AWS Partner Network (APN) Blog

How AWS Partners can Deliver Anti Fraud Solutions using AWS GenAI and Amazon Neptune Graph Capabilities

By Diego Colombatto, Principal Partner Solutions Architect – AWS
By Tiziano Curci, Manager, EMEA Data & AI Partner Development Specialist – AWS
By Lenin Arivukadal, Senior WW Data & AI Partner Solutions Architect – AWS

Globally each year, tens of billions of dollars are lost to online fraud. Traditionally, companies used rule-based fraud detection techniques that struggle to keep up with the changing behaviors of fraudsters. More recently companies have added artificial intelligence and machine learning (AI/ML) to complement and improve traditional techniques. Companies that conduct business online like those in the retail, delivery, media, gaming, financial services, and travel & hospitality industries, are especially prone to cyber fraud.

As an example, in the payment industry, the threat of fraud has escalated significantly in recent years, as cyber-criminals continually devise new tactics to circumvent security protocols. Projections indicate that global card losses due to fraud could total a staggering $397 billion over the next decade, with the United States accounting for $165 billion of those losses.

In addition to cost impact, fraud can also lead to customer experience and brand image impact. A McKinsey study suggests that customer satisfaction improved by 42 points when companies respond well to fraud events.

Fraud detection helps companies safeguard against financial losses, protect customer data, and maintain brand reputation in an increasingly digital and complex end-customer landscape.

The objective of this blog is to provide AWS Partners a solution architecture and an open source technical implementation, showing how fraud detection can be built using Generative AI and Amazon Neptune graph capabilities. AWS Partners can quickly deploy this solution and personalize it for customer demos, PoCs, and projects, reducing the time required to deliver customers the value provided by fraud detection solution.

Detecting and Managing Fraud Using AWS Capabilities

AWS provides different options to help customers identify and manage fraud. This page presents a framework, shown in Figure 1. Amazon Neptune, a managed graph database service, executes fast graph queries to detect fraud in scenarios such as loan fraud, credit card fraud, anti-money laundering (AML), and online gaming fraud. Neptune can also be used in conjunction with Amazon SageMaker to train machine learning models for predictions in fraud detection.

High level reference architecture for building Fraud Graphs solutions on AWS

Figure 1. High level reference architecture for building Fraud Graphs solutions on AWS

Additionally, this page presents a possible solution implementation of the above framework, for the specific use case where Amazon Neptune is used to enable a near real-time anti-fraud solution based on deep learning Graph Neural Networks (GNN).

In this blog we’ll present and describe a technical solution using a new approach to detect and manage frauds. This solution combines graph analysis and vector database capabilities provided by Amazon Neptune. AWS Generative AI capabilities is provided by Amazon Bedrock, which is a fully managed service designed to simplify and accelerate the building and scaling of generative AI applications with foundation models.

Let’s look at a use case for fraud detection and anti-money laundering more broadly. Using Amazon Neptune for this is a natural choice because graph-based databases excel at detecting complex patterns and relationships that may indicate fraudulent activities or money laundering attempts. By modeling financial transactions, account relationships, and other relevant data in a graph, you can more effectively identify suspicious activities and mitigate risks.

This solution is designed to be extendible and can be adapted to different types of fraud and/or additional use cases. For instance, once company data is loaded, Neptune graph capabilities can be used to target additional use cases. A customer 360 degree view can be achieved by integrating data from various enterprise sources, such as CRM, ERP, or customer service data, into Neptune’s graph model. This customer 360 view provides a holistic understanding of the customer, including their interactions, preferences, and relationships. It can lead to more personalized and effective customer experiences, and extend the fraud detection capabilities described in this blog.

Technical solution

Figure 2 - high-level architecture of the solution described in this blog

Figure 2. High-level solution architecture

The following is a step-by-step description of how this solution operates, as shown in Figure 2.

  1. Create the Fraud ML model. It can be re-run at a later stage, independently from the other steps, when the ML model needs to be updated.
    • Our example uses the IEEE-CIS fraud dataset as training data. We apply the data preparation steps described in this blog. Training of the Fraud ML model is done using Amazon SageMaker and it’s composed by two stages:
      • Amazon SageMaker Processing generates a model training job, which is a configuration set that specifies for example model type and model hyperparameter ranges to be used during the model training. Then an Amazon SageMaker Processing job launches an Amazon SageMaker Hyperparameter tuning job, which runs a defined number of model training job trials on the processed data. It stores the model artifacts generated by the training in the output Amazon S3 bucket. Once the training jobs are complete, the job also notes the training job that produced the best performing model.
      • The best performing model is applied to the full exported graph dataset to generate the model artifacts for deployment. This resulting ML model will be later used by Amazon Neptune ML for fraud predictions.
  2. End users connect to the user interface of a front-end application. This front-end application can be, for example, a web or mobile application where end-users can submit requests that could be related with a possible fraud, such as a new account creation or a request of payment. This front-end application can be an application used by the customer, and it’s not part of the solution presented in this blog.
  3. The front-end application sends the request details to the fraud detection application (from here onward, “the application”). The application contains the business logic of this solution. A prompt template or configuration required by the application is stored on Amazon S3.
  4. The application connects to Amazon S3 to retrieve the prompt templates and configuration required to process the request.
  5. The application combines information retrieved in step 3 with the request details received in step 2 and calls Amazon Bedrock Agents. Amazon Bedrock Agents is configured with an action group that accepts the end user’s question in natural language. It uses Anthropic Claude 3.5 Sonnet on Amazon Bedrock, an LLM that allows the agent to understand the user’s request and translate it into openCypher and SPARQL queries.
  6. Amazon Bedrock Agents then queries the Neptune graph database using the graph queries generated in step 5 to perform the actual fraud detection and retrieve the fraud score. Fraud detection is realized using Amazon Neptune ML, using the Fraud ML model created with Amazon SageMaker in step 1. This is an ideal spot where the solution could be extended to help meet customer-specific needs or provided additional functionality. These capabilities are not used in the example solution, but may be used to further enhance it based on your requirements, for example:
  7. The fraud score is sent to the front-end application.
  8. The front-end application applies its business logic to identify the next best action, which is presented to the user. For example, if the fraud score is low enough, the front-end application can authorize and proceed with the user request; if the fraud score is too high, the front-end application can ask for additional verifications from the users or deny the user request completely.
  9. The application saves the user request and context information on Amazon S3 for later analysis.

Security Considerations

Security and compliance are key concerns for any business. When adopting the solution described above, you should always factor in the Security Pillar best practices from the AWS Well-Architecture Framework. This helps properly plan and manage the different security categories to be considered when adopting this solution, such as data protection, identity and access management, detection and response and network security.

Conclusions

In this blog we discussed how fraud is adversely impacting companies across different industries. We presented a solution that AWS Partners can use to quickly get started building fraud detection demos, PoCs, and projects for customers.

This innovative solution combines the graph capabilities provided by Amazon Neptune, with the Generative AI capabilities provided by Amazon Bedrock Agents.

If you, as AWS Partner, are interested to know more about, and get started building an, anti-fraud solution for customers, reach-out to your AWS contact, such as Partner Development Manager, Partner Development Specialist or Partner Solution Architect.