Real-Time Fraud Detection Engine

$ cd ~/projects/realtime-fraud-detection-engine agent.shipped · in production

Catching Fraud
Before It Clears.

The rules missed $14M a year of coordinated attacks.
Each transaction looked clean; the graph of accounts
behind them didn’t. We built a temporal GNN (TGN / TGAT)
on Kafka Streams + Memgraph + Kùzu, with GNNExplainer
for analyst trust. 2.3M transactions a day, sub-800 ms,
99.6% precision.

Real-time fraud detection engine

Industry: Financial Technology
Timeline: 14 weeks
Key result: 99.6% precision, $47M prevented
Tech stack: Apache Kafka Streams, PyTorch Geometric + DGL 2.x, Temporal GNN (TGN / TGAT), Memgraph + Kùzu streaming graph, GNNExplainer, Apache Flink CEP, AWS MSK

A Series D fintech processing $8.2B a year had a fraud problem no rule set could catch. Each transaction looked fine; the rings behind them were bleeding $47M a year in patterns only visible on the graph.

We put a temporal graph neural network (TGN / TGAT on PyTorch Geometric + DGL 2.x) behind a Kafka Streams pipeline. It pulls 2.3M transactions a day, keeps the account-transfer graph live in Memgraph for streaming inference and Kùzu for analyst queries, and scores each transaction in under 800 ms via k-hop GraphSAGE-style sampling. Precision holds at 99.6% with 94% recall, and GNNExplainer / PGM-Explainer surface the offending sub-graph to the risk team.

Technical Approach

Transactions as a live temporal graph — Accounts are nodes, transfers are edges, and a temporal GNN (TGN / TGAT) on PyTorch Geometric + DGL 2.x learns embeddings that respect time. Rings that look clean one transaction at a time light up in embedding space — and Memgraph keeps the graph fresh enough to score on the live edge.
Streaming end to end — Kafka Streams on AWS MSK handles 2.3M transactions a day, and Flink CEP catches velocity spikes, geographic anomalies and ring-like chains before the money settles.
Precision before recall — A false positive blocks a real customer, and they don’t come back. We tuned the decision boundary to 99.6% precision first, then ensembled our way up to 94% recall.
Shadow, then cut over, then explain — We ran the GNN in shadow against the existing rules for 4 weeks. Once the score disagreements consistently favoured the GNN, we cut over with zero downtime — and wired GNNExplainer / PGM-Explainer into the analyst console so every block came with a sub-graph the risk team could read.

What was actually hard

A $200 transfer from A to B is unremarkable. A, B, C, D and E transferring to each other in a loop inside 90 minutes is a ring. The rules only saw one transaction at a time and the rings walked straight through them. We needed graph-level intelligence at sub-second latency — scoring every transaction before settlement without introducing a noticeable delay at the checkout.

Project Outcome

The GNN caught $12M of ring fraud the rules had missed entirely in the first quarter. False positives dropped 62%, so fewer real customers got blocked at checkout, and the risk team’s daily alert queue went from 3,000 down to 400 — and every one of them was worth looking at.