Memgraph in fraud detection

Is this guide for you?

This guide is for you if you’re building real-time fraud detection, anti-money laundering (AML), or account abuse systems. You’ll benefit from this content if:

• You need to detect anomalies in real time across transactions, devices, identities, and merchants.
• You want to uncover multi-hop fraud rings (e.g., money mules, collusion networks, synthetic identities) and account takeover cascades.
• You plan to run what‑if tests to evaluate new rules, thresholds, and investigation workflows before rollout.
• You ingest high-velocity events from payments/auth logs/identity services and require consistent read performance while updates stream in.
• You need to correlate evidence across systems for investigation and case management.

Why choose Memgraph for fraud detection?

• In-memory architecture: Consistent, predictable response times for scoring, alerting, and investigator tooling.
• Graph algorithms (MAGE): Use community detection, node similarity, centralities, and more to infer hidden structure and risk signals (e.g., collusion clusters, mule networks, synthetic identities). Explore the available algorithms.
• Streaming/dynamic algorithms: Keep results fresh on high‑velocity data with online/dynamic algorithms that update incrementally (e.g., online centralities). See dynamic graph algorithms.
• GNNs and ML on graph topology: Leverage graph-native topology for GNNs (e.g., node classification, link prediction) and combine embeddings with graph algorithms to improve fraud detection accuracy over tabular‑only baselines.

What is covered?

The suggestions for fraud detection workloads complement several key sections in the general suggestions guide. These sections offer important context and additional best practices tailored for performance, stability, and scalability in production:

• Choosing the right Memgraph flag set
  Configure flags for schema access.

• Choosing the right Memgraph storage mode
  Select between transactional durability and multithreaded ingestion for your workload.

• Enterprise features you might require
  Secure multi-user environments and ensure governance.

• Working with fraud detection
  Advices to extract insights from the fraud graph in order to boost the accuracy of your fraud predictions.

• Interact with your fraud graph using GraphRAG If you want to facilitate AI in your business ideas, it’s important to ground the truth in your data and eliminate hallucinations of your LLMs.

Choosing the right Memgraph flag set

If you plan to power natural-language interfaces for investigators (see GraphRAG below), enable constant-time schema retrieval:

--schema-info-enabled=true

This drastically reduces time to provide schema to an LLM, improving responsiveness.

Choosing the right Memgraph storage mode

Most finance and fraud workloads are inherently transactional (safety-critical decisions, auditability, recoverability). As a default, we recommend running in IN_MEMORY_TRANSACTIONAL mode to ensure ACID guarantees, support for replication/HA, and WAL/snapshot durability.

Consider IN_MEMORY_ANALYTICAL only for specialized pipelines focused on bulk/multithreaded ingestion and read-only analytics/simulations where transactional rollback isn’t required. Another suitable flow for using analytical is during import, after which the user will switch to IN_MEMORY_TRANASCTIONAL mode for ensuring data consistency during the batch update process day-to-day.

Learn more about storage modes in the Storage memory usage documentation.

Enterprise features you might require

• Role-based and label-based access control (RBAC/LBAC)
  Ensure least-privilege access across analysts, SOC teams, and external partners.

• Replication and high availability
  Keep scoring and investigations online with leader–replica setups and automatic failover.

• Multi-tenancy Isolate per product, region, or use case.

• Single sign-on (SSO) for Memgraph Lab
  Streamline secure access for your fraud investigators and stakeholders.

• Audit logs Track access and changes for compliance and investigations.

• Query sharing for collaboration
  Enable investigators to share queries and findings seamlessly.

Working with fraud detection

There are three complementary ways to build fraud detection on Memgraph:

1. Basic pattern matching in Cypher
2. Graph algorithms (MAGE library)
3. Machine learning on graphs

Basic pattern matching in Cypher

Use Cypher to encode rules and patterns directly over the graph:

• Variable‑length paths for multi‑hop patterns (e.g., mule chains, shared devices)
• Property/time filters for velocity and windowing
• Negative patterns (absence of expected relationships)

// Example: shared device across multiple accounts in a short window
MATCH (d:Device)<-[:USED_DEVICE]-(a:Account)-[:PERFORMED]->(tx:Txn)
WHERE tx.ts >= $from AND tx.ts < $to
WITH d, collect(DISTINCT a) AS accounts
WHERE size(accounts) >= $minAccounts
RETURN d, accounts;

Graph algorithms (MAGE)

Compute risk signals by scoring topology. Commonly useful algorithms include:

• Katz centrality
• Degree centrality
• Community detection
• PageRank
• Betweenness centrality
• Node similarity

Browse more in Available algorithms. Many also have online/dynamic variants (e.g., pagerank_online, katz_centrality_online) for high‑velocity data.

Machine learning on graphs

Leverage graph structure and embeddings to train models:

• Supervised GNNs: GNN node classification, GNN link prediction
• Unsupervised embeddings: node2vec, node2vec_online

Combine ML features (embeddings, graph algorithm scores, rule outputs) into your fraud scoring pipeline to maximize precision/recall.

Interact with your fraud graph using GraphRAG

Enable natural-language interaction for triage and investigations with GraphRAG and GraphChat in Memgraph Lab. This helps non-technical stakeholders quickly ask: “Is user X linked to known fraud rings?” or “Show connections between these accounts in the last 30 days.”

• See: Memgraph in GraphRAG use cases
• Include constant-time schema retrieval in your pipeline:

SHOW SCHEMA INFO;