The global cost of fraud is now estimated at over $5 trillion. In the APAC region, attack rates are around 12% higher than the global average, driven by rapid digital adoption and the growth of online services.
At the same time, the nature of fraud has changed.
Fraudsters have evolved, but in many organisations the tools used to detect them have not. Traditional systems were designed to identify individual, anomalous events, such as a single large transaction or a mismatched address.
You can see the problem here. They are not designed to detect the real threat today: coordinated, networked fraud.
Key takeaways:
|
The challenge: unmasking modern fraud
The core problem is that fraudsters have evolved, but the defensive toolkits of many organisations have not.
Traditional systems were built to detect discrete, anomalous events. A single large transaction. A mismatched address. An individual trigger that falls outside expected behaviour.
But they are not designed to detect coordinated, networked fraud.
In my experience, I see there are three dominant patterns that now sit behind much of what organisations are dealing with.
- Fraud rings
These are professional operations that use a combination of stolen and synthetic identities to launch attacks at scale. They do not target a single account. They compromise multiple accounts at once, often staying below individual transaction limits while causing significant losses. - Speed of attacks
Modern fraudsters use automation to test thousands of stolen credentials or card numbers across hundreds of systems in a matter of minutes. This level of velocity overwhelms systems that rely on batch processing or operate with any degree of latency. - Complex collusion
This includes schemes such as bust-out fraud, where a synthetic identity builds a credit profile over time before drawing down and disappearing. It also includes collusion between seemingly unrelated customers, internal actors, and the growing use of paid money mules.
The key point is that these are not isolated events. They are connected, coordinated and often deliberately structured to avoid detection when viewed at an individual level.
Ultimately, you are no longer fighting individuals; you are fighting organised networks. And to fight a network, you must first be able to see the network.
The solution: graph databases for fraud detection
So how do you solve a network problem?
The most effective approach is to use a strategy that is designed to see, map and analyse networks. This is where graph databases come in.
Traditional databases are designed to store information in tables, rows and columns. They are effective for many tasks, but they are not built to understand complex relationships between data points.
A graph database is different. It is designed from the ground up to treat the relationships between data as just as important as the data itself. It maps a business environment in the same way fraud operates in practice: as a network of interconnected entities.
This is done using two core concepts:
- Nodes: These represent the key entities within the data, such as customers, accounts, devices and transactions
- Edges: These represent the relationships between those entities, for example shared IP addresses, transaction flows, or ownership links
This approach allows organisations to model fraud as it actually happens, not as isolated events, but as a connected network.
Why this approach to fraud detection works
Graph-based approaches make it possible to detect patterns that are not visible using traditional tools.
One of the main advantages is the ability to uncover hidden relationships within the data.
This includes techniques such as:
- Community detection, which identifies tightly connected clusters of accounts behaving in a coordinated way
- Pathfinding, which reveals how entities are linked through multiple steps, often uncovering indirect connections
- The use of centrality measures to understand how information and activity flow through a network
These are patterns that are extremely difficult, and often impossible, to identify manually or through traditional database structures.
Another key advantage is speed.
Because graph queries are highly efficient, they can be up to 1,000 times faster than traditional approaches. This allows analysis to be integrated directly into live transaction flows. In practice, this means transactions can be assessed for network-level risk in milliseconds, fast enough to stop fraud before funds are lost.
Graph-based approaches also reduce false positives.
By providing full context, for example understanding that a transaction is linked to a trusted device or part of a normal pattern of behaviour, organisations can distinguish between legitimate and suspicious activity with greater accuracy. This improves customer experience and reduces unnecessary friction.
Finally, this approach scales effectively.
As data volumes increase, the ability to analyse complex relationships remains intact. Rather than becoming a constraint, growing data sets can be used to build a more complete and accurate view of behaviour across the network.
In action: from a single clue to a fraud ring
This approach changes how fraud investigations are carried out.
It often starts with a single trigger. A transaction is flagged as potentially fraudulent by an existing system. In a traditional process, the investigation might focus on that one account.
With a graph-based approach, the process begins there.
From that initial event, it is possible to trace connections through shared identifiers. In many cases, this could be a device ID, a phone number or an IP address. This becomes the key pivot point.
The next step is to ask a simple question: who else shares this identifier?
This immediately reveals a wider set of connected entities. What appeared to be a single case becomes a cluster of linked accounts, all connected through shared data points.
Instead of investigating one transaction, the full fraud ring is exposed.
Those linked cases can then be reviewed in terms of the activity, the decisions that were made, and the outcomes that followed. From there, action can be taken across the entire network.
This is the difference between investigating individual cases and identifying the underlying structure behind them.
Real-world results: Measurable impact on fraud prevention
And here are the results this fraud prevention approach delivered:
For an E-commerce client
This technique was used to uncover a warranty fraud scheme involving a single user operating over 1,500 fake accounts. By identifying the network behind the activity, the client was able to reduce losses from that fraud vector by over 60%.
For an Insurance client
It enabled the identification of a network of colluding doctors and claimants who were falsifying claims. The only link between them was a shared, obscure mailing address used for correspondence. By uncovering that connection, the organisation was able to prevent millions in fraudulent payouts.
The impact of this approach is clear and measurable.
- Reduced financial losses
Organisations move from “paying and chasing” to identifying and stopping fraud networks before they can execute. Graph-based approaches typically deliver a 10–25% reduction in losses in the targeted fraud area within the first year. - Improved efficiency
Investigations that previously required significant manual effort can be automated. Instead of working through large volumes of data, analysts are presented with the full network. A single analyst can manage the workload that would previously have required an entire team. - A proven approach
This is not new or untested. Major banks and organisations are already using graph-based approaches to detect and prevent fraud, adopting a well-established method for protecting revenue and managing risk.
What this means for fraud detection
Many organisations are still working in a “pay and chase” model, dealing with individual cases after the event. That works up to a point, but it does not address how fraud is actually being carried out.
What’s needed is the ability to see how those individual events are connected.
Once you can do that, the focus moves from investigating one transaction at a time to identifying the wider network behind it and stopping that activity earlier.
To fight a network, you must first be able to see the network.
📕Further reading. You may also like: