CUSTOMER STORY
How Capitec Built a Graph-Powered Fraud Scoring Pipeline for 3.5M+ Daily Cases
Customer
Capitec
Use case
Fraud Detection
Industry
Banking
Profile
Building with Memgraph
3.5M+
daily record volume
2 hours
average end-to-end time
2.1
monthly average false positive rate
Challenge
Capitec Bank needed a better way to detect authorized push payment fraud, where victims are tricked into sending money to scammers. Manual tracing of transaction chains does not scale in a banking environment. The team needed to uncover hidden connections across accounts and turn transaction behavior into reliable graph-based machine learning features.
Solution
Capitec Bank used Memgraph to transform transaction data into connected fraud graphs, generate graph-based features, and feed those features into a production fraud scoring pipeline. The team moved from manual investigation maps to repeatable graph analysis using multi-hop relationships, algorithmic graph features, and connection behavior signals.
Reading time: 5min
About Capitec Bank
Capitec Bank is the largest retail bank in South Africa with 25 million active customers and 14 million active app users. It is a digitally-led bank that uses data and technology to deliver simple and affordable banking to millions of personal and business clients. Alongside its digital reach, the bank also maintains a large physical footprint. This scale makes fraud prevention both a technical and customer trust challenge.
Impact highlights
Deep path traversal revealed hidden fraud connections at scale
Moving to queryable graph workflows made it possible to trace deeper multi-hop relationships across connected accounts at scale.
Graph algorithms improved feature engineering for the fraud model
The team engineered 195 graph features such as centrality and community-based signals, then selected 27 graph features for the final production model alongside 23 tabular features.
Graph adoption grew from one live graph to seven
Capitec launched its first live graph in 2024 and expanded to seven live graphs by 2026, using Memgraph in production to score more than 3.5 million records per day in approximately two hours.
"Memgraph handles connected fraud analysis really well. Because it runs in memory, it is fast and highly performant. It helps uncover hidden fraud connections, and once you find a pattern, you can weed out many scammers at once."
Derick Schmidt, Head of Product at Capitec Bank
Backstory
For Capitec, fraud prevention is closely tied to client trust. As a large retail bank serving millions of customers, the bank had to detect fraud in an environment shaped by high transaction volume, fast money movement, and increasingly sophisticated scam behavior.
The pressure was not only to react to fraud cases, but to identify patterns early enough to protect clients at scale.
Authorized push payment fraud made that challenge especially difficult. In these cases, clients are manipulated into sending money voluntarily, which means the payment itself can look legitimate in isolation. The real signal often sits in the surrounding network.
The pressure was not only to react to fraud cases, but to identify patterns early enough to protect clients at scale.
Authorized push payment fraud made that challenge especially difficult. In these cases, clients are manipulated into sending money voluntarily, which means the payment itself can look legitimate in isolation. The real signal often sits in the surrounding network.
Multiple victims may connect back to the same destination accounts, intermediaries, or transaction paths, but those links are not obvious when events are reviewed one by one.
"Hackers, scammers, and AI are making it much easier to impersonate and scam clients."
Derick Schmidt, Head of Product at Capitec Bank
This made fraud prevention less about spotting a single suspicious payment and more about understanding how connected behavior formed broader scam patterns. That shift set the stage for a more graph-based view of the problem.
Challenge:
Capitec needed to find the hidden fraud structures behind seemingly legitimate payments, where the real risk only became visible across connected accounts and multi-hop transaction flows.
Capitec focused on authorized push payment fraud, where a client is tricked into sending money to a fraudster and receives nothing in return. For instance, paying for a MacBook that never arrives.
The core difficulty was that this fraud pattern does not behave like an isolated event detection problem. A suspicious transaction may not be enough on its own, yet the surrounding network can reveal repeated structures such as shared beneficiary accounts, reused transaction routes, tightly connected communities, or accounts that become important only when viewed a few hops away from a known fraud case.
Investigators could trace these paths manually in investigation maps, but that approach breaks down at scale. It is slow, hard to repeat consistently, and poorly suited for large transaction volumes or deeper relationship analysis. Traditional tabular features also struggle to capture how risk propagates through connected accounts over time.
Capitec needed a way to represent payment relationships directly, explore multi-hop connections efficiently, and turn those graph patterns into features that could support production-grade fraud scoring.
The core difficulty was that this fraud pattern does not behave like an isolated event detection problem. A suspicious transaction may not be enough on its own, yet the surrounding network can reveal repeated structures such as shared beneficiary accounts, reused transaction routes, tightly connected communities, or accounts that become important only when viewed a few hops away from a known fraud case.
Investigators could trace these paths manually in investigation maps, but that approach breaks down at scale. It is slow, hard to repeat consistently, and poorly suited for large transaction volumes or deeper relationship analysis. Traditional tabular features also struggle to capture how risk propagates through connected accounts over time.
Capitec needed a way to represent payment relationships directly, explore multi-hop connections efficiently, and turn those graph patterns into features that could support production-grade fraud scoring.
"If you look at two hops or more, that is where you really get more information and you can actually see common fraudsters between clusters."
Jan Ehlers, Data Scientist and Data Engineer at Capitec Bank
Why Memgraph?
For Capitec, graph technology fit the problem because the mental model of the investigators was already a graph. Fraud specialists were effectively drawing graph structures by hand when they built investigation maps. Memgraph made it possible to store that structure directly, query it, and repeat the process at scale.
"In Feb 2024, we actually partnered with Memgraph and the good thing is quickly thereafter in April we were live with our first graph. I think the open-source nature actually really makes this possible because we could play with this literally for free and actually get it production-ready and deploy it."
Derick Schmidt, Head of Product at Capitec Bank
Here's what the end-to-end graph machine learning architecture looks like for Capitec:
- Built the graph in Memgraph from the node and edge tables.
- Computed or retrieved graph features in Memgraph.
- Persisted those graph features into a feature store.
- Scored via an AWS SageMaker endpoint.
- Upserted scores back into the feature store.
Key Memgraph Features for Capitec
- Deep path traversalThis fraud use case depended on exploring beyond direct neighbors. One hop exposed immediate connections, while two hops revealed shared intermediaries and hidden structure. More hops helped connect larger clusters that would stay invisible in flat lookups.
- Built-in graph algorithmsThe team computed features such as PageRank, degree centrality, and community detection directly inside the graph. This made it easier to engineer graph based fraud signals without rebuilding the logic outside the database and also reduced the burden of maintaining separate algorithm pipelines.
- Flexible graph modelingThe initial model was a more complex heterogeneous graph, where clients and accounts were represented separately and transaction direction mattered. The team later simplified the structure into a more homogeneous graph. That shift improved performance for heavier algorithms at scale.
- Visual inspection via Memgraph LabFraud labels were written back onto the graph and styled visually for easier inspection. This helped the team spot suspicious structures and validate them with fraud subject matter experts. It also supported feature ideation by making graph patterns easier to reason about.
- Open source access for hands-on experimentationCapitec started experimenting with the open source edition, which lowered the barrier to learning and early prototyping. This gave the team room to test graph-based fraud analysis before committing to a larger production rollout. It also helped Capitec build internal confidence in the approach through direct hands-on use.
"We are able to identify common fraud patterns with the help of Memgraph Lab, which is really nice, especially the visual aspect of Memgraph."
Jan Ehlers, Data Scientist and Data Engineer at Capitec Bank
Results
Score more than 3.5 million records daily through its graphML fraud pipeline with a monthly average false positive rate of 2.1.
Run the full end-to-end workflow in only about two hours on average, measured over a month.
Expand from one graph initiative to seven live graphs by 2026, showing that graph adoption spread beyond the original team.
Strengthen internal trust in graph-driven innovation, culminating in Capitec 2024 Think Big and Innovation Award for the project.
Run the full end-to-end workflow in only about two hours on average, measured over a month.
Expand from one graph initiative to seven live graphs by 2026, showing that graph adoption spread beyond the original team.
Strengthen internal trust in graph-driven innovation, culminating in Capitec 2024 Think Big and Innovation Award for the project.
Get hands-on engineering help for your fraud detection graph pipelines
Get an Enterprise trial and start building with no strings attached
