associated accounts, of which the correlation value is greater than or equal to a fourth preset threshold and the abnormal accounts are added by the graph neural network model.
The financial fraud detection method provided by the embodiment of the disclosure comprises the steps of firstly obtaining target graph data; then, carrying out graph neural network model learning on the target graph data to obtain an abnormal account; according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant; and finally, executing a graph algorithm on the target graph data according to the abnormal commercial tenant to obtain the associated commercial tenant and the associated account. After the single abnormal account and the abnormal commercial tenant are obtained, the malicious and fraudulent group partners are mined through the graph algorithm by the target graph data. The method has multiple and flexible adaptation scenes, and can prevent various cases of legalization, wool pulling, cash withdrawal and the like caused by illegal acquisition, and the method is easy to maintain, and the mining of the group dimension is also beneficial to further analysis and control of related business personnel.
Another embodiment of the present disclosure provides a method for detecting financial fraud, as shown in fig. 2, the method for detecting financial fraud includes the following steps:
The account debit card information, credit card information, transaction flow information, and the like in the relational database are derived and stored in a graph database representing a transaction network. The graph data structure consists of nodes and edges and their attributes, and in this disclosure, account and merchant information is stored in the form of nodes on the graph and transaction flow information is stored in the form of edges on the graph.
And extracting graph data from the graph database, importing a graph neural network model for training to obtain a malicious mark aiming at a single user, and representing whether the single user has abnormal behaviors or not and the weight value of the connecting edge of every two adjacent nodes in the target graph data.
And extracting graph data from the graph database, and calculating based on the account, the merchant and graphs of related attributes of transaction information (including transaction amount, type, access degree and the like) to obtain the merchant suspected to be in the malicious and fraudulent group organization.
And based on the suspicious fraud merchant, executing a graph algorithm, completing the propagation and aggregation of information, and outputting an account and a merchant which are relatively high in association degree with the suspicious fraud merchant.
Regarding the graph algorithm, specifically, it acts on each suspected fraudulent merchant node extracted in (3).
(a) The concept of "relevance value" is introduced, and at the beginning, the scores of the "relevance value" of all the nodes are 0.
(b) For the first time, a specific suspicious fraud node is taken as a starting node, and a first-order neighbor node thereof is taken as a destination node. And (4) carrying out score propagation from the starting point to the destination point, wherein the score received by the destination point, namely the first-order adjacent node is a weighted value of a connecting edge with the expansion node and is marked as a propagation value.
(c) And updating the 'associated value' of a first-order neighbor node, namely the numerical sum of the original 'associated value' and the received 'propagation value'.
(d) The new set of starting nodes is the destination node propagated last time, and the new set of destination nodes is the first-order neighbor of the new set of starting nodes. Note that (i) the set of departure nodes does not include duplicate elements, and (ii) the set of destination nodes may include duplicate elements. (ii) Each node can only appear once at most in the set of departure nodes.
(e) And (c) the new starting node carries out score propagation to the new destination node, and the propagation and updating method is the same as the steps (b) and (c). And (d) updating the starting node set and the destination node set, wherein the method is the same as the step (d).
(f) And (e) repeating the step (e) for a plurality of times and ending. And outputting a plurality of suspicious merchant nodes of which the correlation values are greater than or equal to a first preset threshold, the fraudulent transaction quantity is greater than a second preset threshold, the proportion of the fraudulent transaction quantity is greater than a third preset threshold, and outputting a plurality of account nodes of which the correlation values are greater than or equal to a fourth preset threshold and which are added with suspicious malicious marks by the graph neural network model (namely, the mark output in the step 2). These merchants, accounts and target suspect fraudulent merchants constitute malicious fraudulent groups. Through manual verification, the accuracy is high.
With the continuous update of the graph neural network model in the prior art, the account mark is continuously updated, and the weights of the nodes and edges on the graph are also updated. Correspondingly, the graph algorithm continuously performs parallel computation, updates the suspicious malicious and fraudulent groups, and completes timing output for analysis and control of service personnel.
The financial fraud group detection algorithm based on the transaction map provided by the embodiment of the disclosure uses a graph data structure to represent target attributes in relational data and transaction flow information. On the premise of taking a graph neural network as a bottom model base, a malicious behavior tag for a single target is obtained, information is propagated and aggregated through the graph algorithm, and a sub-graph structure formed by a plurality of targets with high association is excavated, namely the sub-graph structure is a suspected malicious fraud group. The method has multiple and flexible adaptation scenes, and can prevent various cases of legalization, wool pulling, cash withdrawal and the like caused by illegal acquisition, and the method is easy to maintain, and the mining of the group dimension is also beneficial to further analysis and control of related business personnel.
Based on the financial fraud detection method described in the above embodiment corresponding to fig. 1 and fig. 2, the following is an embodiment of the apparatus of the present disclosure, which can be used to execute an embodiment of the method of the present disclosure.
The embodiment of the present disclosure provides a financial fraud detection apparatus, as shown in fig. 3, the apparatus 30 includes a first obtaining module 301, a second obtaining module 302, a third obtaining module 303, and a fourth obtaining module 304;
a first obtaining module 301, configured to obtain target map data;
the second obtaining module 302 is configured to perform graph neural network model learning on the target graph data to obtain an abnormal account;
a third obtaining module 303, configured to perform graph calculation on the target graph data according to the abnormal account, so as to obtain an abnormal merchant;
the fourth obtaining module 304 is configured to run a graph algorithm on the target graph data according to the abnormal merchant, and obtain the associated merchant and the associated account.
The financial fraud detection device provided by the embodiment of the disclosure includes a first obtaining module 301, a second obtaining module 302, a third obtaining module 303 and a fourth obtaining module 304; the first acquisition module 301 acquires target map data; the second obtaining module 302 performs graph neural network model learning on the target graph data to obtain an abnormal account; the third obtaining module 303 performs graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant; the fourth obtaining module 304 runs a graph algorithm on the target graph data according to the abnormal merchant, and obtains the associated merchant and the associated account. After the single abnormal account and the abnormal commercial tenant are obtained, the malicious and fraudulent group partners are mined through the graph algorithm by the target graph data. The method has multiple and flexible adaptation scenes, and can prevent various cases of legalization, wool pulling, cash withdrawal and the like caused by illegal acquisition, and the method is easy to maintain, and the mining of the group dimension is also beneficial to further analysis and control of related business personnel.
In one embodiment, the first obtaining module 301 is specifically configured to obtain raw data, where the raw data includes debit card information and credit card information of an account, and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction running information;
target map data is extracted from a map database.
In an embodiment, the second obtaining module 302 is further configured to obtain a weight value of a continuous edge between every two adjacent nodes in the target graph data.
In one embodiment, as shown in fig. 4, the fourth acquiring module 304 includes a first acquiring unit 3041, a second acquiring unit 3042, a determining unit 3043, and an output unit 3044:
a first obtaining unit 3041, configured to obtain an association value of an ith starting node and N destination nodes corresponding to a first-order neighbor node of the ith starting node, where i is greater than or equal to 1, and N is greater than or equal to 1;
a second obtaining unit 3042, configured to obtain an association value of each destination node in the N destination nodes, where the association value of each destination node is an association value of an ith departure node and a weight value of a connecting edge between the ith departure node and the destination node;
a determining unit 3043, configured to determine each destination node of the N destination nodes as an i +1 th departure node;
the first obtaining unit 3041 is further configured to obtain an association value of an i +1 th starting node and M destination nodes corresponding to a first-order neighbor node of the i +1 th starting node, where M is greater than or equal to 1;
an output unit 3044, configured to output, as a related merchant, a merchant whose associated value is greater than or equal to a first preset threshold, whose fraudulent transaction quantity is greater than a second preset threshold, and whose proportion of fraudulent transaction quantity is greater than a third preset threshold;
the output unit 3044 is further configured to output the account that is the abnormal account and has the correlation value greater than or equal to the fourth preset threshold, and is determined to be the correlation account.
Based on the financial fraud detection method described in the embodiment corresponding to fig. 1 and fig. 2, another embodiment of the present disclosure further provides a financial fraud detection apparatus, which includes a processor and a memory, where the memory stores at least one computer instruction, and the instruction is loaded and executed by the processor to implement the financial fraud detection method described in the embodiment corresponding to fig. 1 and fig. 2.
Based on the financial fraud detection method described in the embodiment corresponding to fig. 1 and fig. 2, an embodiment of the present disclosure further provides a computer-readable storage medium, for example, the non-transitory computer-readable storage medium may be a Read Only Memory (ROM), a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like. The storage medium stores at least one computer instruction for executing the financial fraud detection method described in the embodiment corresponding to fig. 1 and fig. 2, which is not described herein again.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (10)
1. A method of detecting financial fraud, the method comprising:
acquiring target map data;
carrying out graph neural network model learning on the target graph data to obtain an abnormal account;
according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant;
and running a graph algorithm on the target graph data according to the abnormal merchant to obtain an associated merchant and an associated account.
2. The method of detecting financial fraud of claim 1, wherein said obtaining target graph data comprises:
acquiring original data, wherein the original data comprises debit card information and credit card information of an account and transaction flow information corresponding to the account;
adding node features and edge features to the original data to obtain a graph database, wherein the node features comprise accounts and merchants, and the edge features comprise transaction flow information;
extracting the target map data in the map database.
3. The method of detecting financial fraud of claim 2, wherein after said learning a graph neural network model on said target graph data, said method further comprises:
and obtaining the weight value of each two adjacent node connecting edges in the target graph data.
4. The method for detecting financial fraud according to claim 2, wherein said performing graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant comprises:
and according to the abnormal account, carrying out graph calculation based on account node characteristics, merchant node characteristics and transaction flow information side characteristics on the target graph data to obtain an abnormal merchant, wherein the transaction flow information at least comprises one of transaction amount, transaction type and transaction degree.
5. The method for detecting financial fraud according to claim 3, wherein said executing a graph algorithm on the target graph data according to the abnormal merchant to obtain an associated merchant and an associated account comprises:
acquiring an association value of an ith starting node and N destination nodes corresponding to a first-order neighbor node of the ith starting node, wherein i is more than or equal to 1, and N is more than or equal to 1;
acquiring an association value of each destination node in the N destination nodes, wherein the association value of each destination node is an association value of the ith departure node and a weight value of a connecting edge between the ith departure node and the destination node;
determining each destination node in the N destination nodes as an i +1 th starting node, and acquiring a correlation value of the i +1 th starting node and M destination nodes corresponding to first-order neighbor nodes of the i +1 th starting node, wherein M is larger than or equal to 1;
after repeating the preset times, outputting the commercial tenant of which the correlation value is greater than or equal to a first preset threshold value, the fraudulent transaction quantity is greater than a second preset threshold value, and the proportion of the fraudulent transaction quantity is greater than a third preset threshold value, and determining the commercial tenant as a correlated commercial tenant;
and outputting the correlation value which is greater than or equal to a fourth preset threshold value, determining the correlation value as the account of the abnormal account, and determining the correlation value as the correlation account.
6. The method for detecting financial fraud according to claim 5, wherein when i is 1, the ith departure node is the abnormal merchant, and the association value of the ith departure node is set to a fifth preset threshold.
7. The financial fraud detection device is characterized by comprising a first acquisition module, a second acquisition module, a third acquisition module and a fourth acquisition module;
the first acquisition module is used for acquiring target map data;
the second acquisition module is used for carrying out graph neural network model learning on the target graph data to acquire an abnormal account;
the third obtaining module is configured to perform graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant;
the fourth obtaining module is configured to run a graph algorithm on the target graph data according to the abnormal merchant, and obtain an associated merchant and an associated account.
8. The apparatus of claim 7, wherein the first obtaining module is specifically configured to obtain raw data, the raw data including debit card information and credit card information of an account and transaction flow information corresponding to the account;
adding node features and edge features to the original data to obtain a graph database, wherein the node features comprise accounts and merchants, and the edge features comprise transaction flow information;
extracting the target map data in the map database.
9. The apparatus according to claim 8, wherein the second obtaining module is further configured to obtain a weight value of a continuous edge between every two adjacent nodes in the target graph data.
10. The financial fraud detection apparatus of claim 9, wherein the fourth acquisition module comprises a first acquisition unit, a second acquisition unit, a determination unit, and an output unit:
the first obtaining unit is used for obtaining the correlation value of the ith starting node and N destination nodes corresponding to first-order neighbor nodes of the ith starting node, wherein i is more than or equal to 1, and N is more than or equal to 1;
the second obtaining unit is configured to obtain an association value of each destination node in the N destination nodes, where the association value of each destination node is an association value of the ith departure node and a weight value of a connecting edge between the ith departure node and the destination node;
the determining unit is configured to determine each destination node of the N destination nodes as an i +1 th departure node;
the first obtaining unit is further configured to obtain an association value of an i +1 th starting node and M destination nodes corresponding to a first-order neighbor node of the i +1 th starting node, where M is greater than or equal to 1;
the output unit is used for outputting the commercial tenant of which the correlation value is greater than or equal to a first preset threshold value, the fraudulent transaction quantity is greater than a second preset threshold value, and the proportion of the fraudulent transaction quantity is greater than a third preset threshold value, and determining the commercial tenant as a correlated commercial tenant;
the output unit is further configured to output that the association value is greater than or equal to a fourth preset threshold, and the account is an account of the abnormal account and determined as an associated account.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011552836.4A CN113159778B (en) | 2020-12-24 | 2020-12-24 | Financial fraud detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011552836.4A CN113159778B (en) | 2020-12-24 | 2020-12-24 | Financial fraud detection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113159778A true CN113159778A (en) | 2021-07-23 |
| CN113159778B CN113159778B (en) | 2023-11-24 |
Family
ID=76877995
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011552836.4A Active CN113159778B (en) | 2020-12-24 | 2020-12-24 | Financial fraud detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113159778B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116433345A (en) * | 2023-05-05 | 2023-07-14 | 辽宁慧远科技开发有限公司 | AI-based fraudulent activity analysis method and digital financial product service system |
| CN116433345B (en) * | 2023-05-05 | 2024-05-24 | 意数信息技术(上海)有限公司 | AI-based fraudulent activity analysis method and digital financial product service system |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040098362A1 (en) * | 2002-11-18 | 2004-05-20 | Ullas Gargi | Automated propagation of document metadata |
| US20170046614A1 (en) * | 2015-08-11 | 2017-02-16 | Oracle International Corporation | Accelerated tr-l-bfgs algorithm for neural network |
| CN108174296A (en) * | 2018-01-02 | 2018-06-15 | 武汉斗鱼网络科技有限公司 | Malicious user recognition methods and device |
| CN108734275A (en) * | 2017-04-24 | 2018-11-02 | 英特尔公司 | Hardware I P optimizes convolutional neural networks |
| CN110555455A (en) * | 2019-06-18 | 2019-12-10 | 东华大学 | Online transaction fraud detection method based on entity relationship |
| CN111291760A (en) * | 2020-02-12 | 2020-06-16 | 北京迈格威科技有限公司 | Semantic segmentation method and device for image and electronic equipment |
| CN111428217A (en) * | 2020-04-12 | 2020-07-17 | 中信银行股份有限公司 | Method and device for identifying cheat group, electronic equipment and computer readable storage medium |
| CN111753915A (en) * | 2020-06-29 | 2020-10-09 | 广东浪潮大数据研究有限公司 | Image processing device, method, equipment and medium |
| CN111784502A (en) * | 2020-06-30 | 2020-10-16 | 中国工商银行股份有限公司 | Abnormal transaction account group identification method and device |
| US20200364366A1 (en) * | 2019-05-15 | 2020-11-19 | International Business Machines Corporation | Deep learning-based identity fraud detection |
| CN112044082A (en) * | 2020-08-28 | 2020-12-08 | 腾讯科技(深圳)有限公司 | Information detection method and device and computer readable storage medium |
-
2020
- 2020-12-24 CN CN202011552836.4A patent/CN113159778B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040098362A1 (en) * | 2002-11-18 | 2004-05-20 | Ullas Gargi | Automated propagation of document metadata |
| US20170046614A1 (en) * | 2015-08-11 | 2017-02-16 | Oracle International Corporation | Accelerated tr-l-bfgs algorithm for neural network |
| CN108734275A (en) * | 2017-04-24 | 2018-11-02 | 英特尔公司 | Hardware I P optimizes convolutional neural networks |
| CN108174296A (en) * | 2018-01-02 | 2018-06-15 | 武汉斗鱼网络科技有限公司 | Malicious user recognition methods and device |
| US20200364366A1 (en) * | 2019-05-15 | 2020-11-19 | International Business Machines Corporation | Deep learning-based identity fraud detection |
| CN110555455A (en) * | 2019-06-18 | 2019-12-10 | 东华大学 | Online transaction fraud detection method based on entity relationship |
| CN111291760A (en) * | 2020-02-12 | 2020-06-16 | 北京迈格威科技有限公司 | Semantic segmentation method and device for image and electronic equipment |
| CN111428217A (en) * | 2020-04-12 | 2020-07-17 | 中信银行股份有限公司 | Method and device for identifying cheat group, electronic equipment and computer readable storage medium |
| CN111753915A (en) * | 2020-06-29 | 2020-10-09 | 广东浪潮大数据研究有限公司 | Image processing device, method, equipment and medium |
| CN111784502A (en) * | 2020-06-30 | 2020-10-16 | 中国工商银行股份有限公司 | Abnormal transaction account group identification method and device |
| CN112044082A (en) * | 2020-08-28 | 2020-12-08 | 腾讯科技(深圳)有限公司 | Information detection method and device and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 姚行艳;喻其炳;陈志强;李川;: "基于神经网络的多孔泡沫金属磁流变液阻尼器模型", 重庆工商大学学报(自然科学版), no. 03, pages 9 - 12 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116433345A (en) * | 2023-05-05 | 2023-07-14 | 辽宁慧远科技开发有限公司 | AI-based fraudulent activity analysis method and digital financial product service system |
| CN116433345B (en) * | 2023-05-05 | 2024-05-24 | 意数信息技术(上海)有限公司 | AI-based fraudulent activity analysis method and digital financial product service system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113159778B (en) | 2023-11-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106709800B (en) | Community division method and device based on feature matching network | |
| CN110390465A (en) | Air control analysis and processing method, device and the computer equipment of business datum | |
| US20200257964A1 (en) | Machine learning system for various computer applications | |
| CN108734380A (en) | Adventure account determination method, device and computing device | |
| CN104321794A (en) | A system and method using multi-dimensional rating to determine an entity's future commercial viability | |
| CN109840676B (en) | Big data-based wind control method and device, computer equipment and storage medium | |
| CN111325248A (en) | Method and system for reducing pre-loan business risk | |
| CN114862587A (en) | Abnormal transaction account identification method and device and computer readable storage medium | |
| CN110991650A (en) | Method and device for training card maintenance identification model and identifying card maintenance behavior | |
| CN112365352B (en) | Anti-cash-out method and device based on graph neural network | |
| CN112966728A (en) | Transaction monitoring method and device | |
| Hasan et al. | E-commerce merchant fraud detection using machine learning approach | |
| CN107679862A (en) | A kind of characteristic value of fraudulent trading model determines method and device | |
| CN111260372A (en) | Resource transfer user group determination method, device, computer equipment and storage medium | |
| CN113159778A (en) | Financial fraud detection method and device | |
| CN110570301B (en) | Risk identification method, device, equipment and medium | |
| Perera et al. | Determinants of automated teller machine loading demand requirements in Sri Lankan cash supply chains | |
| CN114331463A (en) | Risk identification method based on linear regression model and related equipment thereof | |
| CN113159924A (en) | Method and device for determining trusted client object | |
| CN113706258A (en) | Product recommendation method, device, equipment and storage medium based on combined model | |
| CN112967053A (en) | Method and device for detecting fraudulent transactions | |
| Lee | A data mining approach using transaction patterns for card fraud detection | |
| CN111242763A (en) | Method and device for determining target user group | |
| CN112396513B (en) | Data processing method and device | |
| CN116433242B (en) | Fraud detection method based on attention mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |