[SEO Subhead]
This Guidance shows how to build a serverless workflow to identify patterns of fraudulent activity within streaming data through both micro- and macroanalysis. Amazon Timestream helps analyze microlevel indicators, such as activities occurring within a short timeframe. Amazon Neptune then uses that data to flag potentially fraudulent activity within a macrolevel fraud graph, and performs in-depth, context-specific analysis on that flagged data. By using these services in tandem, you can improve detection capabilities and enrich the analysis of fraud impact. This Guidance can also apply to other uses requiring both micro- and macrolevel analysis, such as customer data platforms and trading risk platforms.
Note: [Disclaimer]
Architecture Diagram
[Architecture diagram description]
Step 1
The applications sends real-time transaction data to a data ingestion API.
Step 2
Analyze the transaction data stream using an adapter between Amazon Kinesis Data Streams and Amazon Timestream. The adapter is deployed as an Amazon Managed Service for Apache Flink application.
Step 3
Send the analyzed stream to a Timestream transaction table.
Step 4
A Timestream scheduled query identifies aggregate metrics, such as aggregated high-value transactions made by an account in the last 5 minutes.
Step 5
The aggregated transaction metrics are stored in another Timestream table.
Step 6
Analyze the transaction data stream with an adapter between Kinesis Data Streams and Amazon Neptune based on AWS Lambda.
Step 7
Store graph data in a Neptune database for macroanalysis.
Step 8
Neptune data is made available an Amazon Athena connector for Neptune.
Step 9
Analyze the data points and graphs using a custom script (one-time analysis) with an Amazon SageMaker notebook.
Step 10
Athena provides federated access for downstream systems.
Step 11
Visualize the suspected fraud accounts and their network of accounts by using Amazon QuickSight dashboards.
Get Started
Deploy this Guidance
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational Excellence
As managed services, Neptune, Timestream, Kinesis Data Streams, and Amazon Managed Service for Apache Flink minimize your operational burden. Additionally, Lambda is serverless and event driven, automatically scaling to meet the unpredictable demand of fraud detection—for example, seasonal and hourly variations. Finally, Amazon CloudWatch helps you quickly detect, track, troubleshoot, and resolve operational issues at scale. These services work together to help you achieve maximum uptime with minimal effort.
-
Security
AWS Identity and Access Management (IAM), which enables you to centrally manage security, lets you create roles and policies so that only authorized users can access resources. Amazon Virtual Private Cloud (Amazon VPC) lets you isolate various resources within a private environment, and CloudWatch keeps all telemetry data within your account. These services all support data encryption at rest and in transit, and they keep your data in the AWS Cloud at all times. As a result, you reduce the number of potential attack vectors, minimizing the risk of inadvertent data disclosures.
-
Reliability
Timestream and Neptune replicate data across at least three Availability Zones, providing 99.99 percent durability and reliability. Additionally, Timestream and Lambda are serverless services, and Neptune offers a serverless option. As a result, your solution can automatically adjust its capacity to meet demand, reducing downtime and increasing reliability.
-
Performance Efficiency
As serverless services, Kinesis Data Streams supports high-throughput data ingestion. Timestream is also serverless, scaling up and down with workload demand, and it can ingest trillions of events daily. Additionally, Neptune provides a serverless option that supports automatic scaling, helping you optimize reads and writes.
-
Cost Optimization
Kinesis Data Streams, Amazon Managed Service for Apache Flink, Neptune, Timestream, and Lambda provide serverless capabilities, optimizing the overall cost of the solution. Serverless technology provides flexible and scalable usage-based infrastructure and enables quicker time to release, helping you avoid the cost of overprovisioning infrastructure.
-
Sustainability
Kinesis Data Streams, Amazon Managed Service for Apache Flink, Neptune, Timestream, and Lambda are serverless or provide serverless options, helping you achieve better sustainability. By scaling up and down to meet workload requirements, serverless infrastructure helps you avoid the extra energy expenditure of overprovisioning.
Related Content
[Title]
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.