Graph mining in Fintech-driven payment industry for risk management
Financial Technology, also called "Fintech", is now one of the most popular terms that describe the novel technologies adopted by financial industries. Fintech brings new opportunities for financial services. Take the payment industry as an example, FinTech allows payments to be processed...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Thesis-Doctor of Philosophy |
Language: | English |
Published: |
Nanyang Technological University
2021
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/152777 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
Summary: | Financial Technology, also called "Fintech", is now one of the most popular terms that describe the novel technologies adopted by financial industries. Fintech brings new opportunities for financial services. Take the payment industry as an example, FinTech allows payments to be processed instantly from mobile phones and computers. All transactions are encrypted as data and are performed over the internet.
The convenience brought by Fintech also leaves the door open to many risks. A few major risks are market risk, cyber risk, and fraud risk. In this thesis, we study three real risk management applications that are derived from the global leading FinTech-driven payment enterprise PayPal. In specific, the three applications include seller community detection, risky seller detection, and cyber network anomaly detection.
Seller community detection aims to identify the community-wise relationship between sellers on the payment network. Understanding the community structure of a payment network is important to manage the risk and compliance (eg., identify risky/illegal seller community). The payment network from PayPal contains millions of sellers and billions of transactions, and the sellers are described in a large number of attributes with incomplete values. To detect communities, an algorithm should ideally consider both seller attributes and transaction connectivity. Further, the algorithm has to be able to handle incomplete and complex attributes. We focus on those requirements and propose a framework named AGGMMR to effectively address the challenges from scalability, mixed attributes, and incomplete value. Network from industry usually keeps growing. It is infeasible to run community detection algorithm from scratch whenever new vertices or edges are joining the network, especially when the network is enterprise-scale (eg., millions of vertices, billions of edges). Based on this motivation, we extend the AGGMMR and propose inc-AGGMMR to detect communities on dynamic networks with an incremental approach.
Risky seller detection aims to detect sellers on payment network that may result in revenue loss due to various reasons (eg., fraud, bankruptcy, bad suppliers). To detect risky seller on PayPal payment network, it is crucial to model both seller's transaction connectivity and topology. Transaction connectivity captures the interactions between seller/buyers and transaction topology reveals the seller's business model (eg., supplier, drop-shipper, or retailer). Based on this motivation, we design a dual-path graph convolution model named DP-GCN to effectively identify risky seller with a vertex classification framework.
Cyber network anomaly detection aims to identify abnormal behaviors on computer network. In specific, we study the problem of detecting malicious domains on PayPal Content Security Policy (CSP) log network. CSP is a security standard that provides an additional layer of protection from cross-site scripting (XSS), clickjacking, and other code injection attacks. CSP log network models the traffics between external domains and PayPal internal servers. This application helps PayPal prevent risks from information interception and account takeover. Analyzing the traffic connectivity pattern is an effective way to detect network anomalies. In the CSP log network, the anomaly may arise from not only connectivity patterns but also burstiness in network activities. We model the CSP log network as a bipartite graph and propose a framework named BEA to detect anomalies from both connectivity patterns and burstiness.
Comprehensive experimental evaluations on open datasets and applications on PayPal networks demonstrate the effectiveness and practicality of the proposed frameworks and models. |
---|