CN113159778B - Financial fraud detection method and device - Google Patents

Financial fraud detection method and device Download PDF

Info

Publication number
CN113159778B
CN113159778B CN202011552836.4A CN202011552836A CN113159778B CN 113159778 B CN113159778 B CN 113159778B CN 202011552836 A CN202011552836 A CN 202011552836A CN 113159778 B CN113159778 B CN 113159778B
Authority
CN
China
Prior art keywords
node
account
abnormal
departure
nodes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011552836.4A
Other languages
Chinese (zh)
Other versions
CN113159778A (en
Inventor
康悠杰
黄胜蓝
袁满
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Clover Cyber Technology Co ltd
Original Assignee
Xi'an Clover Cyber Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Clover Cyber Technology Co ltd filed Critical Xi'an Clover Cyber Technology Co ltd
Priority to CN202011552836.4A priority Critical patent/CN113159778B/en
Publication of CN113159778A publication Critical patent/CN113159778A/en
Application granted granted Critical
Publication of CN113159778B publication Critical patent/CN113159778B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Mathematical Physics (AREA)
  • General Engineering & Computer Science (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The disclosure provides a method and a device for detecting financial fraud, relates to the field of financial wind control, and can solve the problem that financial fraud partners are difficult to identify in the prior art. The specific technical scheme is as follows: firstly, obtaining target graph data; then, learning a graph neural network model on the target graph data to obtain an abnormal account; according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant; and finally, according to the abnormal merchant, running a graph algorithm on the target graph data to obtain the associated merchant and the associated account. The present disclosure is for detection of financial fraud.

Description

Financial fraud detection method and device
Technical Field
The disclosure relates to the technical field of financial wind control, in particular to a method and a device for detecting financial fraud.
Background
At present, the group partner is a serious problem in the field of financial fraud, and a plurality of group partner organizations, such as retail terminal pos machine card raising group partner, can be mined in the cases of cashing, lawying illegally obtained, maliciously drawing wool and the like.
In the field of finance anti-fraud, monitoring and recognition of anomalies are generally based on complex rule models, a large number of recognition strategies are written by using experience of business personnel, and malicious targets are captured by adjusting thresholds and weights. This approach is not only difficult to maintain, but also poor in accuracy, and more importantly, can generally only be determined and predicted with a single target as the object, and it is difficult to grasp potentially malicious rogue organizations from a partner perspective.
Disclosure of Invention
The embodiment of the disclosure provides a method and a device for detecting financial fraud, which can solve the problem that the financial fraud partner is difficult to identify in the prior art. The technical scheme is as follows:
according to a first aspect of embodiments of the present disclosure, there is provided a method of detecting financial fraud, the method comprising:
obtaining target graph data;
performing graph neural network model learning on the target graph data to obtain an abnormal account;
according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant;
and running a graph algorithm on the target graph data according to the abnormal merchant to obtain an associated merchant and an associated account.
The method for detecting the financial fraud, provided by the embodiment of the disclosure, comprises the steps of firstly obtaining target graph data; then, learning a graph neural network model on the target graph data to obtain an abnormal account; according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant; and finally, according to the abnormal merchant, running a graph algorithm on the target graph data to obtain the associated merchant and the associated account. According to the target graph data, after a single abnormal account and an abnormal merchant are obtained, malicious fraud partners are mined through a graph algorithm. The method has multiple and flexible adaptation scenes, comprises the cases of preventing legal, counter-pulling wool, counter-cash and the like obtained by various illegalities, is easy to maintain, and is also beneficial to further analysis and management and control of related business personnel.
In one embodiment, obtaining target graph data includes:
acquiring original data, wherein the original data comprises debit card information and credit card information of an account and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to the original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction flow information;
extracting the target graph data in the graph database.
According to the embodiment of the disclosure, the original data is obtained through the method, and the node characteristics and the edge characteristics are added to the original data to form the graph database.
In one embodiment, after the target graph data is subjected to graph neural network model learning, the method further comprises:
and obtaining the weight value of each two adjacent node continuous edges in the target graph data.
In one embodiment, performing graph computation on the target graph data according to the abnormal account, and obtaining the abnormal merchant includes:
and according to the abnormal account, carrying out graph calculation based on account node characteristics, merchant node characteristics and transaction flow information side characteristics on the target graph data to obtain an abnormal merchant, wherein the transaction flow information at least comprises one of transaction amount, type and access degree.
In one embodiment, running a graph algorithm on the target graph data according to the abnormal merchant, obtaining an associated merchant and an associated account includes:
acquiring an association value of an ith departure node and N destination nodes corresponding to a first-order neighbor node of the ith departure node, wherein i is more than or equal to 1, and N is more than or equal to 1;
acquiring an association value of each destination node in the N destination nodes, wherein the association value of each destination node is the association value of the ith departure node and a weight value of the boundary between the ith departure node and the destination node;
determining each destination node in the N destination nodes as an i+1th departure node, and acquiring an association value of the i+1th departure node and M destination nodes corresponding to first-order neighbor nodes of the i+1th departure node, wherein M is more than or equal to 1;
outputting merchants with association values larger than or equal to a first preset threshold value, with the number of fraudulent transactions larger than a second preset threshold value and the proportion of the number of fraudulent transactions larger than a third preset threshold value after repeating for preset times, and determining the merchants as the associated merchants;
and outputting that the association value is larger than or equal to a fourth preset threshold value, and determining that the account is the account of the abnormal account as the association account.
In one embodiment, when i=1, the ith departure node is the abnormal merchant, and the association value of the ith departure node is set to be a fifth preset threshold.
According to a second aspect of embodiments of the present disclosure, there is provided a detection apparatus for financial fraud, including a first acquisition module, a second acquisition module, a third acquisition module, and a fourth acquisition module;
the first acquisition module is used for acquiring target graph data;
the second acquisition module is used for performing graph neural network model learning on the target graph data to acquire an abnormal account;
the third obtaining module is used for carrying out graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant;
and the fourth acquisition module is used for running a graph algorithm on the target graph data according to the abnormal merchant to acquire an associated merchant and an associated account.
The financial fraud detection device provided by the embodiment of the disclosure comprises a first acquisition module, a second acquisition module, a third acquisition module and a fourth acquisition module; the first acquisition module acquires target graph data; the second acquisition module performs graph neural network model learning on the target graph data to acquire an abnormal account; the third acquisition module performs graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant; and the fourth acquisition module runs a graph algorithm on the target graph data according to the abnormal merchant to acquire the associated merchant and the associated account. According to the target graph data, after a single abnormal account and an abnormal merchant are obtained, malicious fraud partners are mined through a graph algorithm. The method has multiple and flexible adaptation scenes, comprises the cases of preventing legal, counter-pulling wool, counter-cash and the like obtained by various illegalities, is easy to maintain, and is also beneficial to further analysis and management and control of related business personnel.
In one embodiment, the first obtaining module is specifically configured to obtain raw data, where the raw data includes debit card information of an account, credit card information, and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to the original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction flow information;
extracting the target graph data in the graph database.
In one embodiment, the second obtaining module is further configured to obtain a weight value of each two adjacent node edges in the target graph data.
In one embodiment, the fourth acquisition module includes a first acquisition unit, a second acquisition unit, a determination unit, and an output unit:
the first acquisition unit is used for acquiring the association value of the ith departure node and N destination nodes corresponding to the first-order neighbor nodes of the ith departure node, wherein i is more than or equal to 1, and N is more than or equal to 1;
the second obtaining unit is configured to obtain an association value of each destination node in the N destination nodes, where the association value of each destination node is an association value of the i-th departure node and a weight value of an edge between the i-th departure node and the destination node;
the determining unit is used for determining each destination node in the N destination nodes as an i+1th departure node;
the first obtaining unit is further configured to obtain an association value of an i+1st departure node and M destination nodes corresponding to first-order neighboring nodes of the i+1st departure node, where M is greater than or equal to 1;
the output unit is used for outputting merchants with association values larger than or equal to a first preset threshold, the number of fraudulent transactions larger than a second preset threshold and the proportion of the number of fraudulent transactions larger than a third preset threshold, and determining the merchants as associated merchants;
the output unit is further configured to output an account whose association value is greater than or equal to a fourth preset threshold, and is the abnormal account, and determine that the account is an associated account.
According to a third aspect of embodiments of the present disclosure, there is provided a financial fraud detection apparatus comprising a processor and a memory having stored therein at least one computer instruction loaded and executed by the processor to implement the steps performed in the financial fraud detection method of any of the above.
According to a fourth aspect of embodiments of the present disclosure, there is provided a computer readable storage medium having stored therein at least one computer instruction loaded and executed by a processor to implement the steps performed in the method of detecting financial fraud of any of the above.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flow chart of a method for detecting financial fraud provided by an embodiment of the present disclosure;
FIG. 2 is a flow chart of a method for detecting financial fraud provided by an embodiment of the present disclosure;
FIG. 3 is a block diagram of a financial fraud detection apparatus provided by an embodiment of the present disclosure;
fig. 4 is a block diagram of a financial fraud detection apparatus provided in an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of systems and methods that are consistent with some aspects of the present disclosure, as detailed in the accompanying claims.
In general, for the case of anti-fraud in finance, such as prevention of various illegitimate effects, consider general data entry including debit card of an account, credit card information, transaction flow, and information of an acquiring merchant. The present disclosure defines a network-type group behavior that a malicious group organization centers on one or more malicious fraudulent merchants, plus malicious fraudulent accounts associated with them, and other fraudulent merchants associated with these accounts, and so on and spreads. Based on this, an embodiment of the present disclosure provides a method for detecting financial fraud, as shown in fig. 1, including the following steps:
step 101, obtaining target graph data;
in one embodiment, obtaining target graph data includes:
acquiring original data, wherein the original data comprises debit card information and credit card information of an account and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to the original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction flow information;
target graph data is extracted from a graph database.
Specifically, account debit card information, credit card information, transaction flow information, and the like in the relational database are exported and stored in a graph database representing the transaction network. The graph data structure is composed of nodes and edges and their attributes, in this disclosure, account and merchant information is stored in the form of nodes on the graph and transaction flow information is stored in the form of edges on the graph.
According to the embodiment of the disclosure, the original data is obtained through the method, and the node characteristics and the edge characteristics are added to the original data to form the graph database.
Step 102, learning a graph neural network model on target graph data to obtain an abnormal account;
in the embodiment of the disclosure, drawing data is extracted from a drawing database, is imported into an existing drawing neural network model for learning, and a malicious mark, namely an abnormal account, for a single user is obtained to indicate whether the single user has abnormal behaviors or not.
In one embodiment, after learning the graph neural network model on the target graph data, the method further includes:
and obtaining the weight value of each two adjacent node continuous edges in the target graph data.
And 103, carrying out graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant.
In one embodiment, performing graph computation on the target graph data according to the abnormal account, obtaining the abnormal merchant includes:
and according to the abnormal account, performing graph calculation based on account node characteristics, merchant node characteristics and transaction flow information side characteristics on the target graph data to obtain abnormal merchants, wherein the transaction flow information at least comprises one of transaction amount, type and access degree.
Specifically, target graph data is extracted from a graph database, and based on graph calculation of accounts, merchants and related attributes of transaction information (including transaction amount, type, access degree and the like), merchants suspected to be in malicious fraud group organizations, namely abnormal merchants, are obtained.
And 104, running a graph algorithm on the target graph data according to the abnormal merchant to obtain the associated merchant and the associated account.
In one embodiment, running a graph algorithm on the target graph data according to the abnormal merchant, obtaining the associated merchant and the associated account includes:
acquiring an association value of an ith departure node and N destination nodes corresponding to a first-order neighbor node of the ith departure node, wherein i is more than or equal to 1, and N is more than or equal to 1;
acquiring an association value of each destination node in N destination nodes, wherein the association value of each destination node is the association value of the ith departure node and the weight value of the connecting edge of the ith departure node and the destination node;
each destination node in the N destination nodes is determined to be an i+1th departure node, and an association value of the i+1th departure node and M destination nodes corresponding to first-order neighbor nodes of the i+1th departure node are obtained, wherein M is more than or equal to 1;
outputting merchants with association values larger than or equal to a first preset threshold value, with the number of fraudulent transactions larger than a second preset threshold value and the proportion of the number of fraudulent transactions larger than a third preset threshold value after repeating for preset times, and determining the merchants as the associated merchants;
and outputting an account with the association value being greater than or equal to a fourth preset threshold value and being an abnormal account, and determining the account as an association account.
In one embodiment, when i=1, the ith departure node is an abnormal merchant, and the association value of the ith departure node is set to be a fifth preset threshold.
In the step, based on the abnormal merchant, a graph algorithm is operated, the information propagation and aggregation are completed, and the associated account and the associated merchant with larger association degree with the abnormal merchant are output.
Specifically, the method acts on the extracted abnormal merchant.
(a) Setting the "association value" score of all the nodes at the beginning to be the fifth preset threshold, in this embodiment, the association value may be set to 0.
(b) The first time takes an abnormal merchant node as a departure node and a plurality of first-order neighbor nodes thereof as a destination node set. The method comprises the steps that a starting node carries out fraction propagation on a destination node, a weight value of a connecting edge of the starting node and a destination node unfolding node is recorded as a propagation value, and the association value of each destination node is calculated as the sum of the association value and the propagation value of the starting node according to the propagation value obtained by a graph neural network model.
(c) The new set of departure nodes is the destination node of the previous propagation, and the new set of destination nodes is the first-order neighbor of the new set of departure nodes. Wherein the set of departure nodes does not contain a repeating element, and the set of destination nodes may contain a repeating element.
(d) Repeating for several times, and ending. Outputting a plurality of suspicious merchant nodes, namely associated merchants, with the association value being greater than or equal to a first preset threshold value, the fraudulent transaction quantity being greater than a second preset threshold value and the proportion of the fraudulent transaction quantity being greater than a third preset threshold value; and outputting a plurality of account nodes with the association value being larger than or equal to a fourth preset threshold value and added with abnormal accounts by the graph neural network model, namely associating the accounts.
The method for detecting the financial fraud, provided by the embodiment of the disclosure, comprises the steps of firstly obtaining target graph data; then, learning a graph neural network model on the target graph data to obtain an abnormal account; according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant; and finally, according to the abnormal merchant, running a graph algorithm on the target graph data to obtain the associated merchant and the associated account. According to the target graph data, after a single abnormal account and an abnormal merchant are obtained, malicious fraud partners are mined through a graph algorithm. The method has multiple and flexible adaptation scenes, comprises the cases of preventing legal, counter-pulling wool, counter-cash and the like obtained by various illegalities, is easy to maintain, and is also beneficial to further analysis and management and control of related business personnel.
Another embodiment of the present disclosure provides a method for detecting financial fraud, as shown in fig. 2, including the steps of:
step 201, data preprocessing and conversion
Account debit card information, credit card information, transaction flow information, etc. in the relational database are exported and stored in a graph database representing the transaction network. The graph data structure is composed of nodes and edges and their attributes, in this disclosure, account and merchant information is stored in the form of nodes on the graph and transaction flow information is stored in the form of edges on the graph.
Step 202, outputting single-target marking result
Drawing data is extracted from a drawing database, drawing neural network models are imported for training, malicious marks aiming at single users are obtained, whether the single users have abnormal behaviors or not is identified, and weight values of edges of every two adjacent nodes in target drawing data are shown.
Step 203, suspicious fraud merchant extraction
Drawing data is extracted from the drawing database, and based on drawing calculation of accounts, merchants and related attributes of transaction information (including transaction amount, type, access degree and the like), the merchants suspected to be in the malicious fraud group organization are obtained.
Step 204, associating merchant and account output
Based on the suspected fraudulent merchant, a graph algorithm is operated, information propagation and aggregation are completed, and an account and merchant with larger association degree with the suspected fraudulent merchant are output.
With respect to the graph algorithm, specifically, acts on each suspected fraudster merchant node extracted in (3).
(a) The concept of 'association value' is introduced, and initially, the score of 'association value' of all nodes is 0.
(b) For the first time, a specific suspicious fraud node is taken as a departure node, and a first-order neighbor node is taken as a destination node. The starting point performs fractional propagation to the destination point, and the destination point, namely the first-order neighbor node, receives the fraction as a weight value connected with the expansion node and marks the weight value as a propagation value.
(c) The 'association value' of the first-order neighbor node, namely the numerical sum of the original 'association value' and the received 'propagation value', is updated.
(d) The new set of departure nodes is the destination node of the previous propagation, and the new set of destination nodes is the first-order neighbor of the new set of departure nodes. Note that (i) the set of departure nodes does not contain a repeating element, and the set of destination nodes may contain a repeating element. (ii) Each node can only appear at most once in the set of departure nodes.
(e) The new departure node performs fractional propagation to the new destination node, and the propagation and updating method is the same as the steps (b) and (c). Thereafter, updating the set of departure nodes and the set of destination nodes, the method being the same as step (d).
(f) Repeating the step (e) for a plurality of times, and ending. Outputting a plurality of suspicious merchant nodes with the association value being larger than or equal to a first preset threshold value, the fraudulent transaction quantity being larger than a second preset threshold value and the proportion of the fraudulent transaction quantity being larger than a third preset threshold value, and outputting a plurality of account nodes with the association value being larger than or equal to a fourth preset threshold value and the suspicious malicious marks being added by the graphic neural network model (namely, the mark output in the step 2). These merchants, accounts and target suspected fraudulent merchants constitute malicious fraudulent parties. The accuracy is higher through the manual verification.
Step 205, output iteration update
Along with the continuous updating of the graph neural network model in the prior art, account marks are updated continuously, and weights of nodes and edges on the graph are updated. Correspondingly, the graph algorithm continuously performs parallel calculation, updates suspected malicious and fraudulent party, and completes timing output for analysis and management and control of business personnel.
The financial fraud partner detection algorithm based on the transaction map provided by the embodiment of the disclosure uses a graph data structure to represent target attributes in relational data and transaction flow information. On the premise of taking a graph neural network as a bottom layer model basis, malicious behavior labels aiming at single targets are obtained, and then through the graph algorithm disclosed by the application, information propagation and aggregation are completed, and a sub-graph structure formed by a plurality of targets with high relevance is excavated, namely suspected malicious and fraudulent groups are obtained. The method has multiple and flexible adaptation scenes, comprises the cases of preventing legal, counter-pulling wool, counter-cash and the like obtained by various illegalities, is easy to maintain, and is also beneficial to further analysis and management and control of related business personnel.
Based on the above-described method for detecting financial fraud in the corresponding embodiments of fig. 1 and 2, the following embodiments of the apparatus of the present disclosure may be used to execute the embodiments of the method of the present disclosure.
The embodiment of the disclosure provides a financial fraud detection apparatus, as shown in fig. 3, the apparatus 30 includes a first acquisition module 301, a second acquisition module 302, a third acquisition module 303, and a fourth acquisition module 304;
a first obtaining module 301, configured to obtain target graph data;
the second obtaining module 302 is configured to perform graph neural network model learning on the target graph data to obtain an abnormal account;
a third obtaining module 303, configured to perform graph computation on the target graph data according to the abnormal account, to obtain an abnormal merchant;
and the fourth obtaining module 304 is configured to run a graph algorithm on the target graph data according to the abnormal merchant, and obtain the associated merchant and the associated account.
The device for detecting financial fraud provided by the embodiment of the disclosure includes a first acquisition module 301, a second acquisition module 302, a third acquisition module 303, and a fourth acquisition module 304; the first acquisition module 301 acquires target map data; the second acquisition module 302 performs graph neural network model learning on the target graph data to acquire an abnormal account; the third obtaining module 303 performs graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant; and the fourth acquisition module 304 runs a graph algorithm on the target graph data according to the abnormal merchant to acquire the associated merchant and the associated account. According to the target graph data, after a single abnormal account and an abnormal merchant are obtained, malicious fraud partners are mined through a graph algorithm. The method has multiple and flexible adaptation scenes, comprises the cases of preventing legal, counter-pulling wool, counter-cash and the like obtained by various illegalities, is easy to maintain, and is also beneficial to further analysis and management and control of related business personnel.
In one embodiment, the first obtaining module 301 is specifically configured to obtain raw data, where the raw data includes debit card information of an account, credit card information, and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to the original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction flow information;
target graph data is extracted from a graph database.
In one embodiment, the second obtaining module 302 is further configured to obtain a weight value of each two adjacent node edges in the target graph data.
In one embodiment, as shown in fig. 4, the fourth acquisition module 304 includes a first acquisition unit 3041, a second acquisition unit 3042, a determination unit 3043, and an output unit 3044:
a first obtaining unit 3041, configured to obtain an association value of an ith departure node and N destination nodes corresponding to a first-order neighboring node of the ith departure node, where i is greater than or equal to 1, and N is greater than or equal to 1;
a second obtaining unit 3042, configured to obtain an association value of each destination node in the N destination nodes, where the association value of each destination node is an association value of an ith departure node and a weight value of an edge between the ith departure node and the destination node;
a determining unit 3043 configured to determine each of the N destination nodes as an i+1th departure node;
the first obtaining unit 3041 is further configured to obtain an association value of the (i+1) th departure node and M destination nodes corresponding to the first-order neighboring nodes of the (i+1) th departure node, where M is greater than or equal to 1;
an output unit 3044, configured to output merchants with association values greater than or equal to a first preset threshold, fraudulent transaction numbers greater than a second preset threshold, and a proportion of the fraudulent transaction numbers greater than a third preset threshold, and determine the merchants as associated merchants;
the output unit 3044 is further configured to output an account whose association value is greater than or equal to the fourth preset threshold value and is an abnormal account, and determine that the account is an associated account.
Based on the above-described method for detecting a financial fraud in the corresponding embodiment of fig. 1 and 2, another embodiment of the present disclosure further provides a device for detecting a financial fraud, where the device for detecting a financial fraud includes a processor and a memory, and at least one computer instruction is stored in the memory, and the instruction is loaded and executed by the processor to implement the method for detecting a financial fraud described in the corresponding embodiment of fig. 1 and 2.
Based on the above-described detection method of financial fraud in the corresponding embodiments of fig. 1 and 2, the embodiments of the present disclosure also provide a computer readable storage medium, for example, a non-transitory computer readable storage medium may be a Read Only Memory (ROM), a random access Memory (english: random Access Memory, RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like. The storage medium stores at least one computer instruction for executing the method for detecting financial fraud described in the embodiments corresponding to fig. 1 and fig. 2, which are not described herein.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (5)

1. A method of detecting financial fraud, the method comprising:
obtaining target map data, the obtaining target map data comprising: acquiring original data, wherein the original data comprises debit card information and credit card information of an account and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to the original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction flow information; extracting the target graph data in the graph database;
performing graph neural network model learning on the target graph data to obtain an abnormal account;
according to the abnormal account, carrying out graph calculation on the target graph data to obtain an abnormal merchant;
running a graph algorithm on the target graph data according to the abnormal merchant to obtain an associated merchant and an associated account;
after the learning of the graph neural network model is performed on the target graph data, the method further comprises: obtaining the weight value of each two adjacent node connecting edges in the target graph data;
and running a graph algorithm on the target graph data according to the abnormal merchant, wherein the obtaining of the associated merchant and the associated account comprises the following steps:
acquiring an association value of an ith departure node and N destination nodes corresponding to a first-order neighbor node of the ith departure node, wherein i is more than or equal to 1, and N is more than or equal to 1;
acquiring an association value of each destination node in the N destination nodes, wherein the association value of each destination node is the sum of the association value of the ith departure node and a weight value of the connection edge of the ith departure node and the destination node;
determining each destination node in the N destination nodes as an i+1th departure node, and acquiring an association value of the i+1th departure node and M destination nodes corresponding to first-order neighbor nodes of the i+1th departure node, wherein M is more than or equal to 1;
after repeating the preset times, outputting merchants with association values larger than or equal to a first preset threshold, wherein the number of fraudulent transactions is larger than a second preset threshold and the proportion of the number of fraudulent transactions is larger than a third preset threshold, determining the merchants as associated merchants, outputting accounts with association values larger than or equal to a fourth preset threshold and being the abnormal accounts, and determining the accounts as associated accounts;
when i=1, the ith departure node is the abnormal merchant, and the association value of the ith departure node is set as a fifth preset threshold;
specifically, at each suspected fraudulent merchant node is extracted using graph calculations:
(a) Introducing an associated value concept, wherein the score of the associated value of all nodes is 0 at the beginning;
(b) Firstly, taking a specific suspicious fraud node as a departure node, taking a first-order neighbor node of the specific suspicious fraud node as a destination node, and carrying out fraction propagation on the departure node to the destination node; the destination node, namely a first-order neighbor node, receives the weight value of which the score is connected with the unfolded node and marks the weight value as a propagation value;
(c) Updating the 'association value' of the first-order neighbor node, namely, the numerical sum of the original 'association value' and the received 'propagation value';
(d) The new set of departure nodes is a destination node propagated the previous time, and the new set of destination nodes is a first-order neighbor of the new set of departure nodes; note that (i) the set of departure nodes does not contain a repeating element, and the set of destination nodes may contain a repeating element; (ii) Each node can only appear once in the set of departure nodes at most;
(e) The new departure node performs fraction propagation to the new destination node, and the propagation and updating methods are the same as the steps (b), (c); updating the set of departure nodes and the set of destination nodes, wherein the method is the same as the step (d);
(f) Repeating the step (e) for a plurality of times and ending; outputting a plurality of suspicious merchant nodes with the association value being larger than or equal to a first preset threshold value, the fraudulent transaction quantity being larger than a second preset threshold value and the proportion of the fraudulent transaction quantity being larger than a third preset threshold value, outputting a plurality of account nodes with the association value being larger than or equal to a fourth preset threshold value and being added with suspicious malicious marks by a graph neural network model, wherein the merchants, the accounts and target suspicious fraudulent merchants form a malicious fraud group.
2. The method according to claim 1, wherein the performing graph calculation on the target graph data according to the abnormal account, and obtaining an abnormal merchant comprises:
and according to the abnormal account, carrying out graph calculation based on account node characteristics, merchant node characteristics and transaction flow information side characteristics on the target graph data to obtain an abnormal merchant, wherein the transaction flow information at least comprises one of transaction amount, type and access degree.
3. A financial fraud detection apparatus, adapted to perform the financial fraud detection method of any of claims 1-2, the apparatus comprising: the device comprises a first acquisition module, a second acquisition module, a third acquisition module and a fourth acquisition module;
the first acquisition module is used for acquiring target graph data;
the second acquisition module is used for performing graph neural network model learning on the target graph data to acquire an abnormal account;
the third obtaining module is used for carrying out graph calculation on the target graph data according to the abnormal account to obtain an abnormal merchant;
the fourth obtaining module is used for running a graph algorithm on the target graph data according to the abnormal merchant to obtain an associated merchant and an associated account;
the fourth acquisition module comprises a first acquisition unit, a second acquisition unit, a determination unit and an output unit:
the first acquisition unit is used for acquiring the association value of the ith departure node and N destination nodes corresponding to the first-order neighbor nodes of the ith departure node, wherein i is more than or equal to 1, and N is more than or equal to 1;
the second obtaining unit is configured to obtain an association value of each destination node in the N destination nodes, where the association value of each destination node is a sum of the association value of the i-th departure node and a weight value of a boundary between the i-th departure node and the destination node;
the determining unit is used for determining each destination node in the N destination nodes as an i+1th departure node;
the first obtaining unit is further configured to obtain an association value of an i+1st departure node and M destination nodes corresponding to first-order neighboring nodes of the i+1st departure node, where M is greater than or equal to 1;
the output unit is used for outputting merchants with association values larger than or equal to a first preset threshold, the number of fraudulent transactions larger than a second preset threshold and the proportion of the number of fraudulent transactions larger than a third preset threshold, and determining the merchants as associated merchants; and outputting that the association value is larger than or equal to a fourth preset threshold value, and determining that the account is the account of the abnormal account as the association account.
4. The apparatus according to claim 3, wherein the first obtaining module is specifically configured to obtain raw data, where the raw data includes debit card information of an account, credit card information, and transaction flow information corresponding to the account;
adding node characteristics and edge characteristics to the original data to obtain a graph database, wherein the node characteristics comprise accounts and merchants, and the edge characteristics comprise transaction flow information;
extracting the target graph data in the graph database.
5. The apparatus according to claim 4, wherein the second obtaining module is further configured to obtain a weight value of each two adjacent node edges in the target graph data.
CN202011552836.4A 2020-12-24 2020-12-24 Financial fraud detection method and device Active CN113159778B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011552836.4A CN113159778B (en) 2020-12-24 2020-12-24 Financial fraud detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011552836.4A CN113159778B (en) 2020-12-24 2020-12-24 Financial fraud detection method and device

Publications (2)

Publication Number Publication Date
CN113159778A CN113159778A (en) 2021-07-23
CN113159778B true CN113159778B (en) 2023-11-24

Family

ID=76877995

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011552836.4A Active CN113159778B (en) 2020-12-24 2020-12-24 Financial fraud detection method and device

Country Status (1)

Country Link
CN (1) CN113159778B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116433345B (en) * 2023-05-05 2024-05-24 意数信息技术(上海)有限公司 AI-based fraudulent activity analysis method and digital financial product service system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108174296A (en) * 2018-01-02 2018-06-15 武汉斗鱼网络科技有限公司 Malicious user recognition methods and device
CN108734275A (en) * 2017-04-24 2018-11-02 英特尔公司 Hardware I P optimizes convolutional neural networks
CN110555455A (en) * 2019-06-18 2019-12-10 东华大学 Online transaction fraud detection method based on entity relationship
CN111291760A (en) * 2020-02-12 2020-06-16 北京迈格威科技有限公司 Semantic segmentation method and device for image and electronic equipment
CN111428217A (en) * 2020-04-12 2020-07-17 中信银行股份有限公司 Method and device for identifying cheat group, electronic equipment and computer readable storage medium
CN111753915A (en) * 2020-06-29 2020-10-09 广东浪潮大数据研究有限公司 Image processing device, method, equipment and medium
CN111784502A (en) * 2020-06-30 2020-10-16 中国工商银行股份有限公司 Abnormal transaction account group identification method and device
CN112044082A (en) * 2020-08-28 2020-12-08 腾讯科技(深圳)有限公司 Information detection method and device and computer readable storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7107520B2 (en) * 2002-11-18 2006-09-12 Hewlett-Packard Development Company, L.P. Automated propagation of document metadata
US10467528B2 (en) * 2015-08-11 2019-11-05 Oracle International Corporation Accelerated TR-L-BFGS algorithm for neural network
US11531780B2 (en) * 2019-05-15 2022-12-20 International Business Machines Corporation Deep learning-based identity fraud detection

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108734275A (en) * 2017-04-24 2018-11-02 英特尔公司 Hardware I P optimizes convolutional neural networks
CN108174296A (en) * 2018-01-02 2018-06-15 武汉斗鱼网络科技有限公司 Malicious user recognition methods and device
CN110555455A (en) * 2019-06-18 2019-12-10 东华大学 Online transaction fraud detection method based on entity relationship
CN111291760A (en) * 2020-02-12 2020-06-16 北京迈格威科技有限公司 Semantic segmentation method and device for image and electronic equipment
CN111428217A (en) * 2020-04-12 2020-07-17 中信银行股份有限公司 Method and device for identifying cheat group, electronic equipment and computer readable storage medium
CN111753915A (en) * 2020-06-29 2020-10-09 广东浪潮大数据研究有限公司 Image processing device, method, equipment and medium
CN111784502A (en) * 2020-06-30 2020-10-16 中国工商银行股份有限公司 Abnormal transaction account group identification method and device
CN112044082A (en) * 2020-08-28 2020-12-08 腾讯科技(深圳)有限公司 Information detection method and device and computer readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于神经网络的多孔泡沫金属磁流变液阻尼器模型;姚行艳;喻其炳;陈志强;李川;;重庆工商大学学报(自然科学版)(03);9-12 *

Also Published As

Publication number Publication date
CN113159778A (en) 2021-07-23

Similar Documents

Publication Publication Date Title
De Roux et al. Tax fraud detection for under-reporting declarations using an unsupervised machine learning approach
CN108734380B (en) Risk account determination method and device and computing equipment
WO2022121145A1 (en) Ethereum phishing scam detection method and apparatus based on graph classification
CN110390465A (en) Air control analysis and processing method, device and the computer equipment of business datum
CN107730262A (en) One kind fraud recognition methods and device
CN106709800A (en) Community partitioning method and device based on characteristic matching network
CN106897930A (en) A kind of method and device of credit evaluation
CN106779278A (en) The evaluation system of assets information and its treating method and apparatus of information
CN108492001A (en) A method of being used for guaranteed loan network risk management
CN109840676B (en) Big data-based wind control method and device, computer equipment and storage medium
KR102005733B1 (en) Block chain-based person-to-person financial service offering system using credit rating assessment result drawn on online big data analysis
CN113657896A (en) Block chain transaction topological graph analysis method and device based on graph neural network
CN111179089B (en) Money laundering transaction identification method, device and equipment
CN113159778B (en) Financial fraud detection method and device
CN110991650A (en) Method and device for training card maintenance identification model and identifying card maintenance behavior
CN111160695A (en) Method, system, device and storage medium for identifying risk account of computer operation
CN101295388A (en) Credit estimation method and system
CN111260372B (en) Resource transfer user group determination method, device, computer equipment and storage medium
CN107679862B (en) Method and device for determining characteristic value of fraud transaction model
CN112966728A (en) Transaction monitoring method and device
CN112967053A (en) Method and device for detecting fraudulent transactions
CN112819175A (en) Method, device, equipment and storage medium for identifying illegal legal account
CN110458570A (en) Risk trade control and configuration method and its system
CN110619564B (en) Anti-fraud feature generation method and device
CN113159924A (en) Method and device for determining trusted client object

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant